server/middlewares/validators/videos/video-imports.ts

   1 import express from 'express'
   2 import { body, param, query } from 'express-validator'
   3 import { isResolvingToUnicastOnly } from '@server/helpers/dns'
   4 import { isPreImportVideoAccepted } from '@server/lib/moderation'
   5 import { Hooks } from '@server/lib/plugins/hooks'
   6 import { MUserAccountId, MVideoImport } from '@server/types/models'
   7 import { HttpStatusCode, UserRight, VideoImportState } from '@shared/models'
   8 import { VideoImportCreate } from '@shared/models/videos/import/video-import-create.model'
   9 import { isIdValid, toIntOrNull } from '../../../helpers/custom-validators/misc'
  10 import { isVideoImportTargetUrlValid, isVideoImportTorrentFile } from '../../../helpers/custom-validators/video-imports'
  11 import { isVideoMagnetUriValid, isVideoNameValid } from '../../../helpers/custom-validators/videos'
  12 import { cleanUpReqFiles } from '../../../helpers/express-utils'
  13 import { logger } from '../../../helpers/logger'
  14 import { CONFIG } from '../../../initializers/config'
  15 import { CONSTRAINTS_FIELDS } from '../../../initializers/constants'
  16 import { areValidationErrors, doesVideoChannelOfAccountExist, doesVideoImportExist } from '../shared'
  17 import { getCommonVideoEditAttributes } from './videos'
  18
  19 const videoImportAddValidator = getCommonVideoEditAttributes().concat([
  20   body('channelId')
  21     .customSanitizer(toIntOrNull)
  22     .custom(isIdValid),
  23   body('targetUrl')
  24     .optional()
  25     .custom(isVideoImportTargetUrlValid),
  26   body('magnetUri')
  27     .optional()
  28     .custom(isVideoMagnetUriValid),
  29   body('torrentfile')
  30     .custom((value, { req }) => isVideoImportTorrentFile(req.files))
  31     .withMessage(
  32       'This torrent file is not supported or too large. Please, make sure it is of the following type: ' +
  33       CONSTRAINTS_FIELDS.VIDEO_IMPORTS.TORRENT_FILE.EXTNAME.join(', ')
  34     ),
  35   body('name')
  36     .optional()
  37     .custom(isVideoNameValid).withMessage(
  38       `Should have a video name between ${CONSTRAINTS_FIELDS.VIDEOS.NAME.min} and ${CONSTRAINTS_FIELDS.VIDEOS.NAME.max} characters long`
  39     ),
  40
  41   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
  42     const user = res.locals.oauth.token.User
  43     const torrentFile = req.files?.['torrentfile'] ? req.files['torrentfile'][0] : undefined
  44
  45     if (areValidationErrors(req, res)) return cleanUpReqFiles(req)
  46
  47     if (CONFIG.IMPORT.VIDEOS.HTTP.ENABLED !== true && req.body.targetUrl) {
  48       cleanUpReqFiles(req)
  49
  50       return res.fail({
  51         status: HttpStatusCode.CONFLICT_409,
  52         message: 'HTTP import is not enabled on this instance.'
  53       })
  54     }
  55
  56     if (CONFIG.IMPORT.VIDEOS.TORRENT.ENABLED !== true && (req.body.magnetUri || torrentFile)) {
  57       cleanUpReqFiles(req)
  58
  59       return res.fail({
  60         status: HttpStatusCode.CONFLICT_409,
  61         message: 'Torrent/magnet URI import is not enabled on this instance.'
  62       })
  63     }
  64
  65     if (!await doesVideoChannelOfAccountExist(req.body.channelId, user, res)) return cleanUpReqFiles(req)
  66
  67     // Check we have at least 1 required param
  68     if (!req.body.targetUrl && !req.body.magnetUri && !torrentFile) {
  69       cleanUpReqFiles(req)
  70
  71       return res.fail({ message: 'Should have a magnetUri or a targetUrl or a torrent file.' })
  72     }
  73
  74     if (req.body.targetUrl) {
  75       const hostname = new URL(req.body.targetUrl).hostname
  76
  77       if (await isResolvingToUnicastOnly(hostname) !== true) {
  78         cleanUpReqFiles(req)
  79
  80         return res.fail({
  81           status: HttpStatusCode.FORBIDDEN_403,
  82           message: 'Cannot use non unicast IP as targetUrl.'
  83         })
  84       }
  85     }
  86
  87     if (!await isImportAccepted(req, res)) return cleanUpReqFiles(req)
  88
  89     return next()
  90   }
  91 ])
  92
  93 const getMyVideoImportsValidator = [
  94   query('videoChannelSyncId')
  95     .optional()
  96     .custom(isIdValid),
  97
  98   (req: express.Request, res: express.Response, next: express.NextFunction) => {
  99     if (areValidationErrors(req, res)) return
 100
 101     return next()
 102   }
 103 ]
 104
 105 const videoImportDeleteValidator = [
 106   param('id')
 107     .custom(isIdValid),
 108
 109   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
 110     if (areValidationErrors(req, res)) return
 111
 112     if (!await doesVideoImportExist(parseInt(req.params.id), res)) return
 113     if (!checkUserCanManageImport(res.locals.oauth.token.user, res.locals.videoImport, res)) return
 114
 115     if (res.locals.videoImport.state === VideoImportState.PENDING) {
 116       return res.fail({
 117         status: HttpStatusCode.CONFLICT_409,
 118         message: 'Cannot delete a pending video import. Cancel it or wait for the end of the import first.'
 119       })
 120     }
 121
 122     return next()
 123   }
 124 ]
 125
 126 const videoImportCancelValidator = [
 127   param('id')
 128     .custom(isIdValid),
 129
 130   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
 131     if (areValidationErrors(req, res)) return
 132
 133     if (!await doesVideoImportExist(parseInt(req.params.id), res)) return
 134     if (!checkUserCanManageImport(res.locals.oauth.token.user, res.locals.videoImport, res)) return
 135
 136     if (res.locals.videoImport.state !== VideoImportState.PENDING) {
 137       return res.fail({
 138         status: HttpStatusCode.CONFLICT_409,
 139         message: 'Cannot cancel a non pending video import.'
 140       })
 141     }
 142
 143     return next()
 144   }
 145 ]
 146
 147 // ---------------------------------------------------------------------------
 148
 149 export {
 150   videoImportAddValidator,
 151   videoImportCancelValidator,
 152   videoImportDeleteValidator,
 153   getMyVideoImportsValidator
 154 }
 155
 156 // ---------------------------------------------------------------------------
 157
 158 async function isImportAccepted (req: express.Request, res: express.Response) {
 159   const body: VideoImportCreate = req.body
 160   const hookName = body.targetUrl
 161     ? 'filter:api.video.pre-import-url.accept.result'
 162     : 'filter:api.video.pre-import-torrent.accept.result'
 163
 164   // Check we accept this video
 165   const acceptParameters = {
 166     videoImportBody: body,
 167     user: res.locals.oauth.token.User
 168   }
 169   const acceptedResult = await Hooks.wrapFun(
 170     isPreImportVideoAccepted,
 171     acceptParameters,
 172     hookName
 173   )
 174
 175   if (!acceptedResult || acceptedResult.accepted !== true) {
 176     logger.info('Refused to import video.', { acceptedResult, acceptParameters })
 177
 178     res.fail({
 179       status: HttpStatusCode.FORBIDDEN_403,
 180       message: acceptedResult.errorMessage || 'Refused to import video'
 181     })
 182     return false
 183   }
 184
 185   return true
 186 }
 187
 188 function checkUserCanManageImport (user: MUserAccountId, videoImport: MVideoImport, res: express.Response) {
 189   if (user.hasRight(UserRight.MANAGE_VIDEO_IMPORTS) === false && videoImport.userId !== user.id) {
 190     res.fail({
 191       status: HttpStatusCode.FORBIDDEN_403,
 192       message: 'Cannot manage video import of another user'
 193     })
 194     return false
 195   }
 196
 197   return true
 198 }