server/middlewares/validators/videos/video-imports.ts

   1 import express from 'express'
   2 import { body } from 'express-validator'
   3 import { isPreImportVideoAccepted } from '@server/lib/moderation'
   4 import { Hooks } from '@server/lib/plugins/hooks'
   5 import { HttpStatusCode } from '@shared/models'
   6 import { VideoImportCreate } from '@shared/models/videos/import/video-import-create.model'
   7 import { isIdValid, toIntOrNull } from '../../../helpers/custom-validators/misc'
   8 import { isVideoImportTargetUrlValid, isVideoImportTorrentFile } from '../../../helpers/custom-validators/video-imports'
   9 import { isVideoMagnetUriValid, isVideoNameValid } from '../../../helpers/custom-validators/videos'
  10 import { cleanUpReqFiles } from '../../../helpers/express-utils'
  11 import { logger } from '../../../helpers/logger'
  12 import { CONFIG } from '../../../initializers/config'
  13 import { CONSTRAINTS_FIELDS } from '../../../initializers/constants'
  14 import { areValidationErrors, doesVideoChannelOfAccountExist } from '../shared'
  15 import { getCommonVideoEditAttributes } from './videos'
  16 import { isValid as isIPValid, parse as parseIP } from 'ipaddr.js'
  17
  18 const videoImportAddValidator = getCommonVideoEditAttributes().concat([
  19   body('channelId')
  20     .customSanitizer(toIntOrNull)
  21     .custom(isIdValid).withMessage('Should have correct video channel id'),
  22   body('targetUrl')
  23     .optional()
  24     .custom(isVideoImportTargetUrlValid).withMessage('Should have a valid video import target URL'),
  25   body('magnetUri')
  26     .optional()
  27     .custom(isVideoMagnetUriValid).withMessage('Should have a valid video magnet URI'),
  28   body('torrentfile')
  29     .custom((value, { req }) => isVideoImportTorrentFile(req.files))
  30     .withMessage(
  31       'This torrent file is not supported or too large. Please, make sure it is of the following type: ' +
  32       CONSTRAINTS_FIELDS.VIDEO_IMPORTS.TORRENT_FILE.EXTNAME.join(', ')
  33     ),
  34   body('name')
  35     .optional()
  36     .custom(isVideoNameValid).withMessage(
  37       `Should have a video name between ${CONSTRAINTS_FIELDS.VIDEOS.NAME.min} and ${CONSTRAINTS_FIELDS.VIDEOS.NAME.max} characters long`
  38     ),
  39
  40   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
  41     logger.debug('Checking videoImportAddValidator parameters', { parameters: req.body })
  42
  43     const user = res.locals.oauth.token.User
  44     const torrentFile = req.files?.['torrentfile'] ? req.files['torrentfile'][0] : undefined
  45
  46     if (areValidationErrors(req, res)) return cleanUpReqFiles(req)
  47
  48     if (CONFIG.IMPORT.VIDEOS.HTTP.ENABLED !== true && req.body.targetUrl) {
  49       cleanUpReqFiles(req)
  50
  51       return res.fail({
  52         status: HttpStatusCode.CONFLICT_409,
  53         message: 'HTTP import is not enabled on this instance.'
  54       })
  55     }
  56
  57     if (CONFIG.IMPORT.VIDEOS.TORRENT.ENABLED !== true && (req.body.magnetUri || torrentFile)) {
  58       cleanUpReqFiles(req)
  59
  60       return res.fail({
  61         status: HttpStatusCode.CONFLICT_409,
  62         message: 'Torrent/magnet URI import is not enabled on this instance.'
  63       })
  64     }
  65
  66     if (!await doesVideoChannelOfAccountExist(req.body.channelId, user, res)) return cleanUpReqFiles(req)
  67
  68     // Check we have at least 1 required param
  69     if (!req.body.targetUrl && !req.body.magnetUri && !torrentFile) {
  70       cleanUpReqFiles(req)
  71
  72       return res.fail({ message: 'Should have a magnetUri or a targetUrl or a torrent file.' })
  73     }
  74
  75     if (req.body.targetUrl) {
  76       const hostname = new URL(req.body.targetUrl).hostname
  77
  78       if (isIPValid(hostname)) {
  79         const parsed = parseIP(hostname)
  80
  81         if (parsed.range() !== 'unicast') {
  82           cleanUpReqFiles(req)
  83
  84           return res.fail({
  85             status: HttpStatusCode.FORBIDDEN_403,
  86             message: 'Cannot use non unicast IP as targetUrl.'
  87           })
  88         }
  89       }
  90     }
  91
  92     if (!await isImportAccepted(req, res)) return cleanUpReqFiles(req)
  93
  94     return next()
  95   }
  96 ])
  97
  98 // ---------------------------------------------------------------------------
  99
 100 export {
 101   videoImportAddValidator
 102 }
 103
 104 // ---------------------------------------------------------------------------
 105
 106 async function isImportAccepted (req: express.Request, res: express.Response) {
 107   const body: VideoImportCreate = req.body
 108   const hookName = body.targetUrl
 109     ? 'filter:api.video.pre-import-url.accept.result'
 110     : 'filter:api.video.pre-import-torrent.accept.result'
 111
 112   // Check we accept this video
 113   const acceptParameters = {
 114     videoImportBody: body,
 115     user: res.locals.oauth.token.User
 116   }
 117   const acceptedResult = await Hooks.wrapFun(
 118     isPreImportVideoAccepted,
 119     acceptParameters,
 120     hookName
 121   )
 122
 123   if (!acceptedResult || acceptedResult.accepted !== true) {
 124     logger.info('Refused to import video.', { acceptedResult, acceptParameters })
 125
 126     res.fail({
 127       status: HttpStatusCode.FORBIDDEN_403,
 128       message: acceptedResult.errorMessage || 'Refused to import video'
 129     })
 130     return false
 131   }
 132
 133   return true
 134 }