1 import * as express from 'express'
2 import { body, param, ValidationChain } from 'express-validator/check'
3 import { UserRight, VideoPrivacy } from '../../../../shared'
4 import { logger } from '../../../helpers/logger'
5 import { UserModel } from '../../../models/account/user'
6 import { areValidationErrors } from '../utils'
7 import { isVideoExist, isVideoImage } from '../../../helpers/custom-validators/videos'
8 import { CONSTRAINTS_FIELDS } from '../../../initializers'
9 import { isIdOrUUIDValid, isUUIDValid, toValueOrNull } from '../../../helpers/custom-validators/misc'
11 isVideoPlaylistDescriptionValid,
13 isVideoPlaylistNameValid,
14 isVideoPlaylistPrivacyValid
15 } from '../../../helpers/custom-validators/video-playlists'
16 import { VideoPlaylistModel } from '../../../models/video/video-playlist'
17 import { cleanUpReqFiles } from '../../../helpers/express-utils'
18 import { isVideoChannelIdExist } from '../../../helpers/custom-validators/video-channels'
19 import { VideoPlaylistElementModel } from '../../../models/video/video-playlist-element'
20 import { VideoModel } from '../../../models/video/video'
21 import { authenticatePromiseIfNeeded } from '../../oauth'
22 import { VideoPlaylistPrivacy } from '../../../../shared/models/videos/playlist/video-playlist-privacy.model'
24 const videoPlaylistsAddValidator = getCommonPlaylistEditAttributes().concat([
25 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
26 logger.debug('Checking videoPlaylistsAddValidator parameters', { parameters: req.body })
28 if (areValidationErrors(req, res)) return cleanUpReqFiles(req)
30 if (req.body.videoChannelId && !await isVideoChannelIdExist(req.body.videoChannelId, res)) return cleanUpReqFiles(req)
36 const videoPlaylistsUpdateValidator = getCommonPlaylistEditAttributes().concat([
38 .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
40 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
41 logger.debug('Checking videoPlaylistsUpdateValidator parameters', { parameters: req.body })
43 if (areValidationErrors(req, res)) return cleanUpReqFiles(req)
45 if (!await isVideoPlaylistExist(req.params.playlistId, res)) return cleanUpReqFiles(req)
47 const videoPlaylist = res.locals.videoPlaylist
49 if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, res.locals.videoPlaylist, UserRight.REMOVE_ANY_VIDEO_PLAYLIST, res)) {
50 return cleanUpReqFiles(req)
53 if (videoPlaylist.privacy !== VideoPlaylistPrivacy.PRIVATE && req.body.privacy === VideoPlaylistPrivacy.PRIVATE) {
55 return res.status(409)
56 .json({ error: 'Cannot set "private" a video playlist that was not private.' })
59 if (req.body.videoChannelId && !await isVideoChannelIdExist(req.body.videoChannelId, res)) return cleanUpReqFiles(req)
65 const videoPlaylistsDeleteValidator = [
67 .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
69 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
70 logger.debug('Checking videoPlaylistsDeleteValidator parameters', { parameters: req.params })
72 if (areValidationErrors(req, res)) return
74 if (!await isVideoPlaylistExist(req.params.playlistId, res)) return
75 if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, res.locals.videoPlaylist, UserRight.REMOVE_ANY_VIDEO_PLAYLIST, res)) {
83 const videoPlaylistsGetValidator = [
85 .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
87 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
88 logger.debug('Checking videoPlaylistsGetValidator parameters', { parameters: req.params })
90 if (areValidationErrors(req, res)) return
92 if (!await isVideoPlaylistExist(req.params.playlistId, res)) return
94 const videoPlaylist: VideoPlaylistModel = res.locals.videoPlaylist
96 // Video is unlisted, check we used the uuid to fetch it
97 if (videoPlaylist.privacy === VideoPlaylistPrivacy.UNLISTED) {
98 if (isUUIDValid(req.params.playlistId)) return next()
100 return res.status(404).end()
103 if (videoPlaylist.privacy === VideoPlaylistPrivacy.PRIVATE) {
104 await authenticatePromiseIfNeeded(req, res)
106 const user: UserModel = res.locals.oauth ? res.locals.oauth.token.User : null
110 (videoPlaylist.OwnerAccount.userId !== user.id && !user.hasRight(UserRight.UPDATE_ANY_VIDEO_PLAYLIST))
112 return res.status(403)
113 .json({ error: 'Cannot get this private video playlist.' })
123 const videoPlaylistsAddVideoValidator = [
125 .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
127 .custom(isIdOrUUIDValid).withMessage('Should have a valid video id/uuid'),
128 body('startTimestamp')
130 .isInt({ min: 0 }).withMessage('Should have a valid start timestamp'),
131 body('stopTimestamp')
133 .isInt({ min: 0 }).withMessage('Should have a valid stop timestamp'),
135 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
136 logger.debug('Checking videoPlaylistsAddVideoValidator parameters', { parameters: req.params })
138 if (areValidationErrors(req, res)) return
140 if (!await isVideoPlaylistExist(req.params.playlistId, res)) return
141 if (!await isVideoExist(req.body.videoId, res, 'only-video')) return
143 const videoPlaylist: VideoPlaylistModel = res.locals.videoPlaylist
144 const video: VideoModel = res.locals.video
146 const videoPlaylistElement = await VideoPlaylistElementModel.loadByPlaylistAndVideo(videoPlaylist.id, video.id)
147 if (videoPlaylistElement) {
149 .json({ error: 'This video in this playlist already exists' })
155 if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, res.locals.videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) {
163 const videoPlaylistsUpdateOrRemoveVideoValidator = [
165 .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
167 .custom(isIdOrUUIDValid).withMessage('Should have an video id/uuid'),
168 body('startTimestamp')
170 .isInt({ min: 0 }).withMessage('Should have a valid start timestamp'),
171 body('stopTimestamp')
173 .isInt({ min: 0 }).withMessage('Should have a valid stop timestamp'),
175 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
176 logger.debug('Checking videoPlaylistsRemoveVideoValidator parameters', { parameters: req.params })
178 if (areValidationErrors(req, res)) return
180 if (!await isVideoPlaylistExist(req.params.playlistId, res)) return
181 if (!await isVideoExist(req.params.videoId, res, 'id')) return
183 const videoPlaylist: VideoPlaylistModel = res.locals.videoPlaylist
184 const video: VideoModel = res.locals.video
186 const videoPlaylistElement = await VideoPlaylistElementModel.loadByPlaylistAndVideo(videoPlaylist.id, video.id)
187 if (!videoPlaylistElement) {
189 .json({ error: 'Video playlist element not found' })
194 res.locals.videoPlaylistElement = videoPlaylistElement
196 if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) return
202 const videoPlaylistElementAPGetValidator = [
204 .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
206 .custom(isIdOrUUIDValid).withMessage('Should have an video id/uuid'),
208 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
209 logger.debug('Checking videoPlaylistElementAPGetValidator parameters', { parameters: req.params })
211 if (areValidationErrors(req, res)) return
213 const videoPlaylistElement = await VideoPlaylistElementModel.loadByPlaylistAndVideoForAP(req.params.playlistId, req.params.videoId)
214 if (!videoPlaylistElement) {
216 .json({ error: 'Video playlist element not found' })
222 if (videoPlaylistElement.VideoPlaylist.privacy === VideoPlaylistPrivacy.PRIVATE) {
223 return res.status(403).end()
226 res.locals.videoPlaylistElement = videoPlaylistElement
232 const videoPlaylistsReorderVideosValidator = [
234 .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
235 body('startPosition')
236 .isInt({ min: 1 }).withMessage('Should have a valid start position'),
237 body('insertAfterPosition')
238 .isInt({ min: 0 }).withMessage('Should have a valid insert after position'),
239 body('reorderLength')
241 .isInt({ min: 1 }).withMessage('Should have a valid range length'),
243 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
244 logger.debug('Checking videoPlaylistsReorderVideosValidator parameters', { parameters: req.params })
246 if (areValidationErrors(req, res)) return
248 if (!await isVideoPlaylistExist(req.params.playlistId, res)) return
250 const videoPlaylist: VideoPlaylistModel = res.locals.videoPlaylist
251 if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) return
253 const nextPosition = await VideoPlaylistElementModel.getNextPositionOf(videoPlaylist.id)
254 const startPosition: number = req.body.startPosition
255 const insertAfterPosition: number = req.body.insertAfterPosition
256 const reorderLength: number = req.body.reorderLength
258 if (startPosition >= nextPosition || insertAfterPosition >= nextPosition) {
260 .json({ error: `Start position or insert after position exceed the playlist limits (max: ${nextPosition - 1})` })
266 if (reorderLength && reorderLength + startPosition > nextPosition) {
268 .json({ error: `Reorder length with this start position exceeds the playlist limits (max: ${nextPosition - startPosition})` })
278 // ---------------------------------------------------------------------------
281 videoPlaylistsAddValidator,
282 videoPlaylistsUpdateValidator,
283 videoPlaylistsDeleteValidator,
284 videoPlaylistsGetValidator,
286 videoPlaylistsAddVideoValidator,
287 videoPlaylistsUpdateOrRemoveVideoValidator,
288 videoPlaylistsReorderVideosValidator,
290 videoPlaylistElementAPGetValidator
293 // ---------------------------------------------------------------------------
295 function getCommonPlaylistEditAttributes () {
297 body('thumbnailfile')
298 .custom((value, { req }) => isVideoImage(req.files, 'thumbnailfile')).withMessage(
299 'This thumbnail file is not supported or too large. Please, make sure it is of the following type: '
300 + CONSTRAINTS_FIELDS.VIDEO_PLAYLISTS.IMAGE.EXTNAME.join(', ')
304 .custom(isVideoPlaylistNameValid).withMessage('Should have a valid display name'),
307 .customSanitizer(toValueOrNull)
308 .custom(isVideoPlaylistDescriptionValid).withMessage('Should have a valid description'),
312 .custom(isVideoPlaylistPrivacyValid).withMessage('Should have correct playlist privacy'),
313 body('videoChannelId')
316 ] as (ValidationChain | express.Handler)[]
319 function checkUserCanManageVideoPlaylist (user: UserModel, videoPlaylist: VideoPlaylistModel, right: UserRight, res: express.Response) {
320 if (videoPlaylist.isOwned() === false) {
322 .json({ error: 'Cannot manage video playlist of another server.' })
328 // Check if the user can manage the video playlist
329 // The user can delete it if s/he is an admin
330 // Or if s/he is the video playlist's owner
331 if (user.hasRight(right) === false && videoPlaylist.ownerAccountId !== user.Account.id) {
333 .json({ error: 'Cannot manage video playlist of another user' })