1 import express from 'express'
2 import { body, param, query, ValidationChain } from 'express-validator'
3 import { ExpressPromiseHandler } from '@server/types/express-handler'
4 import { MUserAccountId } from '@server/types/models'
12 } from '@shared/models'
22 } from '../../../helpers/custom-validators/misc'
24 isVideoPlaylistDescriptionValid,
25 isVideoPlaylistNameValid,
26 isVideoPlaylistPrivacyValid,
27 isVideoPlaylistTimestampValid,
28 isVideoPlaylistTypeValid
29 } from '../../../helpers/custom-validators/video-playlists'
30 import { isVideoImageValid } from '../../../helpers/custom-validators/videos'
31 import { cleanUpReqFiles } from '../../../helpers/express-utils'
32 import { CONSTRAINTS_FIELDS } from '../../../initializers/constants'
33 import { VideoPlaylistElementModel } from '../../../models/video/video-playlist-element'
34 import { MVideoPlaylist } from '../../../types/models/video/video-playlist'
35 import { authenticatePromise } from '../../auth'
38 doesVideoChannelIdExist,
40 doesVideoPlaylistExist,
41 isValidPlaylistIdParam,
42 VideoPlaylistFetchType
45 const videoPlaylistsAddValidator = getCommonPlaylistEditAttributes().concat([
47 .custom(isVideoPlaylistNameValid),
49 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
50 if (areValidationErrors(req, res)) return cleanUpReqFiles(req)
52 const body: VideoPlaylistCreate = req.body
53 if (body.videoChannelId && !await doesVideoChannelIdExist(body.videoChannelId, res)) return cleanUpReqFiles(req)
56 !body.videoChannelId &&
57 (body.privacy === VideoPlaylistPrivacy.PUBLIC || body.privacy === VideoPlaylistPrivacy.UNLISTED)
61 return res.fail({ message: 'Cannot set "public" or "unlisted" a playlist that is not assigned to a channel.' })
68 const videoPlaylistsUpdateValidator = getCommonPlaylistEditAttributes().concat([
69 isValidPlaylistIdParam('playlistId'),
73 .custom(isVideoPlaylistNameValid),
75 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
76 if (areValidationErrors(req, res)) return cleanUpReqFiles(req)
78 if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return cleanUpReqFiles(req)
80 const videoPlaylist = getPlaylist(res)
82 if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.REMOVE_ANY_VIDEO_PLAYLIST, res)) {
83 return cleanUpReqFiles(req)
86 const body: VideoPlaylistUpdate = req.body
88 const newPrivacy = body.privacy || videoPlaylist.privacy
89 if (newPrivacy === VideoPlaylistPrivacy.PUBLIC &&
91 (!videoPlaylist.videoChannelId && !body.videoChannelId) ||
92 body.videoChannelId === null
97 return res.fail({ message: 'Cannot set "public" a playlist that is not assigned to a channel.' })
100 if (videoPlaylist.type === VideoPlaylistType.WATCH_LATER) {
103 return res.fail({ message: 'Cannot update a watch later playlist.' })
106 if (body.videoChannelId && !await doesVideoChannelIdExist(body.videoChannelId, res)) return cleanUpReqFiles(req)
112 const videoPlaylistsDeleteValidator = [
113 isValidPlaylistIdParam('playlistId'),
115 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
116 if (areValidationErrors(req, res)) return
118 if (!await doesVideoPlaylistExist(req.params.playlistId, res)) return
120 const videoPlaylist = getPlaylist(res)
121 if (videoPlaylist.type === VideoPlaylistType.WATCH_LATER) {
122 return res.fail({ message: 'Cannot delete a watch later playlist.' })
125 if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.REMOVE_ANY_VIDEO_PLAYLIST, res)) {
133 const videoPlaylistsGetValidator = (fetchType: VideoPlaylistFetchType) => {
135 isValidPlaylistIdParam('playlistId'),
137 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
138 if (areValidationErrors(req, res)) return
140 if (!await doesVideoPlaylistExist(req.params.playlistId, res, fetchType)) return
142 const videoPlaylist = res.locals.videoPlaylistFull || res.locals.videoPlaylistSummary
144 // Video is unlisted, check we used the uuid to fetch it
145 if (videoPlaylist.privacy === VideoPlaylistPrivacy.UNLISTED) {
146 if (isUUIDValid(req.params.playlistId)) return next()
149 status: HttpStatusCode.NOT_FOUND_404,
150 message: 'Playlist not found'
154 if (videoPlaylist.privacy === VideoPlaylistPrivacy.PRIVATE) {
155 await authenticatePromise(req, res)
157 const user = res.locals.oauth ? res.locals.oauth.token.User : null
161 (videoPlaylist.OwnerAccount.id !== user.Account.id && !user.hasRight(UserRight.UPDATE_ANY_VIDEO_PLAYLIST))
164 status: HttpStatusCode.FORBIDDEN_403,
165 message: 'Cannot get this private video playlist.'
177 const videoPlaylistsSearchValidator = [
182 (req: express.Request, res: express.Response, next: express.NextFunction) => {
183 if (areValidationErrors(req, res)) return
189 const videoPlaylistsAddVideoValidator = [
190 isValidPlaylistIdParam('playlistId'),
193 .customSanitizer(toCompleteUUID)
194 .custom(isIdOrUUIDValid).withMessage('Should have a valid video id/uuid/short uuid'),
195 body('startTimestamp')
197 .custom(isVideoPlaylistTimestampValid),
198 body('stopTimestamp')
200 .custom(isVideoPlaylistTimestampValid),
202 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
203 if (areValidationErrors(req, res)) return
205 if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return
206 if (!await doesVideoExist(req.body.videoId, res, 'only-video')) return
208 const videoPlaylist = getPlaylist(res)
210 if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) {
218 const videoPlaylistsUpdateOrRemoveVideoValidator = [
219 isValidPlaylistIdParam('playlistId'),
220 param('playlistElementId')
221 .customSanitizer(toCompleteUUID)
222 .custom(isIdValid).withMessage('Should have an element id/uuid/short uuid'),
223 body('startTimestamp')
225 .custom(isVideoPlaylistTimestampValid),
226 body('stopTimestamp')
228 .custom(isVideoPlaylistTimestampValid),
230 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
231 if (areValidationErrors(req, res)) return
233 if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return
235 const videoPlaylist = getPlaylist(res)
237 const videoPlaylistElement = await VideoPlaylistElementModel.loadById(req.params.playlistElementId)
238 if (!videoPlaylistElement) {
240 status: HttpStatusCode.NOT_FOUND_404,
241 message: 'Video playlist element not found'
245 res.locals.videoPlaylistElement = videoPlaylistElement
247 if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) return
253 const videoPlaylistElementAPGetValidator = [
254 isValidPlaylistIdParam('playlistId'),
255 param('playlistElementId')
258 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
259 if (areValidationErrors(req, res)) return
261 const playlistElementId = parseInt(req.params.playlistElementId + '', 10)
262 const playlistId = req.params.playlistId
264 const videoPlaylistElement = await VideoPlaylistElementModel.loadByPlaylistAndElementIdForAP(playlistId, playlistElementId)
265 if (!videoPlaylistElement) {
267 status: HttpStatusCode.NOT_FOUND_404,
268 message: 'Video playlist element not found'
273 if (videoPlaylistElement.VideoPlaylist.privacy === VideoPlaylistPrivacy.PRIVATE) {
275 status: HttpStatusCode.FORBIDDEN_403,
276 message: 'Cannot get this private video playlist.'
280 res.locals.videoPlaylistElementAP = videoPlaylistElement
286 const videoPlaylistsReorderVideosValidator = [
287 isValidPlaylistIdParam('playlistId'),
289 body('startPosition')
291 body('insertAfterPosition')
293 body('reorderLength')
297 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
298 if (areValidationErrors(req, res)) return
300 if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return
302 const videoPlaylist = getPlaylist(res)
303 if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) return
305 const nextPosition = await VideoPlaylistElementModel.getNextPositionOf(videoPlaylist.id)
306 const startPosition: number = req.body.startPosition
307 const insertAfterPosition: number = req.body.insertAfterPosition
308 const reorderLength: number = req.body.reorderLength
310 if (startPosition >= nextPosition || insertAfterPosition >= nextPosition) {
311 res.fail({ message: `Start position or insert after position exceed the playlist limits (max: ${nextPosition - 1})` })
315 if (reorderLength && reorderLength + startPosition > nextPosition) {
316 res.fail({ message: `Reorder length with this start position exceeds the playlist limits (max: ${nextPosition - startPosition})` })
324 const commonVideoPlaylistFiltersValidator = [
325 query('playlistType')
327 .custom(isVideoPlaylistTypeValid),
329 (req: express.Request, res: express.Response, next: express.NextFunction) => {
330 if (areValidationErrors(req, res)) return
336 const doVideosInPlaylistExistValidator = [
338 .customSanitizer(toIntArray)
339 .custom(v => isArrayOf(v, isIdValid)).withMessage('Should have a valid video ids array'),
341 (req: express.Request, res: express.Response, next: express.NextFunction) => {
342 if (areValidationErrors(req, res)) return
348 // ---------------------------------------------------------------------------
351 videoPlaylistsAddValidator,
352 videoPlaylistsUpdateValidator,
353 videoPlaylistsDeleteValidator,
354 videoPlaylistsGetValidator,
355 videoPlaylistsSearchValidator,
357 videoPlaylistsAddVideoValidator,
358 videoPlaylistsUpdateOrRemoveVideoValidator,
359 videoPlaylistsReorderVideosValidator,
361 videoPlaylistElementAPGetValidator,
363 commonVideoPlaylistFiltersValidator,
365 doVideosInPlaylistExistValidator
368 // ---------------------------------------------------------------------------
370 function getCommonPlaylistEditAttributes () {
372 body('thumbnailfile')
373 .custom((value, { req }) => isVideoImageValid(req.files, 'thumbnailfile'))
375 'This thumbnail file is not supported or too large. Please, make sure it is of the following type: ' +
376 CONSTRAINTS_FIELDS.VIDEO_PLAYLISTS.IMAGE.EXTNAME.join(', ')
381 .customSanitizer(toValueOrNull)
382 .custom(isVideoPlaylistDescriptionValid),
385 .customSanitizer(toIntOrNull)
386 .custom(isVideoPlaylistPrivacyValid),
387 body('videoChannelId')
389 .customSanitizer(toIntOrNull)
390 ] as (ValidationChain | ExpressPromiseHandler)[]
393 function checkUserCanManageVideoPlaylist (user: MUserAccountId, videoPlaylist: MVideoPlaylist, right: UserRight, res: express.Response) {
394 if (videoPlaylist.isOwned() === false) {
396 status: HttpStatusCode.FORBIDDEN_403,
397 message: 'Cannot manage video playlist of another server.'
402 // Check if the user can manage the video playlist
403 // The user can delete it if s/he is an admin
404 // Or if s/he is the video playlist's owner
405 if (user.hasRight(right) === false && videoPlaylist.ownerAccountId !== user.Account.id) {
407 status: HttpStatusCode.FORBIDDEN_403,
408 message: 'Cannot manage video playlist of another user'
416 function getPlaylist (res: express.Response) {
417 return res.locals.videoPlaylistFull || res.locals.videoPlaylistSummary