1 import express from 'express'
2 import { body, param, query, ValidationChain } from 'express-validator'
3 import { ExpressPromiseHandler } from '@server/types/express-handler'
4 import { MUserAccountId } from '@server/types/models'
5 import { forceNumber } from '@shared/core-utils'
13 } from '@shared/models'
23 } from '../../../helpers/custom-validators/misc'
25 isVideoPlaylistDescriptionValid,
26 isVideoPlaylistNameValid,
27 isVideoPlaylistPrivacyValid,
28 isVideoPlaylistTimestampValid,
29 isVideoPlaylistTypeValid
30 } from '../../../helpers/custom-validators/video-playlists'
31 import { isVideoImageValid } from '../../../helpers/custom-validators/videos'
32 import { cleanUpReqFiles } from '../../../helpers/express-utils'
33 import { CONSTRAINTS_FIELDS } from '../../../initializers/constants'
34 import { VideoPlaylistElementModel } from '../../../models/video/video-playlist-element'
35 import { MVideoPlaylist } from '../../../types/models/video/video-playlist'
36 import { authenticatePromise } from '../../auth'
39 doesVideoChannelIdExist,
41 doesVideoPlaylistExist,
42 isValidPlaylistIdParam,
43 VideoPlaylistFetchType
46 const videoPlaylistsAddValidator = getCommonPlaylistEditAttributes().concat([
48 .custom(isVideoPlaylistNameValid),
50 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
51 if (areValidationErrors(req, res)) return cleanUpReqFiles(req)
53 const body: VideoPlaylistCreate = req.body
54 if (body.videoChannelId && !await doesVideoChannelIdExist(body.videoChannelId, res)) return cleanUpReqFiles(req)
57 !body.videoChannelId &&
58 (body.privacy === VideoPlaylistPrivacy.PUBLIC || body.privacy === VideoPlaylistPrivacy.UNLISTED)
62 return res.fail({ message: 'Cannot set "public" or "unlisted" a playlist that is not assigned to a channel.' })
69 const videoPlaylistsUpdateValidator = getCommonPlaylistEditAttributes().concat([
70 isValidPlaylistIdParam('playlistId'),
74 .custom(isVideoPlaylistNameValid),
76 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
77 if (areValidationErrors(req, res)) return cleanUpReqFiles(req)
79 if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return cleanUpReqFiles(req)
81 const videoPlaylist = getPlaylist(res)
83 if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.REMOVE_ANY_VIDEO_PLAYLIST, res)) {
84 return cleanUpReqFiles(req)
87 const body: VideoPlaylistUpdate = req.body
89 const newPrivacy = body.privacy || videoPlaylist.privacy
90 if (newPrivacy === VideoPlaylistPrivacy.PUBLIC &&
92 (!videoPlaylist.videoChannelId && !body.videoChannelId) ||
93 body.videoChannelId === null
98 return res.fail({ message: 'Cannot set "public" a playlist that is not assigned to a channel.' })
101 if (videoPlaylist.type === VideoPlaylistType.WATCH_LATER) {
104 return res.fail({ message: 'Cannot update a watch later playlist.' })
107 if (body.videoChannelId && !await doesVideoChannelIdExist(body.videoChannelId, res)) return cleanUpReqFiles(req)
113 const videoPlaylistsDeleteValidator = [
114 isValidPlaylistIdParam('playlistId'),
116 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
117 if (areValidationErrors(req, res)) return
119 if (!await doesVideoPlaylistExist(req.params.playlistId, res)) return
121 const videoPlaylist = getPlaylist(res)
122 if (videoPlaylist.type === VideoPlaylistType.WATCH_LATER) {
123 return res.fail({ message: 'Cannot delete a watch later playlist.' })
126 if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.REMOVE_ANY_VIDEO_PLAYLIST, res)) {
134 const videoPlaylistsGetValidator = (fetchType: VideoPlaylistFetchType) => {
136 isValidPlaylistIdParam('playlistId'),
138 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
139 if (areValidationErrors(req, res)) return
141 if (!await doesVideoPlaylistExist(req.params.playlistId, res, fetchType)) return
143 const videoPlaylist = res.locals.videoPlaylistFull || res.locals.videoPlaylistSummary
145 // Video is unlisted, check we used the uuid to fetch it
146 if (videoPlaylist.privacy === VideoPlaylistPrivacy.UNLISTED) {
147 if (isUUIDValid(req.params.playlistId)) return next()
150 status: HttpStatusCode.NOT_FOUND_404,
151 message: 'Playlist not found'
155 if (videoPlaylist.privacy === VideoPlaylistPrivacy.PRIVATE) {
156 await authenticatePromise(req, res)
158 const user = res.locals.oauth ? res.locals.oauth.token.User : null
162 (videoPlaylist.OwnerAccount.id !== user.Account.id && !user.hasRight(UserRight.UPDATE_ANY_VIDEO_PLAYLIST))
165 status: HttpStatusCode.FORBIDDEN_403,
166 message: 'Cannot get this private video playlist.'
178 const videoPlaylistsSearchValidator = [
183 (req: express.Request, res: express.Response, next: express.NextFunction) => {
184 if (areValidationErrors(req, res)) return
190 const videoPlaylistsAddVideoValidator = [
191 isValidPlaylistIdParam('playlistId'),
194 .customSanitizer(toCompleteUUID)
195 .custom(isIdOrUUIDValid).withMessage('Should have a valid video id/uuid/short uuid'),
196 body('startTimestamp')
198 .custom(isVideoPlaylistTimestampValid),
199 body('stopTimestamp')
201 .custom(isVideoPlaylistTimestampValid),
203 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
204 if (areValidationErrors(req, res)) return
206 if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return
207 if (!await doesVideoExist(req.body.videoId, res, 'only-video')) return
209 const videoPlaylist = getPlaylist(res)
211 if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) {
219 const videoPlaylistsUpdateOrRemoveVideoValidator = [
220 isValidPlaylistIdParam('playlistId'),
221 param('playlistElementId')
222 .customSanitizer(toCompleteUUID)
223 .custom(isIdValid).withMessage('Should have an element id/uuid/short uuid'),
224 body('startTimestamp')
226 .custom(isVideoPlaylistTimestampValid),
227 body('stopTimestamp')
229 .custom(isVideoPlaylistTimestampValid),
231 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
232 if (areValidationErrors(req, res)) return
234 if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return
236 const videoPlaylist = getPlaylist(res)
238 const videoPlaylistElement = await VideoPlaylistElementModel.loadById(req.params.playlistElementId)
239 if (!videoPlaylistElement) {
241 status: HttpStatusCode.NOT_FOUND_404,
242 message: 'Video playlist element not found'
246 res.locals.videoPlaylistElement = videoPlaylistElement
248 if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) return
254 const videoPlaylistElementAPGetValidator = [
255 isValidPlaylistIdParam('playlistId'),
256 param('playlistElementId')
259 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
260 if (areValidationErrors(req, res)) return
262 const playlistElementId = forceNumber(req.params.playlistElementId)
263 const playlistId = req.params.playlistId
265 const videoPlaylistElement = await VideoPlaylistElementModel.loadByPlaylistAndElementIdForAP(playlistId, playlistElementId)
266 if (!videoPlaylistElement) {
268 status: HttpStatusCode.NOT_FOUND_404,
269 message: 'Video playlist element not found'
274 if (videoPlaylistElement.VideoPlaylist.privacy === VideoPlaylistPrivacy.PRIVATE) {
276 status: HttpStatusCode.FORBIDDEN_403,
277 message: 'Cannot get this private video playlist.'
281 res.locals.videoPlaylistElementAP = videoPlaylistElement
287 const videoPlaylistsReorderVideosValidator = [
288 isValidPlaylistIdParam('playlistId'),
290 body('startPosition')
292 body('insertAfterPosition')
294 body('reorderLength')
298 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
299 if (areValidationErrors(req, res)) return
301 if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return
303 const videoPlaylist = getPlaylist(res)
304 if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) return
306 const nextPosition = await VideoPlaylistElementModel.getNextPositionOf(videoPlaylist.id)
307 const startPosition: number = req.body.startPosition
308 const insertAfterPosition: number = req.body.insertAfterPosition
309 const reorderLength: number = req.body.reorderLength
311 if (startPosition >= nextPosition || insertAfterPosition >= nextPosition) {
312 res.fail({ message: `Start position or insert after position exceed the playlist limits (max: ${nextPosition - 1})` })
316 if (reorderLength && reorderLength + startPosition > nextPosition) {
317 res.fail({ message: `Reorder length with this start position exceeds the playlist limits (max: ${nextPosition - startPosition})` })
325 const commonVideoPlaylistFiltersValidator = [
326 query('playlistType')
328 .custom(isVideoPlaylistTypeValid),
330 (req: express.Request, res: express.Response, next: express.NextFunction) => {
331 if (areValidationErrors(req, res)) return
337 const doVideosInPlaylistExistValidator = [
339 .customSanitizer(toIntArray)
340 .custom(v => isArrayOf(v, isIdValid)).withMessage('Should have a valid video ids array'),
342 (req: express.Request, res: express.Response, next: express.NextFunction) => {
343 if (areValidationErrors(req, res)) return
349 // ---------------------------------------------------------------------------
352 videoPlaylistsAddValidator,
353 videoPlaylistsUpdateValidator,
354 videoPlaylistsDeleteValidator,
355 videoPlaylistsGetValidator,
356 videoPlaylistsSearchValidator,
358 videoPlaylistsAddVideoValidator,
359 videoPlaylistsUpdateOrRemoveVideoValidator,
360 videoPlaylistsReorderVideosValidator,
362 videoPlaylistElementAPGetValidator,
364 commonVideoPlaylistFiltersValidator,
366 doVideosInPlaylistExistValidator
369 // ---------------------------------------------------------------------------
371 function getCommonPlaylistEditAttributes () {
373 body('thumbnailfile')
374 .custom((value, { req }) => isVideoImageValid(req.files, 'thumbnailfile'))
376 'This thumbnail file is not supported or too large. Please, make sure it is of the following type: ' +
377 CONSTRAINTS_FIELDS.VIDEO_PLAYLISTS.IMAGE.EXTNAME.join(', ')
382 .customSanitizer(toValueOrNull)
383 .custom(isVideoPlaylistDescriptionValid),
386 .customSanitizer(toIntOrNull)
387 .custom(isVideoPlaylistPrivacyValid),
388 body('videoChannelId')
390 .customSanitizer(toIntOrNull)
391 ] as (ValidationChain | ExpressPromiseHandler)[]
394 function checkUserCanManageVideoPlaylist (user: MUserAccountId, videoPlaylist: MVideoPlaylist, right: UserRight, res: express.Response) {
395 if (videoPlaylist.isOwned() === false) {
397 status: HttpStatusCode.FORBIDDEN_403,
398 message: 'Cannot manage video playlist of another server.'
403 // Check if the user can manage the video playlist
404 // The user can delete it if s/he is an admin
405 // Or if s/he is the video playlist's owner
406 if (user.hasRight(right) === false && videoPlaylist.ownerAccountId !== user.Account.id) {
408 status: HttpStatusCode.FORBIDDEN_403,
409 message: 'Cannot manage video playlist of another user'
417 function getPlaylist (res: express.Response) {
418 return res.locals.videoPlaylistFull || res.locals.videoPlaylistSummary