1 import express from 'express'
2 import { body, param, query, ValidationChain } from 'express-validator'
3 import { ExpressPromiseHandler } from '@server/types/express-handler'
4 import { MUserAccountId } from '@server/types/models'
12 } from '@shared/models'
22 } from '../../../helpers/custom-validators/misc'
24 isVideoPlaylistDescriptionValid,
25 isVideoPlaylistNameValid,
26 isVideoPlaylistPrivacyValid,
27 isVideoPlaylistTimestampValid,
28 isVideoPlaylistTypeValid
29 } from '../../../helpers/custom-validators/video-playlists'
30 import { isVideoImageValid } from '../../../helpers/custom-validators/videos'
31 import { cleanUpReqFiles } from '../../../helpers/express-utils'
32 import { logger } from '../../../helpers/logger'
33 import { CONSTRAINTS_FIELDS } from '../../../initializers/constants'
34 import { VideoPlaylistElementModel } from '../../../models/video/video-playlist-element'
35 import { MVideoPlaylist } from '../../../types/models/video/video-playlist'
36 import { authenticatePromise } from '../../auth'
39 doesVideoChannelIdExist,
41 doesVideoPlaylistExist,
42 isValidPlaylistIdParam,
43 VideoPlaylistFetchType
46 const videoPlaylistsAddValidator = getCommonPlaylistEditAttributes().concat([
48 .custom(isVideoPlaylistNameValid),
50 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
51 logger.debug('Checking videoPlaylistsAddValidator parameters', { parameters: req.body })
53 if (areValidationErrors(req, res)) return cleanUpReqFiles(req)
55 const body: VideoPlaylistCreate = req.body
56 if (body.videoChannelId && !await doesVideoChannelIdExist(body.videoChannelId, res)) return cleanUpReqFiles(req)
59 !body.videoChannelId &&
60 (body.privacy === VideoPlaylistPrivacy.PUBLIC || body.privacy === VideoPlaylistPrivacy.UNLISTED)
64 return res.fail({ message: 'Cannot set "public" or "unlisted" a playlist that is not assigned to a channel.' })
71 const videoPlaylistsUpdateValidator = getCommonPlaylistEditAttributes().concat([
72 isValidPlaylistIdParam('playlistId'),
76 .custom(isVideoPlaylistNameValid),
78 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
79 logger.debug('Checking videoPlaylistsUpdateValidator parameters', { parameters: req.body })
81 if (areValidationErrors(req, res)) return cleanUpReqFiles(req)
83 if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return cleanUpReqFiles(req)
85 const videoPlaylist = getPlaylist(res)
87 if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.REMOVE_ANY_VIDEO_PLAYLIST, res)) {
88 return cleanUpReqFiles(req)
91 const body: VideoPlaylistUpdate = req.body
93 const newPrivacy = body.privacy || videoPlaylist.privacy
94 if (newPrivacy === VideoPlaylistPrivacy.PUBLIC &&
96 (!videoPlaylist.videoChannelId && !body.videoChannelId) ||
97 body.videoChannelId === null
102 return res.fail({ message: 'Cannot set "public" a playlist that is not assigned to a channel.' })
105 if (videoPlaylist.type === VideoPlaylistType.WATCH_LATER) {
108 return res.fail({ message: 'Cannot update a watch later playlist.' })
111 if (body.videoChannelId && !await doesVideoChannelIdExist(body.videoChannelId, res)) return cleanUpReqFiles(req)
117 const videoPlaylistsDeleteValidator = [
118 isValidPlaylistIdParam('playlistId'),
120 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
121 logger.debug('Checking videoPlaylistsDeleteValidator parameters', { parameters: req.params })
123 if (areValidationErrors(req, res)) return
125 if (!await doesVideoPlaylistExist(req.params.playlistId, res)) return
127 const videoPlaylist = getPlaylist(res)
128 if (videoPlaylist.type === VideoPlaylistType.WATCH_LATER) {
129 return res.fail({ message: 'Cannot delete a watch later playlist.' })
132 if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.REMOVE_ANY_VIDEO_PLAYLIST, res)) {
140 const videoPlaylistsGetValidator = (fetchType: VideoPlaylistFetchType) => {
142 isValidPlaylistIdParam('playlistId'),
144 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
145 logger.debug('Checking videoPlaylistsGetValidator parameters', { parameters: req.params })
147 if (areValidationErrors(req, res)) return
149 if (!await doesVideoPlaylistExist(req.params.playlistId, res, fetchType)) return
151 const videoPlaylist = res.locals.videoPlaylistFull || res.locals.videoPlaylistSummary
153 // Video is unlisted, check we used the uuid to fetch it
154 if (videoPlaylist.privacy === VideoPlaylistPrivacy.UNLISTED) {
155 if (isUUIDValid(req.params.playlistId)) return next()
158 status: HttpStatusCode.NOT_FOUND_404,
159 message: 'Playlist not found'
163 if (videoPlaylist.privacy === VideoPlaylistPrivacy.PRIVATE) {
164 await authenticatePromise(req, res)
166 const user = res.locals.oauth ? res.locals.oauth.token.User : null
170 (videoPlaylist.OwnerAccount.id !== user.Account.id && !user.hasRight(UserRight.UPDATE_ANY_VIDEO_PLAYLIST))
173 status: HttpStatusCode.FORBIDDEN_403,
174 message: 'Cannot get this private video playlist.'
186 const videoPlaylistsSearchValidator = [
191 (req: express.Request, res: express.Response, next: express.NextFunction) => {
192 logger.debug('Checking videoPlaylists search query', { parameters: req.query })
194 if (areValidationErrors(req, res)) return
200 const videoPlaylistsAddVideoValidator = [
201 isValidPlaylistIdParam('playlistId'),
204 .customSanitizer(toCompleteUUID)
205 .custom(isIdOrUUIDValid).withMessage('Should have a valid video id/uuid/short uuid'),
206 body('startTimestamp')
208 .custom(isVideoPlaylistTimestampValid),
209 body('stopTimestamp')
211 .custom(isVideoPlaylistTimestampValid),
213 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
214 logger.debug('Checking videoPlaylistsAddVideoValidator parameters', { parameters: req.params })
216 if (areValidationErrors(req, res)) return
218 if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return
219 if (!await doesVideoExist(req.body.videoId, res, 'only-video')) return
221 const videoPlaylist = getPlaylist(res)
223 if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) {
231 const videoPlaylistsUpdateOrRemoveVideoValidator = [
232 isValidPlaylistIdParam('playlistId'),
233 param('playlistElementId')
234 .customSanitizer(toCompleteUUID)
235 .custom(isIdValid).withMessage('Should have an element id/uuid/short uuid'),
236 body('startTimestamp')
238 .custom(isVideoPlaylistTimestampValid),
239 body('stopTimestamp')
241 .custom(isVideoPlaylistTimestampValid),
243 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
244 logger.debug('Checking videoPlaylistsRemoveVideoValidator parameters', { parameters: req.params })
246 if (areValidationErrors(req, res)) return
248 if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return
250 const videoPlaylist = getPlaylist(res)
252 const videoPlaylistElement = await VideoPlaylistElementModel.loadById(req.params.playlistElementId)
253 if (!videoPlaylistElement) {
255 status: HttpStatusCode.NOT_FOUND_404,
256 message: 'Video playlist element not found'
260 res.locals.videoPlaylistElement = videoPlaylistElement
262 if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) return
268 const videoPlaylistElementAPGetValidator = [
269 isValidPlaylistIdParam('playlistId'),
270 param('playlistElementId')
273 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
274 logger.debug('Checking videoPlaylistElementAPGetValidator parameters', { parameters: req.params })
276 if (areValidationErrors(req, res)) return
278 const playlistElementId = parseInt(req.params.playlistElementId + '', 10)
279 const playlistId = req.params.playlistId
281 const videoPlaylistElement = await VideoPlaylistElementModel.loadByPlaylistAndElementIdForAP(playlistId, playlistElementId)
282 if (!videoPlaylistElement) {
284 status: HttpStatusCode.NOT_FOUND_404,
285 message: 'Video playlist element not found'
290 if (videoPlaylistElement.VideoPlaylist.privacy === VideoPlaylistPrivacy.PRIVATE) {
292 status: HttpStatusCode.FORBIDDEN_403,
293 message: 'Cannot get this private video playlist.'
297 res.locals.videoPlaylistElementAP = videoPlaylistElement
303 const videoPlaylistsReorderVideosValidator = [
304 isValidPlaylistIdParam('playlistId'),
306 body('startPosition')
308 body('insertAfterPosition')
310 body('reorderLength')
314 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
315 logger.debug('Checking videoPlaylistsReorderVideosValidator parameters', { parameters: req.params })
317 if (areValidationErrors(req, res)) return
319 if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return
321 const videoPlaylist = getPlaylist(res)
322 if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) return
324 const nextPosition = await VideoPlaylistElementModel.getNextPositionOf(videoPlaylist.id)
325 const startPosition: number = req.body.startPosition
326 const insertAfterPosition: number = req.body.insertAfterPosition
327 const reorderLength: number = req.body.reorderLength
329 if (startPosition >= nextPosition || insertAfterPosition >= nextPosition) {
330 res.fail({ message: `Start position or insert after position exceed the playlist limits (max: ${nextPosition - 1})` })
334 if (reorderLength && reorderLength + startPosition > nextPosition) {
335 res.fail({ message: `Reorder length with this start position exceeds the playlist limits (max: ${nextPosition - startPosition})` })
343 const commonVideoPlaylistFiltersValidator = [
344 query('playlistType')
346 .custom(isVideoPlaylistTypeValid),
348 (req: express.Request, res: express.Response, next: express.NextFunction) => {
349 logger.debug('Checking commonVideoPlaylistFiltersValidator parameters', { parameters: req.params })
351 if (areValidationErrors(req, res)) return
357 const doVideosInPlaylistExistValidator = [
359 .customSanitizer(toIntArray)
360 .custom(v => isArrayOf(v, isIdValid)).withMessage('Should have a valid video ids array'),
362 (req: express.Request, res: express.Response, next: express.NextFunction) => {
363 logger.debug('Checking areVideosInPlaylistExistValidator parameters', { parameters: req.query })
365 if (areValidationErrors(req, res)) return
371 // ---------------------------------------------------------------------------
374 videoPlaylistsAddValidator,
375 videoPlaylistsUpdateValidator,
376 videoPlaylistsDeleteValidator,
377 videoPlaylistsGetValidator,
378 videoPlaylistsSearchValidator,
380 videoPlaylistsAddVideoValidator,
381 videoPlaylistsUpdateOrRemoveVideoValidator,
382 videoPlaylistsReorderVideosValidator,
384 videoPlaylistElementAPGetValidator,
386 commonVideoPlaylistFiltersValidator,
388 doVideosInPlaylistExistValidator
391 // ---------------------------------------------------------------------------
393 function getCommonPlaylistEditAttributes () {
395 body('thumbnailfile')
396 .custom((value, { req }) => isVideoImageValid(req.files, 'thumbnailfile'))
398 'This thumbnail file is not supported or too large. Please, make sure it is of the following type: ' +
399 CONSTRAINTS_FIELDS.VIDEO_PLAYLISTS.IMAGE.EXTNAME.join(', ')
404 .customSanitizer(toValueOrNull)
405 .custom(isVideoPlaylistDescriptionValid),
408 .customSanitizer(toIntOrNull)
409 .custom(isVideoPlaylistPrivacyValid),
410 body('videoChannelId')
412 .customSanitizer(toIntOrNull)
413 ] as (ValidationChain | ExpressPromiseHandler)[]
416 function checkUserCanManageVideoPlaylist (user: MUserAccountId, videoPlaylist: MVideoPlaylist, right: UserRight, res: express.Response) {
417 if (videoPlaylist.isOwned() === false) {
419 status: HttpStatusCode.FORBIDDEN_403,
420 message: 'Cannot manage video playlist of another server.'
425 // Check if the user can manage the video playlist
426 // The user can delete it if s/he is an admin
427 // Or if s/he is the video playlist's owner
428 if (user.hasRight(right) === false && videoPlaylist.ownerAccountId !== user.Account.id) {
430 status: HttpStatusCode.FORBIDDEN_403,
431 message: 'Cannot manage video playlist of another user'
439 function getPlaylist (res: express.Response) {
440 return res.locals.videoPlaylistFull || res.locals.videoPlaylistSummary