1 import * as express from 'express'
2 import 'express-validator'
3 import { body, param, ValidationChain } from 'express-validator/check'
4 import { UserRight, VideoChangeOwnershipStatus, VideoPrivacy } from '../../../../shared'
13 } from '../../../helpers/custom-validators/misc'
15 checkUserCanManageVideo,
16 isScheduleVideoUpdatePrivacyValid,
18 isVideoChannelOfAccountExist,
19 isVideoDescriptionValid,
27 isVideoRatingTypeValid,
30 } from '../../../helpers/custom-validators/videos'
31 import { getDurationFromVideoFile } from '../../../helpers/ffmpeg-utils'
32 import { logger } from '../../../helpers/logger'
33 import { CONSTRAINTS_FIELDS } from '../../../initializers'
34 import { VideoShareModel } from '../../../models/video/video-share'
35 import { authenticate } from '../../oauth'
36 import { areValidationErrors } from '../utils'
37 import { cleanUpReqFiles } from '../../../helpers/express-utils'
38 import { VideoModel } from '../../../models/video/video'
39 import { UserModel } from '../../../models/account/user'
40 import { checkUserCanTerminateOwnershipChange, doesChangeVideoOwnershipExist } from '../../../helpers/custom-validators/video-ownership'
41 import { VideoChangeOwnershipAccept } from '../../../../shared/models/videos/video-change-ownership-accept.model'
42 import { VideoChangeOwnershipModel } from '../../../models/video/video-change-ownership'
43 import { AccountModel } from '../../../models/account/account'
44 import { VideoFetchType } from '../../../helpers/video'
46 const videosAddValidator = getCommonVideoAttributes().concat([
48 .custom((value, { req }) => isVideoFile(req.files)).withMessage(
49 'This file is not supported or too large. Please, make sure it is of the following type: '
50 + CONSTRAINTS_FIELDS.VIDEOS.EXTNAME.join(', ')
52 body('name').custom(isVideoNameValid).withMessage('Should have a valid name'),
55 .custom(isIdValid).withMessage('Should have correct video channel id'),
57 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
58 logger.debug('Checking videosAdd parameters', { parameters: req.body, files: req.files })
60 if (areValidationErrors(req, res)) return cleanUpReqFiles(req)
61 if (areErrorsInScheduleUpdate(req, res)) return cleanUpReqFiles(req)
63 const videoFile: Express.Multer.File = req.files['videofile'][0]
64 const user = res.locals.oauth.token.User
66 if (!await isVideoChannelOfAccountExist(req.body.channelId, user, res)) return cleanUpReqFiles(req)
68 const isAble = await user.isAbleToUploadVideo(videoFile)
69 if (isAble === false) {
71 .json({ error: 'The user video quota is exceeded with this video.' })
73 return cleanUpReqFiles(req)
79 duration = await getDurationFromVideoFile(videoFile.path)
81 logger.error('Invalid input file in videosAddValidator.', { err })
83 .json({ error: 'Invalid input file.' })
85 return cleanUpReqFiles(req)
88 videoFile['duration'] = duration
94 const videosUpdateValidator = getCommonVideoAttributes().concat([
95 param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
98 .custom(isVideoNameValid).withMessage('Should have a valid name'),
102 .custom(isIdValid).withMessage('Should have correct video channel id'),
104 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
105 logger.debug('Checking videosUpdate parameters', { parameters: req.body })
107 if (areValidationErrors(req, res)) return cleanUpReqFiles(req)
108 if (areErrorsInScheduleUpdate(req, res)) return cleanUpReqFiles(req)
109 if (!await isVideoExist(req.params.id, res)) return cleanUpReqFiles(req)
111 const video = res.locals.video
113 // Check if the user who did the request is able to update the video
114 const user = res.locals.oauth.token.User
115 if (!checkUserCanManageVideo(user, res.locals.video, UserRight.UPDATE_ANY_VIDEO, res)) return cleanUpReqFiles(req)
117 if (video.privacy !== VideoPrivacy.PRIVATE && req.body.privacy === VideoPrivacy.PRIVATE) {
119 return res.status(409)
120 .json({ error: 'Cannot set "private" a video that was not private.' })
123 if (req.body.channelId && !await isVideoChannelOfAccountExist(req.body.channelId, user, res)) return cleanUpReqFiles(req)
129 const videosCustomGetValidator = (fetchType: VideoFetchType) => {
131 param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
133 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
134 logger.debug('Checking videosGet parameters', { parameters: req.params })
136 if (areValidationErrors(req, res)) return
137 if (!await isVideoExist(req.params.id, res, fetchType)) return
139 const video: VideoModel = res.locals.video
141 // Video private or blacklisted
142 if (video.privacy === VideoPrivacy.PRIVATE || video.VideoBlacklist) {
143 return authenticate(req, res, () => {
144 const user: UserModel = res.locals.oauth.token.User
146 // Only the owner or a user that have blacklist rights can see the video
147 if (video.VideoChannel.Account.userId !== user.id && !user.hasRight(UserRight.MANAGE_VIDEO_BLACKLIST)) {
148 return res.status(403)
149 .json({ error: 'Cannot get this private or blacklisted video.' })
156 // Video is public, anyone can access it
157 if (video.privacy === VideoPrivacy.PUBLIC) return next()
159 // Video is unlisted, check we used the uuid to fetch it
160 if (video.privacy === VideoPrivacy.UNLISTED) {
161 if (isUUIDValid(req.params.id)) return next()
163 // Don't leak this unlisted video
164 return res.status(404).end()
170 const videosGetValidator = videosCustomGetValidator('all')
172 const videosRemoveValidator = [
173 param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
175 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
176 logger.debug('Checking videosRemove parameters', { parameters: req.params })
178 if (areValidationErrors(req, res)) return
179 if (!await isVideoExist(req.params.id, res)) return
181 // Check if the user who did the request is able to delete the video
182 if (!checkUserCanManageVideo(res.locals.oauth.token.User, res.locals.video, UserRight.REMOVE_ANY_VIDEO, res)) return
188 const videoRateValidator = [
189 param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
190 body('rating').custom(isVideoRatingTypeValid).withMessage('Should have a valid rate type'),
192 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
193 logger.debug('Checking videoRate parameters', { parameters: req.body })
195 if (areValidationErrors(req, res)) return
196 if (!await isVideoExist(req.params.id, res)) return
202 const videosShareValidator = [
203 param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
204 param('accountId').custom(isIdValid).not().isEmpty().withMessage('Should have a valid account id'),
206 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
207 logger.debug('Checking videoShare parameters', { parameters: req.params })
209 if (areValidationErrors(req, res)) return
210 if (!await isVideoExist(req.params.id, res)) return
212 const share = await VideoShareModel.load(req.params.accountId, res.locals.video.id, undefined)
214 return res.status(404)
218 res.locals.videoShare = share
223 const videosChangeOwnershipValidator = [
224 param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
226 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
227 logger.debug('Checking changeOwnership parameters', { parameters: req.params })
229 if (areValidationErrors(req, res)) return
230 if (!await isVideoExist(req.params.videoId, res)) return
232 // Check if the user who did the request is able to change the ownership of the video
233 if (!checkUserCanManageVideo(res.locals.oauth.token.User, res.locals.video, UserRight.CHANGE_VIDEO_OWNERSHIP, res)) return
235 const nextOwner = await AccountModel.loadLocalByName(req.body.username)
238 .json({ error: 'Changing video ownership to a remote account is not supported yet' })
242 res.locals.nextOwner = nextOwner
248 const videosTerminateChangeOwnershipValidator = [
249 param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
251 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
252 logger.debug('Checking changeOwnership parameters', { parameters: req.params })
254 if (areValidationErrors(req, res)) return
255 if (!await doesChangeVideoOwnershipExist(req.params.id, res)) return
257 // Check if the user who did the request is able to change the ownership of the video
258 if (!checkUserCanTerminateOwnershipChange(res.locals.oauth.token.User, res.locals.videoChangeOwnership, res)) return
262 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
263 const videoChangeOwnership = res.locals.videoChangeOwnership as VideoChangeOwnershipModel
265 if (videoChangeOwnership.status === VideoChangeOwnershipStatus.WAITING) {
269 .json({ error: 'Ownership already accepted or refused' })
276 const videosAcceptChangeOwnershipValidator = [
277 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
278 const body = req.body as VideoChangeOwnershipAccept
279 if (!await isVideoChannelOfAccountExist(body.channelId, res.locals.oauth.token.User, res)) return
281 const user = res.locals.oauth.token.User
282 const videoChangeOwnership = res.locals.videoChangeOwnership as VideoChangeOwnershipModel
283 const isAble = await user.isAbleToUploadVideo(videoChangeOwnership.Video.getOriginalFile())
284 if (isAble === false) {
286 .json({ error: 'The user video quota is exceeded with this video.' })
295 function getCommonVideoAttributes () {
297 body('thumbnailfile')
298 .custom((value, { req }) => isVideoImage(req.files, 'thumbnailfile')).withMessage(
299 'This thumbnail file is not supported or too large. Please, make sure it is of the following type: '
300 + CONSTRAINTS_FIELDS.VIDEOS.IMAGE.EXTNAME.join(', ')
303 .custom((value, { req }) => isVideoImage(req.files, 'previewfile')).withMessage(
304 'This preview file is not supported or too large. Please, make sure it is of the following type: '
305 + CONSTRAINTS_FIELDS.VIDEOS.IMAGE.EXTNAME.join(', ')
310 .customSanitizer(toIntOrNull)
311 .custom(isVideoCategoryValid).withMessage('Should have a valid category'),
314 .customSanitizer(toIntOrNull)
315 .custom(isVideoLicenceValid).withMessage('Should have a valid licence'),
318 .customSanitizer(toValueOrNull)
319 .custom(isVideoLanguageValid).withMessage('Should have a valid language'),
323 .custom(isBooleanValid).withMessage('Should have a valid NSFW attribute'),
324 body('waitTranscoding')
327 .custom(isBooleanValid).withMessage('Should have a valid wait transcoding attribute'),
331 .custom(isVideoPrivacyValid).withMessage('Should have correct video privacy'),
334 .customSanitizer(toValueOrNull)
335 .custom(isVideoDescriptionValid).withMessage('Should have a valid description'),
338 .customSanitizer(toValueOrNull)
339 .custom(isVideoSupportValid).withMessage('Should have a valid support text'),
342 .customSanitizer(toValueOrNull)
343 .custom(isVideoTagsValid).withMessage('Should have correct tags'),
344 body('commentsEnabled')
347 .custom(isBooleanValid).withMessage('Should have comments enabled boolean'),
349 body('scheduleUpdate')
351 .customSanitizer(toValueOrNull),
352 body('scheduleUpdate.updateAt')
354 .custom(isDateValid).withMessage('Should have a valid schedule update date'),
355 body('scheduleUpdate.privacy')
358 .custom(isScheduleVideoUpdatePrivacyValid).withMessage('Should have correct schedule update privacy')
359 ] as (ValidationChain | express.Handler)[]
362 // ---------------------------------------------------------------------------
366 videosUpdateValidator,
368 videosCustomGetValidator,
369 videosRemoveValidator,
370 videosShareValidator,
374 videosChangeOwnershipValidator,
375 videosTerminateChangeOwnershipValidator,
376 videosAcceptChangeOwnershipValidator,
378 getCommonVideoAttributes
381 // ---------------------------------------------------------------------------
383 function areErrorsInScheduleUpdate (req: express.Request, res: express.Response) {
384 if (req.body.scheduleUpdate) {
385 if (!req.body.scheduleUpdate.updateAt) {
387 .json({ error: 'Schedule update at is mandatory.' })