1 import * as express from 'express'
2 import 'express-validator'
3 import { body, param, query, ValidationChain } from 'express-validator/check'
4 import { UserRight, VideoChangeOwnershipStatus, VideoPrivacy } from '../../../../shared'
14 } from '../../../helpers/custom-validators/misc'
16 checkUserCanManageVideo,
17 isScheduleVideoUpdatePrivacyValid,
19 isVideoChannelOfAccountExist,
20 isVideoDescriptionValid,
29 isVideoRatingTypeValid,
32 } from '../../../helpers/custom-validators/videos'
33 import { getDurationFromVideoFile } from '../../../helpers/ffmpeg-utils'
34 import { logger } from '../../../helpers/logger'
35 import { CONSTRAINTS_FIELDS } from '../../../initializers'
36 import { VideoShareModel } from '../../../models/video/video-share'
37 import { authenticate } from '../../oauth'
38 import { areValidationErrors } from '../utils'
39 import { cleanUpReqFiles } from '../../../helpers/express-utils'
40 import { VideoModel } from '../../../models/video/video'
41 import { UserModel } from '../../../models/account/user'
42 import { checkUserCanTerminateOwnershipChange, doesChangeVideoOwnershipExist } from '../../../helpers/custom-validators/video-ownership'
43 import { VideoChangeOwnershipAccept } from '../../../../shared/models/videos/video-change-ownership-accept.model'
44 import { VideoChangeOwnershipModel } from '../../../models/video/video-change-ownership'
45 import { AccountModel } from '../../../models/account/account'
46 import { VideoFetchType } from '../../../helpers/video'
47 import { isNSFWQueryValid, isNumberArray, isStringArray } from '../../../helpers/custom-validators/search'
49 const videosAddValidator = getCommonVideoAttributes().concat([
51 .custom((value, { req }) => isVideoFile(req.files)).withMessage(
52 'This file is not supported or too large. Please, make sure it is of the following type: '
53 + CONSTRAINTS_FIELDS.VIDEOS.EXTNAME.join(', ')
55 body('name').custom(isVideoNameValid).withMessage('Should have a valid name'),
58 .custom(isIdValid).withMessage('Should have correct video channel id'),
60 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
61 logger.debug('Checking videosAdd parameters', { parameters: req.body, files: req.files })
63 if (areValidationErrors(req, res)) return cleanUpReqFiles(req)
64 if (areErrorsInScheduleUpdate(req, res)) return cleanUpReqFiles(req)
66 const videoFile: Express.Multer.File = req.files['videofile'][0]
67 const user = res.locals.oauth.token.User
69 if (!await isVideoChannelOfAccountExist(req.body.channelId, user, res)) return cleanUpReqFiles(req)
71 const isAble = await user.isAbleToUploadVideo(videoFile)
72 if (isAble === false) {
74 .json({ error: 'The user video quota is exceeded with this video.' })
76 return cleanUpReqFiles(req)
82 duration = await getDurationFromVideoFile(videoFile.path)
84 logger.error('Invalid input file in videosAddValidator.', { err })
86 .json({ error: 'Invalid input file.' })
88 return cleanUpReqFiles(req)
91 videoFile['duration'] = duration
97 const videosUpdateValidator = getCommonVideoAttributes().concat([
98 param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
101 .custom(isVideoNameValid).withMessage('Should have a valid name'),
105 .custom(isIdValid).withMessage('Should have correct video channel id'),
107 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
108 logger.debug('Checking videosUpdate parameters', { parameters: req.body })
110 if (areValidationErrors(req, res)) return cleanUpReqFiles(req)
111 if (areErrorsInScheduleUpdate(req, res)) return cleanUpReqFiles(req)
112 if (!await isVideoExist(req.params.id, res)) return cleanUpReqFiles(req)
114 const video = res.locals.video
116 // Check if the user who did the request is able to update the video
117 const user = res.locals.oauth.token.User
118 if (!checkUserCanManageVideo(user, res.locals.video, UserRight.UPDATE_ANY_VIDEO, res)) return cleanUpReqFiles(req)
120 if (video.privacy !== VideoPrivacy.PRIVATE && req.body.privacy === VideoPrivacy.PRIVATE) {
122 return res.status(409)
123 .json({ error: 'Cannot set "private" a video that was not private.' })
126 if (req.body.channelId && !await isVideoChannelOfAccountExist(req.body.channelId, user, res)) return cleanUpReqFiles(req)
132 const videosCustomGetValidator = (fetchType: VideoFetchType) => {
134 param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
136 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
137 logger.debug('Checking videosGet parameters', { parameters: req.params })
139 if (areValidationErrors(req, res)) return
140 if (!await isVideoExist(req.params.id, res, fetchType)) return
142 const video: VideoModel = res.locals.video
144 // Video private or blacklisted
145 if (video.privacy === VideoPrivacy.PRIVATE || video.VideoBlacklist) {
146 return authenticate(req, res, () => {
147 const user: UserModel = res.locals.oauth.token.User
149 // Only the owner or a user that have blacklist rights can see the video
150 if (video.VideoChannel.Account.userId !== user.id && !user.hasRight(UserRight.MANAGE_VIDEO_BLACKLIST)) {
151 return res.status(403)
152 .json({ error: 'Cannot get this private or blacklisted video.' })
159 // Video is public, anyone can access it
160 if (video.privacy === VideoPrivacy.PUBLIC) return next()
162 // Video is unlisted, check we used the uuid to fetch it
163 if (video.privacy === VideoPrivacy.UNLISTED) {
164 if (isUUIDValid(req.params.id)) return next()
166 // Don't leak this unlisted video
167 return res.status(404).end()
173 const videosGetValidator = videosCustomGetValidator('all')
175 const videosRemoveValidator = [
176 param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
178 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
179 logger.debug('Checking videosRemove parameters', { parameters: req.params })
181 if (areValidationErrors(req, res)) return
182 if (!await isVideoExist(req.params.id, res)) return
184 // Check if the user who did the request is able to delete the video
185 if (!checkUserCanManageVideo(res.locals.oauth.token.User, res.locals.video, UserRight.REMOVE_ANY_VIDEO, res)) return
191 const videoRateValidator = [
192 param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
193 body('rating').custom(isVideoRatingTypeValid).withMessage('Should have a valid rate type'),
195 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
196 logger.debug('Checking videoRate parameters', { parameters: req.body })
198 if (areValidationErrors(req, res)) return
199 if (!await isVideoExist(req.params.id, res)) return
205 const videosShareValidator = [
206 param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
207 param('accountId').custom(isIdValid).not().isEmpty().withMessage('Should have a valid account id'),
209 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
210 logger.debug('Checking videoShare parameters', { parameters: req.params })
212 if (areValidationErrors(req, res)) return
213 if (!await isVideoExist(req.params.id, res)) return
215 const share = await VideoShareModel.load(req.params.accountId, res.locals.video.id, undefined)
217 return res.status(404)
221 res.locals.videoShare = share
226 const videosChangeOwnershipValidator = [
227 param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
229 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
230 logger.debug('Checking changeOwnership parameters', { parameters: req.params })
232 if (areValidationErrors(req, res)) return
233 if (!await isVideoExist(req.params.videoId, res)) return
235 // Check if the user who did the request is able to change the ownership of the video
236 if (!checkUserCanManageVideo(res.locals.oauth.token.User, res.locals.video, UserRight.CHANGE_VIDEO_OWNERSHIP, res)) return
238 const nextOwner = await AccountModel.loadLocalByName(req.body.username)
241 .json({ error: 'Changing video ownership to a remote account is not supported yet' })
245 res.locals.nextOwner = nextOwner
251 const videosTerminateChangeOwnershipValidator = [
252 param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
254 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
255 logger.debug('Checking changeOwnership parameters', { parameters: req.params })
257 if (areValidationErrors(req, res)) return
258 if (!await doesChangeVideoOwnershipExist(req.params.id, res)) return
260 // Check if the user who did the request is able to change the ownership of the video
261 if (!checkUserCanTerminateOwnershipChange(res.locals.oauth.token.User, res.locals.videoChangeOwnership, res)) return
265 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
266 const videoChangeOwnership = res.locals.videoChangeOwnership as VideoChangeOwnershipModel
268 if (videoChangeOwnership.status === VideoChangeOwnershipStatus.WAITING) {
272 .json({ error: 'Ownership already accepted or refused' })
279 const videosAcceptChangeOwnershipValidator = [
280 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
281 const body = req.body as VideoChangeOwnershipAccept
282 if (!await isVideoChannelOfAccountExist(body.channelId, res.locals.oauth.token.User, res)) return
284 const user = res.locals.oauth.token.User
285 const videoChangeOwnership = res.locals.videoChangeOwnership as VideoChangeOwnershipModel
286 const isAble = await user.isAbleToUploadVideo(videoChangeOwnership.Video.getOriginalFile())
287 if (isAble === false) {
289 .json({ error: 'The user video quota is exceeded with this video.' })
298 function getCommonVideoAttributes () {
300 body('thumbnailfile')
301 .custom((value, { req }) => isVideoImage(req.files, 'thumbnailfile')).withMessage(
302 'This thumbnail file is not supported or too large. Please, make sure it is of the following type: '
303 + CONSTRAINTS_FIELDS.VIDEOS.IMAGE.EXTNAME.join(', ')
306 .custom((value, { req }) => isVideoImage(req.files, 'previewfile')).withMessage(
307 'This preview file is not supported or too large. Please, make sure it is of the following type: '
308 + CONSTRAINTS_FIELDS.VIDEOS.IMAGE.EXTNAME.join(', ')
313 .customSanitizer(toIntOrNull)
314 .custom(isVideoCategoryValid).withMessage('Should have a valid category'),
317 .customSanitizer(toIntOrNull)
318 .custom(isVideoLicenceValid).withMessage('Should have a valid licence'),
321 .customSanitizer(toValueOrNull)
322 .custom(isVideoLanguageValid).withMessage('Should have a valid language'),
326 .custom(isBooleanValid).withMessage('Should have a valid NSFW attribute'),
327 body('waitTranscoding')
330 .custom(isBooleanValid).withMessage('Should have a valid wait transcoding attribute'),
334 .custom(isVideoPrivacyValid).withMessage('Should have correct video privacy'),
337 .customSanitizer(toValueOrNull)
338 .custom(isVideoDescriptionValid).withMessage('Should have a valid description'),
341 .customSanitizer(toValueOrNull)
342 .custom(isVideoSupportValid).withMessage('Should have a valid support text'),
345 .customSanitizer(toValueOrNull)
346 .custom(isVideoTagsValid).withMessage('Should have correct tags'),
347 body('commentsEnabled')
350 .custom(isBooleanValid).withMessage('Should have comments enabled boolean'),
352 body('scheduleUpdate')
354 .customSanitizer(toValueOrNull),
355 body('scheduleUpdate.updateAt')
357 .custom(isDateValid).withMessage('Should have a valid schedule update date'),
358 body('scheduleUpdate.privacy')
361 .custom(isScheduleVideoUpdatePrivacyValid).withMessage('Should have correct schedule update privacy')
362 ] as (ValidationChain | express.Handler)[]
365 const commonVideosFiltersValidator = [
366 query('categoryOneOf')
368 .customSanitizer(toArray)
369 .custom(isNumberArray).withMessage('Should have a valid one of category array'),
370 query('licenceOneOf')
372 .customSanitizer(toArray)
373 .custom(isNumberArray).withMessage('Should have a valid one of licence array'),
374 query('languageOneOf')
376 .customSanitizer(toArray)
377 .custom(isStringArray).withMessage('Should have a valid one of language array'),
380 .customSanitizer(toArray)
381 .custom(isStringArray).withMessage('Should have a valid one of tags array'),
384 .customSanitizer(toArray)
385 .custom(isStringArray).withMessage('Should have a valid all of tags array'),
388 .custom(isNSFWQueryValid).withMessage('Should have a valid NSFW attribute'),
391 .custom(isVideoFilterValid).withMessage('Should have a valid filter attribute'),
393 (req: express.Request, res: express.Response, next: express.NextFunction) => {
394 logger.debug('Checking commons video filters query', { parameters: req.query })
396 if (areValidationErrors(req, res)) return
398 const user: UserModel = res.locals.oauth ? res.locals.oauth.token.User : undefined
399 if (req.query.filter === 'all-local' && (!user || user.hasRight(UserRight.SEE_ALL_VIDEOS) === false)) {
401 .json({ error: 'You are not allowed to see all local videos.' })
410 // ---------------------------------------------------------------------------
414 videosUpdateValidator,
416 videosCustomGetValidator,
417 videosRemoveValidator,
418 videosShareValidator,
422 videosChangeOwnershipValidator,
423 videosTerminateChangeOwnershipValidator,
424 videosAcceptChangeOwnershipValidator,
426 getCommonVideoAttributes,
428 commonVideosFiltersValidator
431 // ---------------------------------------------------------------------------
433 function areErrorsInScheduleUpdate (req: express.Request, res: express.Response) {
434 if (req.body.scheduleUpdate) {
435 if (!req.body.scheduleUpdate.updateAt) {
437 .json({ error: 'Schedule update at is mandatory.' })