server/middlewares/validators/videos.ts

   1 import 'express-validator'
   2 import * as express from 'express'
   3 import * as Promise from 'bluebird'
   4 import * as validator from 'validator'
   5
   6 import { database as db } from '../../initializers/database'
   7 import { checkErrors } from './utils'
   8 import { CONSTRAINTS_FIELDS, SEARCHABLE_COLUMNS } from '../../initializers'
   9 import { logger, isVideoDurationValid } from '../../helpers'
  10 import { VideoInstance } from '../../models'
  11
  12 function videosAddValidator (req: express.Request, res: express.Response, next: express.NextFunction) {
  13   // FIXME: Don't write an error message, it seems there is a bug with express-validator
  14   // 'Should have a valid file'
  15   req.checkBody('videofile').isVideoFile(req.files)
  16   req.checkBody('name', 'Should have a valid name').isVideoNameValid()
  17   req.checkBody('category', 'Should have a valid category').isVideoCategoryValid()
  18   req.checkBody('licence', 'Should have a valid licence').isVideoLicenceValid()
  19   req.checkBody('language', 'Should have a valid language').optional().isVideoLanguageValid()
  20   req.checkBody('nsfw', 'Should have a valid NSFW attribute').isVideoNSFWValid()
  21   req.checkBody('description', 'Should have a valid description').isVideoDescriptionValid()
  22   req.checkBody('tags', 'Should have correct tags').optional().isVideoTagsValid()
  23
  24   logger.debug('Checking videosAdd parameters', { parameters: req.body, files: req.files })
  25
  26   checkErrors(req, res, function () {
  27     const videoFile = req.files.videofile[0]
  28
  29     db.Video.getDurationFromFile(videoFile.path)
  30       .then(duration => {
  31         if (!isVideoDurationValid('' + duration)) {
  32           return res.status(400).send('Duration of the video file is too big (max: ' + CONSTRAINTS_FIELDS.VIDEOS.DURATION.max + 's).')
  33         }
  34
  35         videoFile['duration'] = duration
  36         next()
  37       })
  38       .catch(err => {
  39         logger.error('Error in getting duration from file.', err)
  40         res.status(400).send('Cannot retrieve metadata of the file.')
  41       })
  42   })
  43 }
  44
  45 function videosUpdateValidator (req: express.Request, res: express.Response, next: express.NextFunction) {
  46   req.checkParams('id', 'Should have a valid id').notEmpty().isVideoIdOrUUIDValid()
  47   req.checkBody('name', 'Should have a valid name').optional().isVideoNameValid()
  48   req.checkBody('category', 'Should have a valid category').optional().isVideoCategoryValid()
  49   req.checkBody('licence', 'Should have a valid licence').optional().isVideoLicenceValid()
  50   req.checkBody('language', 'Should have a valid language').optional().isVideoLanguageValid()
  51   req.checkBody('nsfw', 'Should have a valid NSFW attribute').optional().isVideoNSFWValid()
  52   req.checkBody('description', 'Should have a valid description').optional().isVideoDescriptionValid()
  53   req.checkBody('tags', 'Should have correct tags').optional().isVideoTagsValid()
  54
  55   logger.debug('Checking videosUpdate parameters', { parameters: req.body })
  56
  57   checkErrors(req, res, function () {
  58     checkVideoExists(req.params.id, res, function () {
  59       // We need to make additional checks
  60       if (res.locals.video.isOwned() === false) {
  61         return res.status(403).send('Cannot update video of another pod')
  62       }
  63
  64       if (res.locals.video.Author.userId !== res.locals.oauth.token.User.id) {
  65         return res.status(403).send('Cannot update video of another user')
  66       }
  67
  68       next()
  69     })
  70   })
  71 }
  72
  73 function videosGetValidator (req: express.Request, res: express.Response, next: express.NextFunction) {
  74   req.checkParams('id', 'Should have a valid id').notEmpty().isVideoIdOrUUIDValid()
  75
  76   logger.debug('Checking videosGet parameters', { parameters: req.params })
  77
  78   checkErrors(req, res, function () {
  79     checkVideoExists(req.params.id, res, next)
  80   })
  81 }
  82
  83 function videosRemoveValidator (req: express.Request, res: express.Response, next: express.NextFunction) {
  84   req.checkParams('id', 'Should have a valid id').notEmpty().isVideoIdOrUUIDValid()
  85
  86   logger.debug('Checking videosRemove parameters', { parameters: req.params })
  87
  88   checkErrors(req, res, function () {
  89     checkVideoExists(req.params.id, res, function () {
  90       // We need to make additional checks
  91
  92       // Check if the user who did the request is able to delete the video
  93       checkUserCanDeleteVideo(res.locals.oauth.token.User.id, res, function () {
  94         next()
  95       })
  96     })
  97   })
  98 }
  99
 100 function videosSearchValidator (req: express.Request, res: express.Response, next: express.NextFunction) {
 101   const searchableColumns = SEARCHABLE_COLUMNS.VIDEOS
 102   req.checkParams('value', 'Should have a valid search').notEmpty()
 103   req.checkQuery('field', 'Should have correct searchable column').optional().isIn(searchableColumns)
 104
 105   logger.debug('Checking videosSearch parameters', { parameters: req.params })
 106
 107   checkErrors(req, res, next)
 108 }
 109
 110 function videoAbuseReportValidator (req: express.Request, res: express.Response, next: express.NextFunction) {
 111   req.checkParams('id', 'Should have a valid id').notEmpty().isVideoIdOrUUIDValid()
 112   req.checkBody('reason', 'Should have a valid reason').isVideoAbuseReasonValid()
 113
 114   logger.debug('Checking videoAbuseReport parameters', { parameters: req.body })
 115
 116   checkErrors(req, res, function () {
 117     checkVideoExists(req.params.id, res, next)
 118   })
 119 }
 120
 121 function videoRateValidator (req: express.Request, res: express.Response, next: express.NextFunction) {
 122   req.checkParams('id', 'Should have a valid id').notEmpty().isVideoIdOrUUIDValid()
 123   req.checkBody('rating', 'Should have a valid rate type').isVideoRatingTypeValid()
 124
 125   logger.debug('Checking videoRate parameters', { parameters: req.body })
 126
 127   checkErrors(req, res, function () {
 128     checkVideoExists(req.params.id, res, next)
 129   })
 130 }
 131
 132 function videosBlacklistValidator (req: express.Request, res: express.Response, next: express.NextFunction) {
 133   req.checkParams('id', 'Should have a valid id').notEmpty().isVideoIdOrUUIDValid()
 134
 135   logger.debug('Checking videosBlacklist parameters', { parameters: req.params })
 136
 137   checkErrors(req, res, function () {
 138     checkVideoExists(req.params.id, res, function () {
 139       checkVideoIsBlacklistable(req, res, next)
 140     })
 141   })
 142 }
 143
 144 // ---------------------------------------------------------------------------
 145
 146 export {
 147   videosAddValidator,
 148   videosUpdateValidator,
 149   videosGetValidator,
 150   videosRemoveValidator,
 151   videosSearchValidator,
 152
 153   videoAbuseReportValidator,
 154
 155   videoRateValidator,
 156
 157   videosBlacklistValidator
 158 }
 159
 160 // ---------------------------------------------------------------------------
 161
 162 function checkVideoExists (id: string, res: express.Response, callback: () => void) {
 163   let promise: Promise<VideoInstance>
 164   if (validator.isInt(id)) {
 165     promise = db.Video.loadAndPopulateAuthorAndPodAndTags(+id)
 166   } else { // UUID
 167     promise = db.Video.loadByUUIDAndPopulateAuthorAndPodAndTags(id)
 168   }
 169
 170   promise.then(video => {
 171     if (!video) return res.status(404).send('Video not found')
 172
 173     res.locals.video = video
 174     callback()
 175   })
 176   .catch(err => {
 177     logger.error('Error in video request validator.', err)
 178     return res.sendStatus(500)
 179   })
 180 }
 181
 182 function checkUserCanDeleteVideo (userId: number, res: express.Response, callback: () => void) {
 183   // Retrieve the user who did the request
 184   db.User.loadById(userId)
 185     .then(user => {
 186       // Check if the user can delete the video
 187       // The user can delete it if s/he is an admin
 188       // Or if s/he is the video's author
 189       if (user.isAdmin() === false) {
 190         if (res.locals.video.isOwned() === false) {
 191           return res.status(403).send('Cannot remove video of another pod')
 192         }
 193
 194         if (res.locals.video.Author.userId !== res.locals.oauth.token.User.id) {
 195           return res.status(403).send('Cannot remove video of another user')
 196         }
 197       }
 198
 199       // If we reach this comment, we can delete the video
 200       callback()
 201     })
 202     .catch(err => {
 203       logger.error('Error in video request validator.', err)
 204       return res.sendStatus(500)
 205     })
 206 }
 207
 208 function checkVideoIsBlacklistable (req: express.Request, res: express.Response, callback: () => void) {
 209   if (res.locals.video.isOwned() === true) {
 210     return res.status(403).send('Cannot blacklist a local video')
 211   }
 212
 213   callback()
 214 }