1 import { body, param, query } from 'express-validator/check'
2 import * as express from 'express'
4 import { database as db } from '../../initializers/database'
5 import { checkErrors } from './utils'
6 import { CONSTRAINTS_FIELDS, SEARCHABLE_COLUMNS } from '../../initializers'
14 isVideoDescriptionValid,
19 isVideoAbuseReasonValid,
20 isVideoRatingTypeValid,
21 getDurationFromVideoFile,
23 } from '../../helpers'
25 const videosAddValidator = [
26 body('videofile').custom((value, { req }) => isVideoFile(req.files)).withMessage(
27 'This file is not supported. Please, make sure it is of the following type : '
28 + CONSTRAINTS_FIELDS.VIDEOS.EXTNAME.join(', ')
30 body('name').custom(isVideoNameValid).withMessage('Should have a valid name'),
31 body('category').custom(isVideoCategoryValid).withMessage('Should have a valid category'),
32 body('licence').custom(isVideoLicenceValid).withMessage('Should have a valid licence'),
33 body('language').optional().custom(isVideoLanguageValid).withMessage('Should have a valid language'),
34 body('nsfw').custom(isVideoNSFWValid).withMessage('Should have a valid NSFW attribute'),
35 body('description').custom(isVideoDescriptionValid).withMessage('Should have a valid description'),
36 body('tags').optional().custom(isVideoTagsValid).withMessage('Should have correct tags'),
38 (req: express.Request, res: express.Response, next: express.NextFunction) => {
39 logger.debug('Checking videosAdd parameters', { parameters: req.body, files: req.files })
41 checkErrors(req, res, () => {
42 const videoFile: Express.Multer.File = req.files['videofile'][0]
43 const user = res.locals.oauth.token.User
45 user.isAbleToUploadVideo(videoFile)
47 if (isAble === false) {
49 .json({ error: 'The user video quota is exceeded with this video.' })
55 return getDurationFromVideoFile(videoFile.path)
57 logger.error('Invalid input file in videosAddValidator.', err)
59 .json({ error: 'Invalid input file.' })
66 // Previous test failed, abort
67 if (duration === undefined) return
69 if (!isVideoDurationValid('' + duration)) {
70 return res.status(400)
72 error: 'Duration of the video file is too big (max: ' + CONSTRAINTS_FIELDS.VIDEOS.DURATION.max + 's).'
77 videoFile['duration'] = duration
81 logger.error('Error in video add validator', err)
90 const videosUpdateValidator = [
91 param('id').custom(isVideoIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
92 body('name').optional().custom(isVideoNameValid).withMessage('Should have a valid name'),
93 body('category').optional().custom(isVideoCategoryValid).withMessage('Should have a valid category'),
94 body('licence').optional().custom(isVideoLicenceValid).withMessage('Should have a valid licence'),
95 body('language').optional().custom(isVideoLanguageValid).withMessage('Should have a valid language'),
96 body('nsfw').optional().custom(isVideoNSFWValid).withMessage('Should have a valid NSFW attribute'),
97 body('description').optional().custom(isVideoDescriptionValid).withMessage('Should have a valid description'),
98 body('tags').optional().custom(isVideoTagsValid).withMessage('Should have correct tags'),
100 (req: express.Request, res: express.Response, next: express.NextFunction) => {
101 logger.debug('Checking videosUpdate parameters', { parameters: req.body })
103 checkErrors(req, res, () => {
104 checkVideoExists(req.params.id, res, () => {
105 // We need to make additional checks
106 if (res.locals.video.isOwned() === false) {
107 return res.status(403)
108 .json({ error: 'Cannot update video of another pod' })
112 if (res.locals.video.Author.userId !== res.locals.oauth.token.User.id) {
113 return res.status(403)
114 .json({ error: 'Cannot update video of another user' })
124 const videosGetValidator = [
125 param('id').custom(isVideoIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
127 (req: express.Request, res: express.Response, next: express.NextFunction) => {
128 logger.debug('Checking videosGet parameters', { parameters: req.params })
130 checkErrors(req, res, () => {
131 checkVideoExists(req.params.id, res, next)
136 const videosRemoveValidator = [
137 param('id').custom(isVideoIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
139 (req: express.Request, res: express.Response, next: express.NextFunction) => {
140 logger.debug('Checking videosRemove parameters', { parameters: req.params })
142 checkErrors(req, res, () => {
143 checkVideoExists(req.params.id, res, () => {
144 // Check if the user who did the request is able to delete the video
145 checkUserCanDeleteVideo(res.locals.oauth.token.User.id, res, () => {
153 const videosSearchValidator = [
154 param('value').not().isEmpty().withMessage('Should have a valid search'),
155 query('field').optional().isIn(SEARCHABLE_COLUMNS.VIDEOS).withMessage('Should have correct searchable column'),
157 (req: express.Request, res: express.Response, next: express.NextFunction) => {
158 logger.debug('Checking videosSearch parameters', { parameters: req.params })
160 checkErrors(req, res, next)
164 const videoAbuseReportValidator = [
165 param('id').custom(isVideoIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
166 body('reason').custom(isVideoAbuseReasonValid).withMessage('Should have a valid reason'),
168 (req: express.Request, res: express.Response, next: express.NextFunction) => {
169 logger.debug('Checking videoAbuseReport parameters', { parameters: req.body })
171 checkErrors(req, res, () => {
172 checkVideoExists(req.params.id, res, next)
177 const videoRateValidator = [
178 param('id').custom(isVideoIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
179 body('rating').custom(isVideoRatingTypeValid).withMessage('Should have a valid rate type'),
181 (req: express.Request, res: express.Response, next: express.NextFunction) => {
182 logger.debug('Checking videoRate parameters', { parameters: req.body })
184 checkErrors(req, res, () => {
185 checkVideoExists(req.params.id, res, next)
190 // ---------------------------------------------------------------------------
194 videosUpdateValidator,
196 videosRemoveValidator,
197 videosSearchValidator,
199 videoAbuseReportValidator,
204 // ---------------------------------------------------------------------------
206 function checkUserCanDeleteVideo (userId: number, res: express.Response, callback: () => void) {
207 // Retrieve the user who did the request
208 db.User.loadById(userId)
210 if (res.locals.video.isOwned() === false) {
211 return res.status(403)
212 .json({ error: 'Cannot remove video of another pod, blacklist it' })
216 // Check if the user can delete the video
217 // The user can delete it if s/he is an admin
218 // Or if s/he is the video's author
219 if (user.isAdmin() === false && res.locals.video.Author.userId !== res.locals.oauth.token.User.id) {
220 return res.status(403)
221 .json({ error: 'Cannot remove video of another user' })
225 // If we reach this comment, we can delete the video
229 logger.error('Error in video request validator.', err)
230 return res.sendStatus(500)