1 import * as express from 'express'
2 import 'express-validator'
3 import { body, param, ValidationChain } from 'express-validator/check'
4 import { UserRight, VideoPrivacy } from '../../../shared'
13 } from '../../helpers/custom-validators/misc'
15 checkUserCanManageVideo,
16 isScheduleVideoUpdatePrivacyValid,
18 isVideoChannelOfAccountExist,
19 isVideoDescriptionValid,
27 isVideoRatingTypeValid,
30 } from '../../helpers/custom-validators/videos'
31 import { getDurationFromVideoFile } from '../../helpers/ffmpeg-utils'
32 import { logger } from '../../helpers/logger'
33 import { CONSTRAINTS_FIELDS } from '../../initializers'
34 import { VideoShareModel } from '../../models/video/video-share'
35 import { authenticate } from '../oauth'
36 import { areValidationErrors } from './utils'
37 import { cleanUpReqFiles } from '../../helpers/express-utils'
38 import { VideoModel } from '../../models/video/video'
39 import { UserModel } from '../../models/account/user'
41 const videosAddValidator = getCommonVideoAttributes().concat([
43 .custom((value, { req }) => isVideoFile(req.files)).withMessage(
44 'This file is not supported or too large. Please, make sure it is of the following type: '
45 + CONSTRAINTS_FIELDS.VIDEOS.EXTNAME.join(', ')
47 body('name').custom(isVideoNameValid).withMessage('Should have a valid name'),
50 .custom(isIdValid).withMessage('Should have correct video channel id'),
52 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
53 logger.debug('Checking videosAdd parameters', { parameters: req.body, files: req.files })
55 if (areValidationErrors(req, res)) return cleanUpReqFiles(req)
56 if (areErrorsInScheduleUpdate(req, res)) return cleanUpReqFiles(req)
58 const videoFile: Express.Multer.File = req.files['videofile'][0]
59 const user = res.locals.oauth.token.User
61 if (!await isVideoChannelOfAccountExist(req.body.channelId, user, res)) return cleanUpReqFiles(req)
63 const isAble = await user.isAbleToUploadVideo(videoFile)
64 if (isAble === false) {
66 .json({ error: 'The user video quota is exceeded with this video.' })
69 return cleanUpReqFiles(req)
75 duration = await getDurationFromVideoFile(videoFile.path)
77 logger.error('Invalid input file in videosAddValidator.', { err })
79 .json({ error: 'Invalid input file.' })
82 return cleanUpReqFiles(req)
85 videoFile['duration'] = duration
91 const videosUpdateValidator = getCommonVideoAttributes().concat([
92 param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
95 .custom(isVideoNameValid).withMessage('Should have a valid name'),
99 .custom(isIdValid).withMessage('Should have correct video channel id'),
101 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
102 logger.debug('Checking videosUpdate parameters', { parameters: req.body })
104 if (areValidationErrors(req, res)) return cleanUpReqFiles(req)
105 if (areErrorsInScheduleUpdate(req, res)) return cleanUpReqFiles(req)
106 if (!await isVideoExist(req.params.id, res)) return cleanUpReqFiles(req)
108 const video = res.locals.video
110 // Check if the user who did the request is able to update the video
111 const user = res.locals.oauth.token.User
112 if (!checkUserCanManageVideo(user, res.locals.video, UserRight.UPDATE_ANY_VIDEO, res)) return cleanUpReqFiles(req)
114 if (video.privacy !== VideoPrivacy.PRIVATE && req.body.privacy === VideoPrivacy.PRIVATE) {
116 return res.status(409)
117 .json({ error: 'Cannot set "private" a video that was not private.' })
121 if (req.body.channelId && !await isVideoChannelOfAccountExist(req.body.channelId, user, res)) return cleanUpReqFiles(req)
127 const videosGetValidator = [
128 param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
130 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
131 logger.debug('Checking videosGet parameters', { parameters: req.params })
133 if (areValidationErrors(req, res)) return
134 if (!await isVideoExist(req.params.id, res)) return
136 const video: VideoModel = res.locals.video
138 // Video private or blacklisted
139 if (video.privacy === VideoPrivacy.PRIVATE || video.VideoBlacklist) {
140 return authenticate(req, res, () => {
141 const user: UserModel = res.locals.oauth.token.User
143 // Only the owner or a user that have blacklist rights can see the video
144 if (video.VideoChannel.Account.userId !== user.id && !user.hasRight(UserRight.MANAGE_VIDEO_BLACKLIST)) {
145 return res.status(403)
146 .json({ error: 'Cannot get this private or blacklisted video.' })
156 // Video is public, anyone can access it
157 if (video.privacy === VideoPrivacy.PUBLIC) return next()
159 // Video is unlisted, check we used the uuid to fetch it
160 if (video.privacy === VideoPrivacy.UNLISTED) {
161 if (isUUIDValid(req.params.id)) return next()
163 // Don't leak this unlisted video
164 return res.status(404).end()
169 const videosRemoveValidator = [
170 param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
172 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
173 logger.debug('Checking videosRemove parameters', { parameters: req.params })
175 if (areValidationErrors(req, res)) return
176 if (!await isVideoExist(req.params.id, res)) return
178 // Check if the user who did the request is able to delete the video
179 if (!checkUserCanManageVideo(res.locals.oauth.token.User, res.locals.video, UserRight.REMOVE_ANY_VIDEO, res)) return
185 const videoRateValidator = [
186 param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
187 body('rating').custom(isVideoRatingTypeValid).withMessage('Should have a valid rate type'),
189 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
190 logger.debug('Checking videoRate parameters', { parameters: req.body })
192 if (areValidationErrors(req, res)) return
193 if (!await isVideoExist(req.params.id, res)) return
199 const videosShareValidator = [
200 param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
201 param('accountId').custom(isIdValid).not().isEmpty().withMessage('Should have a valid account id'),
203 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
204 logger.debug('Checking videoShare parameters', { parameters: req.params })
206 if (areValidationErrors(req, res)) return
207 if (!await isVideoExist(req.params.id, res)) return
209 const share = await VideoShareModel.load(req.params.accountId, res.locals.video.id, undefined)
211 return res.status(404)
215 res.locals.videoShare = share
220 function getCommonVideoAttributes () {
222 body('thumbnailfile')
223 .custom((value, { req }) => isVideoImage(req.files, 'thumbnailfile')).withMessage(
224 'This thumbnail file is not supported or too large. Please, make sure it is of the following type: '
225 + CONSTRAINTS_FIELDS.VIDEOS.IMAGE.EXTNAME.join(', ')
228 .custom((value, { req }) => isVideoImage(req.files, 'previewfile')).withMessage(
229 'This preview file is not supported or too large. Please, make sure it is of the following type: '
230 + CONSTRAINTS_FIELDS.VIDEOS.IMAGE.EXTNAME.join(', ')
235 .customSanitizer(toIntOrNull)
236 .custom(isVideoCategoryValid).withMessage('Should have a valid category'),
239 .customSanitizer(toIntOrNull)
240 .custom(isVideoLicenceValid).withMessage('Should have a valid licence'),
243 .customSanitizer(toValueOrNull)
244 .custom(isVideoLanguageValid).withMessage('Should have a valid language'),
248 .custom(isBooleanValid).withMessage('Should have a valid NSFW attribute'),
249 body('waitTranscoding')
252 .custom(isBooleanValid).withMessage('Should have a valid wait transcoding attribute'),
256 .custom(isVideoPrivacyValid).withMessage('Should have correct video privacy'),
259 .customSanitizer(toValueOrNull)
260 .custom(isVideoDescriptionValid).withMessage('Should have a valid description'),
263 .customSanitizer(toValueOrNull)
264 .custom(isVideoSupportValid).withMessage('Should have a valid support text'),
267 .customSanitizer(toValueOrNull)
268 .custom(isVideoTagsValid).withMessage('Should have correct tags'),
269 body('commentsEnabled')
272 .custom(isBooleanValid).withMessage('Should have comments enabled boolean'),
274 body('scheduleUpdate')
276 .customSanitizer(toValueOrNull),
277 body('scheduleUpdate.updateAt')
279 .custom(isDateValid).withMessage('Should have a valid schedule update date'),
280 body('scheduleUpdate.privacy')
283 .custom(isScheduleVideoUpdatePrivacyValid).withMessage('Should have correct schedule update privacy')
284 ] as (ValidationChain | express.Handler)[]
287 // ---------------------------------------------------------------------------
291 videosUpdateValidator,
293 videosRemoveValidator,
294 videosShareValidator,
298 getCommonVideoAttributes
301 // ---------------------------------------------------------------------------
303 function areErrorsInScheduleUpdate (req: express.Request, res: express.Response) {
304 if (req.body.scheduleUpdate) {
305 if (!req.body.scheduleUpdate.updateAt) {
307 .json({ error: 'Schedule update at is mandatory.' })