server/middlewares/validators/videos.ts

   1 import * as express from 'express'
   2 import 'express-validator'
   3 import { body, param, query } from 'express-validator/check'
   4 import { UserRight, VideoPrivacy } from '../../../shared'
   5 import { isIdOrUUIDValid, isIdValid } from '../../helpers/custom-validators/misc'
   6 import {
   7   isVideoAbuseReasonValid, isVideoCategoryValid, isVideoDescriptionValid, isVideoExist, isVideoFile, isVideoLanguageValid,
   8   isVideoLicenceValid, isVideoNameValid, isVideoNSFWValid, isVideoPrivacyValid, isVideoRatingTypeValid, isVideoTagsValid
   9 } from '../../helpers/custom-validators/videos'
  10 import { getDurationFromVideoFile } from '../../helpers/ffmpeg-utils'
  11 import { logger } from '../../helpers/logger'
  12 import { CONSTRAINTS_FIELDS } from '../../initializers'
  13 import { UserModel } from '../../models/account/user'
  14 import { VideoModel } from '../../models/video/video'
  15 import { VideoChannelModel } from '../../models/video/video-channel'
  16 import { VideoShareModel } from '../../models/video/video-share'
  17 import { authenticate } from '../oauth'
  18 import { areValidationErrors } from './utils'
  19
  20 const videosAddValidator = [
  21   body('videofile').custom((value, { req }) => isVideoFile(req.files)).withMessage(
  22     'This file is not supported. Please, make sure it is of the following type : '
  23     + CONSTRAINTS_FIELDS.VIDEOS.EXTNAME.join(', ')
  24   ),
  25   body('name').custom(isVideoNameValid).withMessage('Should have a valid name'),
  26   body('category').optional().custom(isVideoCategoryValid).withMessage('Should have a valid category'),
  27   body('licence').optional().custom(isVideoLicenceValid).withMessage('Should have a valid licence'),
  28   body('language').optional().custom(isVideoLanguageValid).withMessage('Should have a valid language'),
  29   body('nsfw').custom(isVideoNSFWValid).withMessage('Should have a valid NSFW attribute'),
  30   body('description').optional().custom(isVideoDescriptionValid).withMessage('Should have a valid description'),
  31   body('channelId').custom(isIdValid).withMessage('Should have correct video channel id'),
  32   body('privacy').custom(isVideoPrivacyValid).withMessage('Should have correct video privacy'),
  33   body('tags').optional().custom(isVideoTagsValid).withMessage('Should have correct tags'),
  34
  35   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
  36     logger.debug('Checking videosAdd parameters', { parameters: req.body, files: req.files })
  37
  38     if (areValidationErrors(req, res)) return
  39
  40     const videoFile: Express.Multer.File = req.files['videofile'][0]
  41     const user = res.locals.oauth.token.User
  42
  43     const videoChannel = await VideoChannelModel.loadByIdAndAccount(req.body.channelId, user.Account.id)
  44     if (!videoChannel) {
  45       res.status(400)
  46         .json({ error: 'Unknown video video channel for this account.' })
  47         .end()
  48
  49       return
  50     }
  51
  52     res.locals.videoChannel = videoChannel
  53
  54     const isAble = await user.isAbleToUploadVideo(videoFile)
  55     if (isAble === false) {
  56       res.status(403)
  57          .json({ error: 'The user video quota is exceeded with this video.' })
  58          .end()
  59
  60       return
  61     }
  62
  63     let duration: number
  64
  65     try {
  66       duration = await getDurationFromVideoFile(videoFile.path)
  67     } catch (err) {
  68       logger.error('Invalid input file in videosAddValidator.', err)
  69       res.status(400)
  70          .json({ error: 'Invalid input file.' })
  71          .end()
  72
  73       return
  74     }
  75
  76     videoFile['duration'] = duration
  77
  78     return next()
  79   }
  80 ]
  81
  82 const videosUpdateValidator = [
  83   param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
  84   body('name').optional().custom(isVideoNameValid).withMessage('Should have a valid name'),
  85   body('category').optional().custom(isVideoCategoryValid).withMessage('Should have a valid category'),
  86   body('licence').optional().custom(isVideoLicenceValid).withMessage('Should have a valid licence'),
  87   body('language').optional().custom(isVideoLanguageValid).withMessage('Should have a valid language'),
  88   body('nsfw').optional().custom(isVideoNSFWValid).withMessage('Should have a valid NSFW attribute'),
  89   body('privacy').optional().custom(isVideoPrivacyValid).withMessage('Should have correct video privacy'),
  90   body('description').optional().custom(isVideoDescriptionValid).withMessage('Should have a valid description'),
  91   body('tags').optional().custom(isVideoTagsValid).withMessage('Should have correct tags'),
  92
  93   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
  94     logger.debug('Checking videosUpdate parameters', { parameters: req.body })
  95
  96     if (areValidationErrors(req, res)) return
  97     if (!await isVideoExist(req.params.id, res)) return
  98
  99     const video = res.locals.video
 100
 101     // We need to make additional checks
 102     if (video.isOwned() === false) {
 103       return res.status(403)
 104                 .json({ error: 'Cannot update video of another server' })
 105                 .end()
 106     }
 107
 108     if (video.VideoChannel.Account.userId !== res.locals.oauth.token.User.id) {
 109       return res.status(403)
 110                 .json({ error: 'Cannot update video of another user' })
 111                 .end()
 112     }
 113
 114     if (video.privacy !== VideoPrivacy.PRIVATE && req.body.privacy === VideoPrivacy.PRIVATE) {
 115       return res.status(409)
 116         .json({ error: 'Cannot set "private" a video that was not private anymore.' })
 117         .end()
 118     }
 119
 120     return next()
 121   }
 122 ]
 123
 124 const videosGetValidator = [
 125   param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
 126
 127   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
 128     logger.debug('Checking videosGet parameters', { parameters: req.params })
 129
 130     if (areValidationErrors(req, res)) return
 131     if (!await isVideoExist(req.params.id, res)) return
 132
 133     const video = res.locals.video
 134
 135     // Video is not private, anyone can access it
 136     if (video.privacy !== VideoPrivacy.PRIVATE) return next()
 137
 138     authenticate(req, res, () => {
 139       if (video.VideoChannel.Account.userId !== res.locals.oauth.token.User.id) {
 140         return res.status(403)
 141           .json({ error: 'Cannot get this private video of another user' })
 142           .end()
 143       }
 144
 145       return next()
 146     })
 147   }
 148 ]
 149
 150 const videosRemoveValidator = [
 151   param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
 152
 153   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
 154     logger.debug('Checking videosRemove parameters', { parameters: req.params })
 155
 156     if (areValidationErrors(req, res)) return
 157     if (!await isVideoExist(req.params.id, res)) return
 158
 159     // Check if the user who did the request is able to delete the video
 160     if (!checkUserCanDeleteVideo(res.locals.oauth.token.User, res.locals.video, res)) return
 161
 162     return next()
 163   }
 164 ]
 165
 166 const videosSearchValidator = [
 167   query('search').not().isEmpty().withMessage('Should have a valid search'),
 168
 169   (req: express.Request, res: express.Response, next: express.NextFunction) => {
 170     logger.debug('Checking videosSearch parameters', { parameters: req.params })
 171
 172     if (areValidationErrors(req, res)) return
 173
 174     return next()
 175   }
 176 ]
 177
 178 const videoAbuseReportValidator = [
 179   param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
 180   body('reason').custom(isVideoAbuseReasonValid).withMessage('Should have a valid reason'),
 181
 182   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
 183     logger.debug('Checking videoAbuseReport parameters', { parameters: req.body })
 184
 185     if (areValidationErrors(req, res)) return
 186     if (!await isVideoExist(req.params.id, res)) return
 187
 188     return next()
 189   }
 190 ]
 191
 192 const videoRateValidator = [
 193   param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
 194   body('rating').custom(isVideoRatingTypeValid).withMessage('Should have a valid rate type'),
 195
 196   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
 197     logger.debug('Checking videoRate parameters', { parameters: req.body })
 198
 199     if (areValidationErrors(req, res)) return
 200     if (!await isVideoExist(req.params.id, res)) return
 201
 202     return next()
 203   }
 204 ]
 205
 206 const videosShareValidator = [
 207   param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
 208   param('accountId').custom(isIdValid).not().isEmpty().withMessage('Should have a valid account id'),
 209
 210   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
 211     logger.debug('Checking videoShare parameters', { parameters: req.params })
 212
 213     if (areValidationErrors(req, res)) return
 214     if (!await isVideoExist(req.params.id, res)) return
 215
 216     const share = await VideoShareModel.load(req.params.accountId, res.locals.video.id, undefined)
 217     if (!share) {
 218       return res.status(404)
 219         .end()
 220     }
 221
 222     res.locals.videoShare = share
 223     return next()
 224   }
 225 ]
 226
 227 // ---------------------------------------------------------------------------
 228
 229 export {
 230   videosAddValidator,
 231   videosUpdateValidator,
 232   videosGetValidator,
 233   videosRemoveValidator,
 234   videosSearchValidator,
 235   videosShareValidator,
 236
 237   videoAbuseReportValidator,
 238
 239   videoRateValidator
 240 }
 241
 242 // ---------------------------------------------------------------------------
 243
 244 function checkUserCanDeleteVideo (user: UserModel, video: VideoModel, res: express.Response) {
 245   // Retrieve the user who did the request
 246   if (video.isOwned() === false) {
 247     res.status(403)
 248               .json({ error: 'Cannot remove video of another server, blacklist it' })
 249               .end()
 250     return false
 251   }
 252
 253   // Check if the user can delete the video
 254   // The user can delete it if s/he is an admin
 255   // Or if s/he is the video's account
 256   const account = video.VideoChannel.Account
 257   if (user.hasRight(UserRight.REMOVE_ANY_VIDEO) === false && account.userId !== user.id) {
 258     res.status(403)
 259               .json({ error: 'Cannot remove video of another user' })
 260               .end()
 261     return false
 262   }
 263
 264   return true
 265 }