-import * as express from 'express'
+import express from 'express'
import { param, query } from 'express-validator'
+import { HttpStatusCode } from '../../../shared/models/http/http-error-codes'
import { isValidRSSFeed } from '../../helpers/custom-validators/feeds'
-import { exists, isIdOrUUIDValid, isIdValid } from '../../helpers/custom-validators/misc'
+import { exists, isIdOrUUIDValid, isIdValid, toCompleteUUID } from '../../helpers/custom-validators/misc'
import { logger } from '../../helpers/logger'
import {
+ areValidationErrors,
+ checkCanSeeVideo,
doesAccountIdExist,
doesAccountNameWithHostExist,
doesUserFeedTokenCorrespond,
doesVideoChannelIdExist,
- doesVideoChannelNameWithHostExist
-} from '../../helpers/middlewares'
-import { doesVideoExist } from '../../helpers/middlewares/videos'
-import { areValidationErrors } from './utils'
-import { HttpStatusCode } from '../../../shared/core-utils/miscs/http-error-codes'
+ doesVideoChannelNameWithHostExist,
+ doesVideoExist
+} from './shared'
const feedsFormatValidator = [
param('format').optional().custom(isValidRSSFeed).withMessage('Should have a valid format (rss, atom, json)'),
]
const videoCommentsFeedsValidator = [
- query('videoId').optional().custom(isIdOrUUIDValid),
+ query('videoId')
+ .customSanitizer(toCompleteUUID)
+ .optional()
+ .custom(isIdOrUUIDValid),
async (req: express.Request, res: express.Response, next: express.NextFunction) => {
logger.debug('Checking feeds parameters', { parameters: req.query })
return res.fail({ message: 'videoId cannot be mixed with a channel filter' })
}
- if (req.query.videoId && !await doesVideoExist(req.query.videoId, res)) return
+ if (req.query.videoId) {
+ if (!await doesVideoExist(req.query.videoId, res)) return
+ if (!await checkCanSeeVideo({ req, res, paramId: req.query.videoId, video: res.locals.videoAll })) return
+ }
return next()
}
projects / github / Chocobozzz / PeerTube.git / blobdiff