feature/ability to disable video history by default (#5728)

[github/Chocobozzz/PeerTube.git] / server / middlewares / validators / feeds.ts

diff --git a/server/middlewares/validators/feeds.ts b/server/middlewares/validators/feeds.ts
index 5c76a679f69dd8be15fd2bc78e0116dbf637ba39..0bfe89e6fb35cf13352b07cae4d27703396af45b 100644 (file)
--- a/server/middlewares/validators/feeds.ts
+++ b/server/middlewares/validators/feeds.ts
@@ -1,21 +1,32 @@
-import * as express from 'express'
+import express from 'express'
 import { param, query } from 'express-validator'
-import { isIdOrUUIDValid, isIdValid } from '../../helpers/custom-validators/misc'
-import { logger } from '../../helpers/logger'
-import { areValidationErrors } from './utils'
+import { HttpStatusCode } from '../../../shared/models/http/http-error-codes'
 import { isValidRSSFeed } from '../../helpers/custom-validators/feeds'
-import { doesVideoExist } from '../../helpers/middlewares/videos'
+import { exists, isIdOrUUIDValid, isIdValid, toCompleteUUID } from '../../helpers/custom-validators/misc'
 import {
+  areValidationErrors,
+  checkCanSeeVideo,
   doesAccountIdExist,
   doesAccountNameWithHostExist,
+  doesUserFeedTokenCorrespond,
   doesVideoChannelIdExist,
   doesVideoChannelNameWithHostExist,
-  doesUserFeedTokenCorrespond
-} from '../../helpers/middlewares'
+  doesVideoExist
+} from './shared'
 
 const feedsFormatValidator = [
-  param('format').optional().custom(isValidRSSFeed).withMessage('Should have a valid format (rss, atom, json)'),
-  query('format').optional().custom(isValidRSSFeed).withMessage('Should have a valid format (rss, atom, json)')
+  param('format')
+    .optional()
+    .custom(isValidRSSFeed).withMessage('Should have a valid format (rss, atom, json)'),
+  query('format')
+    .optional()
+    .custom(isValidRSSFeed).withMessage('Should have a valid format (rss, atom, json)'),
+
+  (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    if (areValidationErrors(req, res)) return
+
+    return next()
+  }
 ]
 
 function setFeedFormatContentType (req: express.Request, res: express.Response, next: express.NextFunction) {
@@ -35,23 +46,31 @@ function setFeedFormatContentType (req: express.Request, res: express.Response,
   if (req.accepts(acceptableContentTypes)) {
     res.set('Content-Type', req.accepts(acceptableContentTypes) as string)
   } else {
-    return res.status(406).send({
+    return res.fail({
+      status: HttpStatusCode.NOT_ACCEPTABLE_406,
       message: `You should accept at least one of the following content-types: ${acceptableContentTypes.join(', ')}`
-    }).end()
+    })
   }
 
   return next()
 }
 
 const videoFeedsValidator = [
-  query('accountId').optional().custom(isIdValid),
-  query('accountName').optional(),
-  query('videoChannelId').optional().custom(isIdValid),
-  query('videoChannelName').optional(),
+  query('accountId')
+    .optional()
+    .custom(isIdValid),
 
-  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
-    logger.debug('Checking feeds parameters', { parameters: req.query })
+  query('accountName')
+    .optional(),
+
+  query('videoChannelId')
+    .optional()
+    .custom(isIdValid),
 
+  query('videoChannelName')
+    .optional(),
+
+  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
     if (areValidationErrors(req, res)) return
 
     if (req.query.accountId && !await doesAccountIdExist(req.query.accountId, res)) return
@@ -63,38 +82,40 @@ const videoFeedsValidator = [
   }
 ]
 
-const videoSubscriptonFeedsValidator = [
-  query('accountId').optional().custom(isIdValid),
-  query('token').optional(),
+const videoSubscriptionFeedsValidator = [
+  query('accountId')
+    .custom(isIdValid),
 
-  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
-    logger.debug('Checking feeds parameters', { parameters: req.query })
+  query('token')
+    .custom(exists),
 
+  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
     if (areValidationErrors(req, res)) return
 
-    // a token alone is erroneous
-    if (req.query.token && !req.query.accountId) return
-    if (req.query.token && !await doesUserFeedTokenCorrespond(res.locals.account.userId, req.query.token, res)) return
+    if (!await doesAccountIdExist(req.query.accountId, res)) return
+    if (!await doesUserFeedTokenCorrespond(res.locals.account.userId, req.query.token, res)) return
 
     return next()
   }
 ]
 
 const videoCommentsFeedsValidator = [
-  query('videoId').optional().custom(isIdOrUUIDValid),
+  query('videoId')
+    .optional()
+    .customSanitizer(toCompleteUUID)
+    .custom(isIdOrUUIDValid),
 
   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
-    logger.debug('Checking feeds parameters', { parameters: req.query })
-
     if (areValidationErrors(req, res)) return
 
     if (req.query.videoId && (req.query.videoChannelId || req.query.videoChannelName)) {
-      return res.status(400).send({
-        message: 'videoId cannot be mixed with a channel filter'
-      }).end()
+      return res.fail({ message: 'videoId cannot be mixed with a channel filter' })
     }
 
-    if (req.query.videoId && !await doesVideoExist(req.query.videoId, res)) return
+    if (req.query.videoId) {
+      if (!await doesVideoExist(req.query.videoId, res)) return
+      if (!await checkCanSeeVideo({ req, res, paramId: req.query.videoId, video: res.locals.videoAll })) return
+    }
 
     return next()
   }
@@ -106,6 +127,6 @@ export {
   feedsFormatValidator,
   setFeedFormatContentType,
   videoFeedsValidator,
-  videoSubscriptonFeedsValidator,
+  videoSubscriptionFeedsValidator,
   videoCommentsFeedsValidator
 }