-import { Response } from 'express'
+import { Request, Response } from 'express'
import { loadVideo, VideoLoadType } from '@server/lib/model-loaders'
+import { isAbleToUploadVideo } from '@server/lib/user'
+import { VideoTokensManager } from '@server/lib/video-tokens-manager'
+import { authenticatePromise } from '@server/middlewares/auth'
+import { VideoModel } from '@server/models/video/video'
import { VideoChannelModel } from '@server/models/video/video-channel'
import { VideoFileModel } from '@server/models/video/video-file'
import {
MUser,
MUserAccountId,
+ MUserId,
+ MVideo,
MVideoAccountLight,
MVideoFormattableDetails,
MVideoFullLight,
MVideoThumbnail,
MVideoWithRights
} from '@server/types/models'
-import { HttpStatusCode } from '@shared/core-utils'
-import { UserRight } from '@shared/models'
+import { HttpStatusCode, ServerErrorCode, UserRight, VideoPrivacy } from '@shared/models'
async function doesVideoExist (id: number | string, res: Response, fetchType: VideoLoadType = 'all') {
const userId = res.locals.oauth ? res.locals.oauth.token.User.id : undefined
const video = await loadVideo(id, fetchType, userId)
- if (video === null) {
+ if (!video) {
res.fail({
status: HttpStatusCode.NOT_FOUND_404,
message: 'Video not found'
})
+
return false
}
return true
}
+// ---------------------------------------------------------------------------
+
async function doesVideoFileOfVideoExist (id: number, videoIdOrUUID: number | string, res: Response) {
if (!await VideoFileModel.doesVideoExistForVideoFile(id, videoIdOrUUID)) {
res.fail({
return true
}
+// ---------------------------------------------------------------------------
+
async function doesVideoChannelOfAccountExist (channelId: number, user: MUserAccountId, res: Response) {
const videoChannel = await VideoChannelModel.loadAndPopulateAccount(channelId)
return true
}
+// ---------------------------------------------------------------------------
+
+async function checkCanSeeVideo (options: {
+ req: Request
+ res: Response
+ paramId: string
+ video: MVideo
+}) {
+ const { req, res, video, paramId } = options
+
+ if (video.requiresAuth(paramId)) {
+ return checkCanSeeAuthVideo(req, res, video)
+ }
+
+ if (video.privacy === VideoPrivacy.UNLISTED || video.privacy === VideoPrivacy.PUBLIC) {
+ return true
+ }
+
+ throw new Error('Unknown video privacy when checking video right ' + video.url)
+}
+
+async function checkCanSeeAuthVideo (req: Request, res: Response, video: MVideoId | MVideoWithRights) {
+ const fail = () => {
+ res.fail({
+ status: HttpStatusCode.FORBIDDEN_403,
+ message: 'Cannot fetch information of private/internal/blocked video'
+ })
+
+ return false
+ }
+
+ await authenticatePromise(req, res)
+
+ const user = res.locals.oauth?.token.User
+ if (!user) return fail()
+
+ const videoWithRights = (video as MVideoWithRights).VideoChannel?.Account?.userId
+ ? video as MVideoWithRights
+ : await VideoModel.loadFull(video.id)
+
+ const privacy = videoWithRights.privacy
+
+ if (privacy === VideoPrivacy.INTERNAL) {
+ // We know we have a user
+ return true
+ }
+
+ const isOwnedByUser = videoWithRights.VideoChannel.Account.userId === user.id
+
+ if (videoWithRights.isBlacklisted()) {
+ if (isOwnedByUser || user.hasRight(UserRight.MANAGE_VIDEO_BLACKLIST)) return true
+
+ return fail()
+ }
+
+ if (privacy === VideoPrivacy.PRIVATE || privacy === VideoPrivacy.UNLISTED) {
+ if (isOwnedByUser || user.hasRight(UserRight.SEE_ALL_VIDEOS)) return true
+
+ return fail()
+ }
+
+ // Should not happen
+ return fail()
+}
+
+// ---------------------------------------------------------------------------
+
+async function checkCanAccessVideoStaticFiles (options: {
+ video: MVideo
+ req: Request
+ res: Response
+ paramId: string
+}) {
+ const { video, req, res, paramId } = options
+
+ if (res.locals.oauth?.token.User) {
+ return checkCanSeeVideo(options)
+ }
+
+ if (!video.requiresAuth(paramId)) return true
+
+ const videoFileToken = req.query.videoFileToken
+ if (!videoFileToken) {
+ res.sendStatus(HttpStatusCode.FORBIDDEN_403)
+ return false
+ }
+
+ if (VideoTokensManager.Instance.hasToken({ token: videoFileToken, videoUUID: video.uuid })) {
+ return true
+ }
+
+ res.sendStatus(HttpStatusCode.FORBIDDEN_403)
+ return false
+}
+
+// ---------------------------------------------------------------------------
+
function checkUserCanManageVideo (user: MUser, video: MVideoAccountLight, right: UserRight, res: Response, onlyOwned = true) {
// Retrieve the user who did the request
if (onlyOwned && video.isOwned() === false) {
// ---------------------------------------------------------------------------
+async function checkUserQuota (user: MUserId, videoFileSize: number, res: Response) {
+ if (await isAbleToUploadVideo(user.id, videoFileSize) === false) {
+ res.fail({
+ status: HttpStatusCode.PAYLOAD_TOO_LARGE_413,
+ message: 'The user video quota is exceeded with this video.',
+ type: ServerErrorCode.QUOTA_REACHED
+ })
+ return false
+ }
+
+ return true
+}
+
+// ---------------------------------------------------------------------------
+
export {
doesVideoChannelOfAccountExist,
doesVideoExist,
doesVideoFileOfVideoExist,
- checkUserCanManageVideo
+
+ checkCanAccessVideoStaticFiles,
+ checkUserCanManageVideo,
+ checkCanSeeVideo,
+ checkUserQuota
}