Cache AP video route for 5 seconds

[github/Chocobozzz/PeerTube.git] / server / middlewares / validators / video-comments.ts

diff --git a/server/middlewares/validators/video-comments.ts b/server/middlewares/validators/video-comments.ts
index 1d19fac58fd9c79d5b7c610feba2e512529ccc24..227bc1fca8f5bd798aeb2818e43f0e671680995a 100644 (file)
--- a/server/middlewares/validators/video-comments.ts
+++ b/server/middlewares/validators/video-comments.ts
@@ -1,9 +1,11 @@
 import * as express from 'express'
 import { body, param } from 'express-validator/check'
-import { logger } from '../../helpers'
+import { UserRight } from '../../../shared'
 import { isIdOrUUIDValid, isIdValid } from '../../helpers/custom-validators/misc'
 import { isValidVideoCommentText } from '../../helpers/custom-validators/video-comments'
 import { isVideoExist } from '../../helpers/custom-validators/videos'
+import { logger } from '../../helpers/logger'
+import { UserModel } from '../../models/account/user'
 import { VideoModel } from '../../models/video/video'
 import { VideoCommentModel } from '../../models/video/video-comment'
 import { areValidationErrors } from './utils'
@@ -41,10 +43,11 @@ const addVideoCommentThreadValidator = [
   body('text').custom(isValidVideoCommentText).not().isEmpty().withMessage('Should have a valid comment text'),
 
   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
-    logger.debug('Checking addVideoCommentThread parameters.', { parameters: req.params })
+    logger.debug('Checking addVideoCommentThread parameters.', { parameters: req.params, body: req.body })
 
     if (areValidationErrors(req, res)) return
     if (!await isVideoExist(req.params.videoId, res)) return
+    if (!isVideoCommentsEnabled(res.locals.video, res)) return
 
     return next()
   }
@@ -56,23 +59,59 @@ const addVideoCommentReplyValidator = [
   body('text').custom(isValidVideoCommentText).not().isEmpty().withMessage('Should have a valid comment text'),
 
   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
-    logger.debug('Checking addVideoCommentReply parameters.', { parameters: req.params })
+    logger.debug('Checking addVideoCommentReply parameters.', { parameters: req.params, body: req.body })
 
     if (areValidationErrors(req, res)) return
     if (!await isVideoExist(req.params.videoId, res)) return
+    if (!isVideoCommentsEnabled(res.locals.video, res)) return
     if (!await isVideoCommentExist(req.params.commentId, res.locals.video, res)) return
 
     return next()
   }
 ]
 
+const videoCommentGetValidator = [
+  param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'),
+  param('commentId').custom(isIdValid).not().isEmpty().withMessage('Should have a valid commentId'),
+
+  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    logger.debug('Checking videoCommentGetValidator parameters.', { parameters: req.params })
+
+    if (areValidationErrors(req, res)) return
+    if (!await isVideoExist(req.params.videoId, res)) return
+    if (!await isVideoCommentExist(req.params.commentId, res.locals.video, res)) return
+
+    return next()
+  }
+]
+
+const removeVideoCommentValidator = [
+  param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'),
+  param('commentId').custom(isIdValid).not().isEmpty().withMessage('Should have a valid commentId'),
+
+  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    logger.debug('Checking removeVideoCommentValidator parameters.', { parameters: req.params })
+
+    if (areValidationErrors(req, res)) return
+    if (!await isVideoExist(req.params.videoId, res)) return
+    if (!await isVideoCommentExist(req.params.commentId, res.locals.video, res)) return
+
+    // Check if the user who did the request is able to delete the video
+    if (!checkUserCanDeleteVideoComment(res.locals.oauth.token.User, res.locals.videoComment, res)) return
+
+    return next()
+  }
+]
+
 // ---------------------------------------------------------------------------
 
 export {
   listVideoCommentThreadsValidator,
   listVideoThreadCommentsValidator,
   addVideoCommentThreadValidator,
-  addVideoCommentReplyValidator
+  addVideoCommentReplyValidator,
+  videoCommentGetValidator,
+  removeVideoCommentValidator
 }
 
 // ---------------------------------------------------------------------------
@@ -109,7 +148,7 @@ async function isVideoCommentThreadExist (id: number, video: VideoModel, res: ex
 }
 
 async function isVideoCommentExist (id: number, video: VideoModel, res: express.Response) {
-  const videoComment = await VideoCommentModel.loadById(id)
+  const videoComment = await VideoCommentModel.loadByIdAndPopulateVideoAndAccountAndReply(id)
 
   if (!videoComment) {
     res.status(404)
@@ -130,3 +169,27 @@ async function isVideoCommentExist (id: number, video: VideoModel, res: express.
   res.locals.videoComment = videoComment
   return true
 }
+
+function isVideoCommentsEnabled (video: VideoModel, res: express.Response) {
+  if (video.commentsEnabled !== true) {
+    res.status(409)
+      .json({ error: 'Video comments are disabled for this video.' })
+      .end()
+
+    return false
+  }
+
+  return true
+}
+
+function checkUserCanDeleteVideoComment (user: UserModel, videoComment: VideoCommentModel, res: express.Response) {
+  const account = videoComment.Account
+  if (user.hasRight(UserRight.REMOVE_ANY_VIDEO_COMMENT) === false && account.userId !== user.id) {
+    res.status(403)
+      .json({ error: 'Cannot remove video comment of another user' })
+      .end()
+    return false
+  }
+
+  return true
+}