-import * as express from 'express'
+import express from 'express'
import { body, param, query } from 'express-validator'
import { MUserAccountUrl } from '@server/types/models'
-import { UserRight } from '../../../../shared'
-import { exists, isBooleanValid, isIdOrUUIDValid, isIdValid, toBooleanOrNull } from '../../../helpers/custom-validators/misc'
-import {
- doesVideoCommentExist,
- doesVideoCommentThreadExist,
- isValidVideoCommentText
-} from '../../../helpers/custom-validators/video-comments'
+import { HttpStatusCode, UserRight } from '@shared/models'
+import { exists, isBooleanValid, isIdValid, toBooleanOrNull } from '../../../helpers/custom-validators/misc'
+import { isValidVideoCommentText } from '../../../helpers/custom-validators/video-comments'
import { logger } from '../../../helpers/logger'
-import { doesVideoExist } from '../../../helpers/middlewares'
import { AcceptResult, isLocalVideoCommentReplyAccepted, isLocalVideoThreadAccepted } from '../../../lib/moderation'
import { Hooks } from '../../../lib/plugins/hooks'
import { MCommentOwnerVideoReply, MVideo, MVideoFullLight } from '../../../types/models/video'
-import { areValidationErrors } from '../utils'
-import { HttpStatusCode } from '../../../../shared/core-utils/miscs/http-error-codes'
+import {
+ areValidationErrors,
+ checkCanSeeVideoIfPrivate,
+ doesVideoCommentExist,
+ doesVideoCommentThreadExist,
+ doesVideoExist,
+ isValidVideoIdParam
+} from '../shared'
const listVideoCommentsValidator = [
query('isLocal')
]
const listVideoCommentThreadsValidator = [
- param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'),
+ isValidVideoIdParam('videoId'),
async (req: express.Request, res: express.Response, next: express.NextFunction) => {
logger.debug('Checking listVideoCommentThreads parameters.', { parameters: req.params })
if (areValidationErrors(req, res)) return
if (!await doesVideoExist(req.params.videoId, res, 'only-video')) return
+ if (!await checkCanSeeVideoIfPrivate(req, res, res.locals.onlyVideo)) return
+
return next()
}
]
const listVideoThreadCommentsValidator = [
- param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'),
- param('threadId').custom(isIdValid).not().isEmpty().withMessage('Should have a valid threadId'),
+ isValidVideoIdParam('videoId'),
+
+ param('threadId')
+ .custom(isIdValid).not().isEmpty().withMessage('Should have a valid threadId'),
async (req: express.Request, res: express.Response, next: express.NextFunction) => {
logger.debug('Checking listVideoThreadComments parameters.', { parameters: req.params })
if (!await doesVideoExist(req.params.videoId, res, 'only-video')) return
if (!await doesVideoCommentThreadExist(req.params.threadId, res.locals.onlyVideo, res)) return
+ if (!await checkCanSeeVideoIfPrivate(req, res, res.locals.onlyVideo)) return
+
return next()
}
]
const addVideoCommentThreadValidator = [
- param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'),
- body('text').custom(isValidVideoCommentText).not().isEmpty().withMessage('Should have a valid comment text'),
+ isValidVideoIdParam('videoId'),
+
+ body('text')
+ .custom(isValidVideoCommentText).not().isEmpty().withMessage('Should have a valid comment text'),
async (req: express.Request, res: express.Response, next: express.NextFunction) => {
logger.debug('Checking addVideoCommentThread parameters.', { parameters: req.params, body: req.body })
if (areValidationErrors(req, res)) return
if (!await doesVideoExist(req.params.videoId, res)) return
+
+ if (!await checkCanSeeVideoIfPrivate(req, res, res.locals.videoAll)) return
+
if (!isVideoCommentsEnabled(res.locals.videoAll, res)) return
if (!await isVideoCommentAccepted(req, res, res.locals.videoAll, false)) return
]
const addVideoCommentReplyValidator = [
- param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'),
+ isValidVideoIdParam('videoId'),
+
param('commentId').custom(isIdValid).not().isEmpty().withMessage('Should have a valid commentId'),
+
body('text').custom(isValidVideoCommentText).not().isEmpty().withMessage('Should have a valid comment text'),
async (req: express.Request, res: express.Response, next: express.NextFunction) => {
if (areValidationErrors(req, res)) return
if (!await doesVideoExist(req.params.videoId, res)) return
+
+ if (!await checkCanSeeVideoIfPrivate(req, res, res.locals.videoAll)) return
+
if (!isVideoCommentsEnabled(res.locals.videoAll, res)) return
if (!await doesVideoCommentExist(req.params.commentId, res.locals.videoAll, res)) return
if (!await isVideoCommentAccepted(req, res, res.locals.videoAll, true)) return
]
const videoCommentGetValidator = [
- param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'),
- param('commentId').custom(isIdValid).not().isEmpty().withMessage('Should have a valid commentId'),
+ isValidVideoIdParam('videoId'),
+
+ param('commentId')
+ .custom(isIdValid).not().isEmpty().withMessage('Should have a valid commentId'),
async (req: express.Request, res: express.Response, next: express.NextFunction) => {
logger.debug('Checking videoCommentGetValidator parameters.', { parameters: req.params })
]
const removeVideoCommentValidator = [
- param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'),
+ isValidVideoIdParam('videoId'),
+
param('commentId').custom(isIdValid).not().isEmpty().withMessage('Should have a valid commentId'),
async (req: express.Request, res: express.Response, next: express.NextFunction) => {
function isVideoCommentsEnabled (video: MVideo, res: express.Response) {
if (video.commentsEnabled !== true) {
- res.status(HttpStatusCode.CONFLICT_409)
- .json({ error: 'Video comments are disabled for this video.' })
-
+ res.fail({
+ status: HttpStatusCode.CONFLICT_409,
+ message: 'Video comments are disabled for this video.'
+ })
return false
}
function checkUserCanDeleteVideoComment (user: MUserAccountUrl, videoComment: MCommentOwnerVideoReply, res: express.Response) {
if (videoComment.isDeleted()) {
- res.status(HttpStatusCode.CONFLICT_409)
- .json({ error: 'This comment is already deleted' })
-
+ res.fail({
+ status: HttpStatusCode.CONFLICT_409,
+ message: 'This comment is already deleted'
+ })
return false
}
videoComment.accountId !== userAccount.id && // Not the comment owner
videoComment.Video.VideoChannel.accountId !== userAccount.id // Not the video owner
) {
- res.status(HttpStatusCode.FORBIDDEN_403)
- .json({ error: 'Cannot remove video comment of another user' })
-
+ res.fail({
+ status: HttpStatusCode.FORBIDDEN_403,
+ message: 'Cannot remove video comment of another user'
+ })
return false
}
if (!acceptedResult || acceptedResult.accepted !== true) {
logger.info('Refused local comment.', { acceptedResult, acceptParameters })
- res.status(HttpStatusCode.FORBIDDEN_403)
- .json({ error: acceptedResult?.errorMessage || 'Refused local comment' })
+ res.fail({
+ status: HttpStatusCode.FORBIDDEN_403,
+ message: acceptedResult?.errorMessage || 'Refused local comment'
+ })
return false
}
projects / github / Chocobozzz / PeerTube.git / blobdiff