Merge branch 'release/2.1.0' into develop

[github/Chocobozzz/PeerTube.git] / server / middlewares / validators / videos / video-comments.ts

diff --git a/server/middlewares/validators/videos/video-comments.ts b/server/middlewares/validators/videos/video-comments.ts
index ffde208b71209aa03b1e4c03e72a82330f64570e..da2fafb10aaa32d6033244187b2fda2c5a72367a 100644 (file)
--- a/server/middlewares/validators/videos/video-comments.ts
+++ b/server/middlewares/validators/videos/video-comments.ts
@@ -1,14 +1,16 @@
 import * as express from 'express'
-import { body, param } from 'express-validator/check'
+import { body, param } from 'express-validator'
 import { UserRight } from '../../../../shared'
 import { isIdOrUUIDValid, isIdValid } from '../../../helpers/custom-validators/misc'
 import { isValidVideoCommentText } from '../../../helpers/custom-validators/video-comments'
-import { doesVideoExist } from '../../../helpers/custom-validators/videos'
 import { logger } from '../../../helpers/logger'
-import { UserModel } from '../../../models/account/user'
-import { VideoModel } from '../../../models/video/video'
 import { VideoCommentModel } from '../../../models/video/video-comment'
 import { areValidationErrors } from '../utils'
+import { Hooks } from '../../../lib/plugins/hooks'
+import { AcceptResult, isLocalVideoCommentReplyAccepted, isLocalVideoThreadAccepted } from '../../../lib/moderation'
+import { doesVideoExist } from '../../../helpers/middlewares'
+import { MCommentOwner, MVideo, MVideoFullLight, MVideoId } from '../../../typings/models/video'
+import { MUser } from '@server/typings/models'
 
 const listVideoCommentThreadsValidator = [
   param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'),
@@ -32,7 +34,7 @@ const listVideoThreadCommentsValidator = [
 
     if (areValidationErrors(req, res)) return
     if (!await doesVideoExist(req.params.videoId, res, 'only-video')) return
-    if (!await doesVideoCommentThreadExist(req.params.threadId, res.locals.video, res)) return
+    if (!await doesVideoCommentThreadExist(req.params.threadId, res.locals.onlyVideo, res)) return
 
     return next()
   }
@@ -47,7 +49,8 @@ const addVideoCommentThreadValidator = [
 
     if (areValidationErrors(req, res)) return
     if (!await doesVideoExist(req.params.videoId, res)) return
-    if (!isVideoCommentsEnabled(res.locals.video, res)) return
+    if (!isVideoCommentsEnabled(res.locals.videoAll, res)) return
+    if (!await isVideoCommentAccepted(req, res, res.locals.videoAll, false)) return
 
     return next()
   }
@@ -63,8 +66,9 @@ const addVideoCommentReplyValidator = [
 
     if (areValidationErrors(req, res)) return
     if (!await doesVideoExist(req.params.videoId, res)) return
-    if (!isVideoCommentsEnabled(res.locals.video, res)) return
-    if (!await doesVideoCommentExist(req.params.commentId, res.locals.video, res)) return
+    if (!isVideoCommentsEnabled(res.locals.videoAll, res)) return
+    if (!await doesVideoCommentExist(req.params.commentId, res.locals.videoAll, res)) return
+    if (!await isVideoCommentAccepted(req, res, res.locals.videoAll, true)) return
 
     return next()
   }
@@ -79,7 +83,7 @@ const videoCommentGetValidator = [
 
     if (areValidationErrors(req, res)) return
     if (!await doesVideoExist(req.params.videoId, res, 'id')) return
-    if (!await doesVideoCommentExist(req.params.commentId, res.locals.video, res)) return
+    if (!await doesVideoCommentExist(req.params.commentId, res.locals.videoId, res)) return
 
     return next()
   }
@@ -94,10 +98,10 @@ const removeVideoCommentValidator = [
 
     if (areValidationErrors(req, res)) return
     if (!await doesVideoExist(req.params.videoId, res)) return
-    if (!await doesVideoCommentExist(req.params.commentId, res.locals.video, res)) return
+    if (!await doesVideoCommentExist(req.params.commentId, res.locals.videoAll, res)) return
 
     // Check if the user who did the request is able to delete the video
-    if (!checkUserCanDeleteVideoComment(res.locals.oauth.token.User, res.locals.videoComment, res)) return
+    if (!checkUserCanDeleteVideoComment(res.locals.oauth.token.User, res.locals.videoCommentFull, res)) return
 
     return next()
   }
@@ -116,7 +120,8 @@ export {
 
 // ---------------------------------------------------------------------------
 
-async function doesVideoCommentThreadExist (id: number, video: VideoModel, res: express.Response) {
+async function doesVideoCommentThreadExist (idArg: number | string, video: MVideoId, res: express.Response) {
+  const id = parseInt(idArg + '', 10)
   const videoComment = await VideoCommentModel.loadById(id)
 
   if (!videoComment) {
@@ -129,7 +134,7 @@ async function doesVideoCommentThreadExist (id: number, video: VideoModel, res:
 
   if (videoComment.videoId !== video.id) {
     res.status(400)
-      .json({ error: 'Video comment is associated to this video.' })
+      .json({ error: 'Video comment is not associated to this video.' })
       .end()
 
     return false
@@ -147,7 +152,8 @@ async function doesVideoCommentThreadExist (id: number, video: VideoModel, res:
   return true
 }
 
-async function doesVideoCommentExist (id: number, video: VideoModel, res: express.Response) {
+async function doesVideoCommentExist (idArg: number | string, video: MVideoId, res: express.Response) {
+  const id = parseInt(idArg + '', 10)
   const videoComment = await VideoCommentModel.loadByIdAndPopulateVideoAndAccountAndReply(id)
 
   if (!videoComment) {
@@ -160,17 +166,17 @@ async function doesVideoCommentExist (id: number, video: VideoModel, res: expres
 
   if (videoComment.videoId !== video.id) {
     res.status(400)
-      .json({ error: 'Video comment is associated to this video.' })
+      .json({ error: 'Video comment is not associated to this video.' })
       .end()
 
     return false
   }
 
-  res.locals.videoComment = videoComment
+  res.locals.videoCommentFull = videoComment
   return true
 }
 
-function isVideoCommentsEnabled (video: VideoModel, res: express.Response) {
+function isVideoCommentsEnabled (video: MVideo, res: express.Response) {
   if (video.commentsEnabled !== true) {
     res.status(409)
       .json({ error: 'Video comments are disabled for this video.' })
@@ -182,7 +188,14 @@ function isVideoCommentsEnabled (video: VideoModel, res: express.Response) {
   return true
 }
 
-function checkUserCanDeleteVideoComment (user: UserModel, videoComment: VideoCommentModel, res: express.Response) {
+function checkUserCanDeleteVideoComment (user: MUser, videoComment: MCommentOwner, res: express.Response) {
+  if (videoComment.isDeleted()) {
+    res.status(409)
+      .json({ error: 'This comment is already deleted' })
+      .end()
+    return false
+  }
+
   const account = videoComment.Account
   if (user.hasRight(UserRight.REMOVE_ANY_VIDEO_COMMENT) === false && account.userId !== user.id) {
     res.status(403)
@@ -193,3 +206,39 @@ function checkUserCanDeleteVideoComment (user: UserModel, videoComment: VideoCom
 
   return true
 }
+
+async function isVideoCommentAccepted (req: express.Request, res: express.Response, video: MVideoFullLight, isReply: boolean) {
+  const acceptParameters = {
+    video,
+    commentBody: req.body,
+    user: res.locals.oauth.token.User
+  }
+
+  let acceptedResult: AcceptResult
+
+  if (isReply) {
+    const acceptReplyParameters = Object.assign(acceptParameters, { parentComment: res.locals.videoCommentFull })
+
+    acceptedResult = await Hooks.wrapFun(
+      isLocalVideoCommentReplyAccepted,
+      acceptReplyParameters,
+      'filter:api.video-comment-reply.create.accept.result'
+    )
+  } else {
+    acceptedResult = await Hooks.wrapFun(
+      isLocalVideoThreadAccepted,
+      acceptParameters,
+      'filter:api.video-thread.create.accept.result'
+    )
+  }
+
+  if (!acceptedResult || acceptedResult.accepted !== true) {
+    logger.info('Refused local comment.', { acceptedResult, acceptParameters })
+    res.status(403)
+              .json({ error: acceptedResult.errorMessage || 'Refused local comment' })
+
+    return false
+  }
+
+  return true
+}