-import * as express from 'express'
-import { body } from 'express-validator/check'
-import { isIdValid } from '../../../helpers/custom-validators/misc'
-import { logger } from '../../../helpers/logger'
-import { areValidationErrors } from '../utils'
-import { getCommonVideoEditAttributes } from './videos'
+import express from 'express'
+import { body, param } from 'express-validator'
+import { isValid as isIPValid, parse as parseIP } from 'ipaddr.js'
+import { isPreImportVideoAccepted } from '@server/lib/moderation'
+import { Hooks } from '@server/lib/plugins/hooks'
+import { MUserAccountId, MVideoImport } from '@server/types/models'
+import { HttpStatusCode, UserRight, VideoImportState } from '@shared/models'
+import { VideoImportCreate } from '@shared/models/videos/import/video-import-create.model'
+import { isIdValid, toIntOrNull } from '../../../helpers/custom-validators/misc'
import { isVideoImportTargetUrlValid, isVideoImportTorrentFile } from '../../../helpers/custom-validators/video-imports'
-import { cleanUpReqFiles } from '../../../helpers/express-utils'
import { isVideoMagnetUriValid, isVideoNameValid } from '../../../helpers/custom-validators/videos'
+import { cleanUpReqFiles } from '../../../helpers/express-utils'
+import { logger } from '../../../helpers/logger'
import { CONFIG } from '../../../initializers/config'
import { CONSTRAINTS_FIELDS } from '../../../initializers/constants'
-import { doesVideoChannelOfAccountExist } from '../../../helpers/middlewares'
+import { areValidationErrors, doesVideoChannelOfAccountExist, doesVideoImportExist } from '../shared'
+import { getCommonVideoEditAttributes } from './videos'
const videoImportAddValidator = getCommonVideoEditAttributes().concat([
body('channelId')
- .toInt()
+ .customSanitizer(toIntOrNull)
.custom(isIdValid).withMessage('Should have correct video channel id'),
body('targetUrl')
.optional()
.optional()
.custom(isVideoMagnetUriValid).withMessage('Should have a valid video magnet URI'),
body('torrentfile')
- .custom((value, { req }) => isVideoImportTorrentFile(req.files)).withMessage(
- 'This torrent file is not supported or too large. Please, make sure it is of the following type: '
- + CONSTRAINTS_FIELDS.VIDEO_IMPORTS.TORRENT_FILE.EXTNAME.join(', ')
- ),
+ .custom((value, { req }) => isVideoImportTorrentFile(req.files))
+ .withMessage(
+ 'This torrent file is not supported or too large. Please, make sure it is of the following type: ' +
+ CONSTRAINTS_FIELDS.VIDEO_IMPORTS.TORRENT_FILE.EXTNAME.join(', ')
+ ),
body('name')
.optional()
- .custom(isVideoNameValid).withMessage('Should have a valid name'),
+ .custom(isVideoNameValid).withMessage(
+ `Should have a video name between ${CONSTRAINTS_FIELDS.VIDEOS.NAME.min} and ${CONSTRAINTS_FIELDS.VIDEOS.NAME.max} characters long`
+ ),
async (req: express.Request, res: express.Response, next: express.NextFunction) => {
logger.debug('Checking videoImportAddValidator parameters', { parameters: req.body })
const user = res.locals.oauth.token.User
- const torrentFile = req.files && req.files['torrentfile'] ? req.files['torrentfile'][0] : undefined
+ const torrentFile = req.files?.['torrentfile'] ? req.files['torrentfile'][0] : undefined
if (areValidationErrors(req, res)) return cleanUpReqFiles(req)
- if (req.body.targetUrl && CONFIG.IMPORT.VIDEOS.HTTP.ENABLED !== true) {
+ if (CONFIG.IMPORT.VIDEOS.HTTP.ENABLED !== true && req.body.targetUrl) {
cleanUpReqFiles(req)
- return res.status(409)
- .json({ error: 'HTTP import is not enabled on this instance.' })
- .end()
+
+ return res.fail({
+ status: HttpStatusCode.CONFLICT_409,
+ message: 'HTTP import is not enabled on this instance.'
+ })
}
if (CONFIG.IMPORT.VIDEOS.TORRENT.ENABLED !== true && (req.body.magnetUri || torrentFile)) {
cleanUpReqFiles(req)
- return res.status(409)
- .json({ error: 'Torrent/magnet URI import is not enabled on this instance.' })
- .end()
+
+ return res.fail({
+ status: HttpStatusCode.CONFLICT_409,
+ message: 'Torrent/magnet URI import is not enabled on this instance.'
+ })
}
if (!await doesVideoChannelOfAccountExist(req.body.channelId, user, res)) return cleanUpReqFiles(req)
if (!req.body.targetUrl && !req.body.magnetUri && !torrentFile) {
cleanUpReqFiles(req)
- return res.status(400)
- .json({ error: 'Should have a magnetUri or a targetUrl or a torrent file.' })
- .end()
+ return res.fail({ message: 'Should have a magnetUri or a targetUrl or a torrent file.' })
}
+ if (req.body.targetUrl) {
+ const hostname = new URL(req.body.targetUrl).hostname
+
+ if (isIPValid(hostname)) {
+ const parsed = parseIP(hostname)
+
+ if (parsed.range() !== 'unicast') {
+ cleanUpReqFiles(req)
+
+ return res.fail({
+ status: HttpStatusCode.FORBIDDEN_403,
+ message: 'Cannot use non unicast IP as targetUrl.'
+ })
+ }
+ }
+ }
+
+ if (!await isImportAccepted(req, res)) return cleanUpReqFiles(req)
+
return next()
}
])
+const videoImportDeleteValidator = [
+ param('id')
+ .custom(isIdValid).withMessage('Should have correct import id'),
+
+ async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+ logger.debug('Checking videoImportDeleteValidator parameters', { parameters: req.params })
+
+ if (areValidationErrors(req, res)) return
+
+ if (!await doesVideoImportExist(parseInt(req.params.id), res)) return
+ if (!checkUserCanManageImport(res.locals.oauth.token.user, res.locals.videoImport, res)) return
+
+ if (res.locals.videoImport.state === VideoImportState.PENDING) {
+ return res.fail({
+ status: HttpStatusCode.CONFLICT_409,
+ message: 'Cannot delete a pending video import. Cancel it or wait for the end of the import first.'
+ })
+ }
+
+ return next()
+ }
+]
+
+const videoImportCancelValidator = [
+ param('id')
+ .custom(isIdValid).withMessage('Should have correct import id'),
+
+ async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+ logger.debug('Checking videoImportCancelValidator parameters', { parameters: req.params })
+
+ if (areValidationErrors(req, res)) return
+
+ if (!await doesVideoImportExist(parseInt(req.params.id), res)) return
+ if (!checkUserCanManageImport(res.locals.oauth.token.user, res.locals.videoImport, res)) return
+
+ if (res.locals.videoImport.state !== VideoImportState.PENDING) {
+ return res.fail({
+ status: HttpStatusCode.CONFLICT_409,
+ message: 'Cannot cancel a non pending video import.'
+ })
+ }
+
+ return next()
+ }
+]
+
// ---------------------------------------------------------------------------
export {
- videoImportAddValidator
+ videoImportAddValidator,
+ videoImportCancelValidator,
+ videoImportDeleteValidator
}
// ---------------------------------------------------------------------------
+
+async function isImportAccepted (req: express.Request, res: express.Response) {
+ const body: VideoImportCreate = req.body
+ const hookName = body.targetUrl
+ ? 'filter:api.video.pre-import-url.accept.result'
+ : 'filter:api.video.pre-import-torrent.accept.result'
+
+ // Check we accept this video
+ const acceptParameters = {
+ videoImportBody: body,
+ user: res.locals.oauth.token.User
+ }
+ const acceptedResult = await Hooks.wrapFun(
+ isPreImportVideoAccepted,
+ acceptParameters,
+ hookName
+ )
+
+ if (!acceptedResult || acceptedResult.accepted !== true) {
+ logger.info('Refused to import video.', { acceptedResult, acceptParameters })
+
+ res.fail({
+ status: HttpStatusCode.FORBIDDEN_403,
+ message: acceptedResult.errorMessage || 'Refused to import video'
+ })
+ return false
+ }
+
+ return true
+}
+
+function checkUserCanManageImport (user: MUserAccountId, videoImport: MVideoImport, res: express.Response) {
+ if (user.hasRight(UserRight.MANAGE_VIDEO_IMPORTS) === false && videoImport.userId !== user.id) {
+ res.fail({
+ status: HttpStatusCode.FORBIDDEN_403,
+ message: 'Cannot manage video import of another user'
+ })
+ return false
+ }
+
+ return true
+}
projects / github / Chocobozzz / PeerTube.git / blobdiff