correct error codes and backward compat

[github/Chocobozzz/PeerTube.git] / server / middlewares / validators / videos / video-live.ts

diff --git a/server/middlewares/validators/videos/video-live.ts b/server/middlewares/validators/videos/video-live.ts
index 69200cb60d32db628ea6405a3e19c80aadd8e992..0fb864098eff81ce4c445fe06213775add8e7412 100644 (file)
--- a/server/middlewares/validators/videos/video-live.ts
+++ b/server/middlewares/validators/videos/video-live.ts
@@ -11,22 +11,31 @@ import { CONFIG } from '../../../initializers/config'
 import { areValidationErrors } from '../utils'
 import { getCommonVideoEditAttributes } from './videos'
 import { VideoModel } from '@server/models/video/video'
+import { Hooks } from '@server/lib/plugins/hooks'
+import { isLocalLiveVideoAccepted } from '@server/lib/moderation'
+import { HttpStatusCode } from '@shared/core-utils/miscs/http-error-codes'
+import { CONSTRAINTS_FIELDS } from '@server/initializers/constants'
 
 const videoLiveGetValidator = [
   param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'),
 
   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
-    logger.debug('Checking videoLiveGetValidator parameters', { parameters: req.body })
+    logger.debug('Checking videoLiveGetValidator parameters', { parameters: req.params, user: res.locals.oauth.token.User.username })
 
     if (areValidationErrors(req, res)) return
     if (!await doesVideoExist(req.params.videoId, res, 'all')) return
 
-    // Check if the user who did the request is able to update the video
+    // Check if the user who did the request is able to get the live info
     const user = res.locals.oauth.token.User
-    if (!checkUserCanManageVideo(user, res.locals.videoAll, UserRight.UPDATE_ANY_VIDEO, res)) return
+    if (!checkUserCanManageVideo(user, res.locals.videoAll, UserRight.GET_ANY_LIVE, res, false)) return
 
     const videoLive = await VideoLiveModel.loadByVideoId(res.locals.videoAll.id)
-    if (!videoLive) return res.sendStatus(404)
+    if (!videoLive) {
+      return res.fail({
+        status: HttpStatusCode.NOT_FOUND_404,
+        message: 'Live video not found'
+      })
+    }
 
     res.locals.videoLive = videoLive
 
@@ -40,31 +49,48 @@ const videoLiveAddValidator = getCommonVideoEditAttributes().concat([
     .custom(isIdValid).withMessage('Should have correct video channel id'),
 
   body('name')
-    .custom(isVideoNameValid).withMessage('Should have a valid name'),
+    .custom(isVideoNameValid).withMessage(
+      `Should have a video name between ${CONSTRAINTS_FIELDS.VIDEOS.NAME.min} and ${CONSTRAINTS_FIELDS.VIDEOS.NAME.max} characters long`
+    ),
 
   body('saveReplay')
     .optional()
     .customSanitizer(toBooleanOrNull)
     .custom(isBooleanValid).withMessage('Should have a valid saveReplay attribute'),
 
+  body('permanentLive')
+    .optional()
+    .customSanitizer(toBooleanOrNull)
+    .custom(isBooleanValid).withMessage('Should have a valid permanentLive attribute'),
+
   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
     logger.debug('Checking videoLiveAddValidator parameters', { parameters: req.body })
 
+    if (areValidationErrors(req, res)) return cleanUpReqFiles(req)
+
     if (CONFIG.LIVE.ENABLED !== true) {
       cleanUpReqFiles(req)
 
-      return res.status(403)
-        .json({ error: 'Live is not enabled on this instance' })
+      return res.fail({
+        status: HttpStatusCode.FORBIDDEN_403,
+        message: 'Live is not enabled on this instance'
+      })
     }
 
     if (CONFIG.LIVE.ALLOW_REPLAY !== true && req.body.saveReplay === true) {
       cleanUpReqFiles(req)
 
-      return res.status(403)
-        .json({ error: 'Saving live replay is not allowed instance' })
+      return res.fail({
+        status: HttpStatusCode.FORBIDDEN_403,
+        message: 'Saving live replay is not allowed instance'
+      })
     }
 
-    if (areValidationErrors(req, res)) return cleanUpReqFiles(req)
+    if (req.body.permanentLive && req.body.saveReplay) {
+      cleanUpReqFiles(req)
+
+      return res.fail({ message: 'Cannot set this live as permanent while saving its replay' })
+    }
 
     const user = res.locals.oauth.token.User
     if (!await doesVideoChannelOfAccountExist(req.body.channelId, user, res)) return cleanUpReqFiles(req)
@@ -75,11 +101,11 @@ const videoLiveAddValidator = getCommonVideoEditAttributes().concat([
       if (totalInstanceLives >= CONFIG.LIVE.MAX_INSTANCE_LIVES) {
         cleanUpReqFiles(req)
 
-        return res.status(403)
-          .json({
-            code: ServerErrorCode.MAX_INSTANCE_LIVES_LIMIT_REACHED,
-            error: 'Cannot create this live because the max instance lives limit is reached.'
-          })
+        return res.fail({
+          status: HttpStatusCode.FORBIDDEN_403,
+          message: 'Cannot create this live because the max instance lives limit is reached.',
+          type: ServerErrorCode.MAX_INSTANCE_LIVES_LIMIT_REACHED
+        })
       }
     }
 
@@ -89,14 +115,16 @@ const videoLiveAddValidator = getCommonVideoEditAttributes().concat([
       if (totalUserLives >= CONFIG.LIVE.MAX_USER_LIVES) {
         cleanUpReqFiles(req)
 
-        return res.status(403)
-          .json({
-            code: ServerErrorCode.MAX_USER_LIVES_LIMIT_REACHED,
-            error: 'Cannot create this live because the max user lives limit is reached.'
-          })
+        return res.fail({
+          status: HttpStatusCode.FORBIDDEN_403,
+          type: ServerErrorCode.MAX_USER_LIVES_LIMIT_REACHED,
+          message: 'Cannot create this live because the max user lives limit is reached.'
+        })
       }
     }
 
+    if (!await isLiveVideoAccepted(req, res)) return cleanUpReqFiles(req)
+
     return next()
   }
 ])
@@ -112,16 +140,25 @@ const videoLiveUpdateValidator = [
 
     if (areValidationErrors(req, res)) return
 
+    if (req.body.permanentLive && req.body.saveReplay) {
+      return res.fail({ message: 'Cannot set this live as permanent while saving its replay' })
+    }
+
     if (CONFIG.LIVE.ALLOW_REPLAY !== true && req.body.saveReplay === true) {
-      return res.status(403)
-        .json({ error: 'Saving live replay is not allowed instance' })
+      return res.fail({
+        status: HttpStatusCode.FORBIDDEN_403,
+        message: 'Saving live replay is not allowed instance'
+      })
     }
 
     if (res.locals.videoAll.state !== VideoState.WAITING_FOR_LIVE) {
-      return res.status(400)
-        .json({ error: 'Cannot update a live that has already started' })
+      return res.fail({ message: 'Cannot update a live that has already started' })
     }
 
+    // Check the user can manage the live
+    const user = res.locals.oauth.token.User
+    if (!checkUserCanManageVideo(user, res.locals.videoAll, UserRight.GET_ANY_LIVE, res)) return
+
     return next()
   }
 ]
@@ -133,3 +170,30 @@ export {
   videoLiveUpdateValidator,
   videoLiveGetValidator
 }
+
+// ---------------------------------------------------------------------------
+
+async function isLiveVideoAccepted (req: express.Request, res: express.Response) {
+  // Check we accept this video
+  const acceptParameters = {
+    liveVideoBody: req.body,
+    user: res.locals.oauth.token.User
+  }
+  const acceptedResult = await Hooks.wrapFun(
+    isLocalLiveVideoAccepted,
+    acceptParameters,
+    'filter:api.live-video.create.accept.result'
+  )
+
+  if (!acceptedResult || acceptedResult.accepted !== true) {
+    logger.info('Refused local live video.', { acceptedResult, acceptParameters })
+
+    res.fail({
+      status: HttpStatusCode.FORBIDDEN_403,
+      message: acceptedResult.errorMessage || 'Refused local live video'
+    })
+    return false
+  }
+
+  return true
+}