Allow users/visitors to search through an account's videos (#3589)

[github/Chocobozzz/PeerTube.git] / server / middlewares / validators / videos / video-live.ts

diff --git a/server/middlewares/validators/videos/video-live.ts b/server/middlewares/validators/videos/video-live.ts
index a4c364976703ac364ade5da28201cd0fd8bb4218..3a73e12725b1b13fd5b684d712d6a04c36875f99 100644 (file)
--- a/server/middlewares/validators/videos/video-live.ts
+++ b/server/middlewares/validators/videos/video-live.ts
@@ -1,31 +1,35 @@
 import * as express from 'express'
 import { body, param } from 'express-validator'
 import { checkUserCanManageVideo, doesVideoChannelOfAccountExist, doesVideoExist } from '@server/helpers/middlewares/videos'
-import { UserRight } from '@shared/models'
-import { isIdOrUUIDValid, isIdValid, toIntOrNull } from '../../../helpers/custom-validators/misc'
+import { VideoLiveModel } from '@server/models/video/video-live'
+import { ServerErrorCode, UserRight, VideoState } from '@shared/models'
+import { isBooleanValid, isIdOrUUIDValid, isIdValid, toBooleanOrNull, toIntOrNull } from '../../../helpers/custom-validators/misc'
 import { isVideoNameValid } from '../../../helpers/custom-validators/videos'
 import { cleanUpReqFiles } from '../../../helpers/express-utils'
 import { logger } from '../../../helpers/logger'
 import { CONFIG } from '../../../initializers/config'
 import { areValidationErrors } from '../utils'
 import { getCommonVideoEditAttributes } from './videos'
-import { VideoLiveModel } from '@server/models/video/video-live'
+import { VideoModel } from '@server/models/video/video'
+import { Hooks } from '@server/lib/plugins/hooks'
+import { isLocalLiveVideoAccepted } from '@server/lib/moderation'
+import { HttpStatusCode } from '@shared/core-utils/miscs/http-error-codes'
 
 const videoLiveGetValidator = [
   param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'),
 
   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
-    logger.debug('Checking videoLiveGetValidator parameters', { parameters: req.body })
+    logger.debug('Checking videoLiveGetValidator parameters', { parameters: req.params, user: res.locals.oauth.token.User.username })
 
     if (areValidationErrors(req, res)) return
     if (!await doesVideoExist(req.params.videoId, res, 'all')) return
 
-    // Check if the user who did the request is able to update the video
+    // Check if the user who did the request is able to get the live info
     const user = res.locals.oauth.token.User
-    if (!checkUserCanManageVideo(user, res.locals.videoAll, UserRight.UPDATE_ANY_VIDEO, res)) return
+    if (!checkUserCanManageVideo(user, res.locals.videoAll, UserRight.GET_ANY_LIVE, res, false)) return
 
     const videoLive = await VideoLiveModel.loadByVideoId(res.locals.videoAll.id)
-    if (!videoLive) return res.sendStatus(404)
+    if (!videoLive) return res.sendStatus(HttpStatusCode.NOT_FOUND_404)
 
     res.locals.videoLive = videoLive
 
@@ -41,26 +45,143 @@ const videoLiveAddValidator = getCommonVideoEditAttributes().concat([
   body('name')
     .custom(isVideoNameValid).withMessage('Should have a valid name'),
 
+  body('saveReplay')
+    .optional()
+    .customSanitizer(toBooleanOrNull)
+    .custom(isBooleanValid).withMessage('Should have a valid saveReplay attribute'),
+
+  body('permanentLive')
+    .optional()
+    .customSanitizer(toBooleanOrNull)
+    .custom(isBooleanValid).withMessage('Should have a valid permanentLive attribute'),
+
   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
     logger.debug('Checking videoLiveAddValidator parameters', { parameters: req.body })
 
+    if (areValidationErrors(req, res)) return cleanUpReqFiles(req)
+
     if (CONFIG.LIVE.ENABLED !== true) {
-      return res.status(403)
+      cleanUpReqFiles(req)
+
+      return res.status(HttpStatusCode.FORBIDDEN_403)
         .json({ error: 'Live is not enabled on this instance' })
     }
 
-    if (areValidationErrors(req, res)) return cleanUpReqFiles(req)
+    if (CONFIG.LIVE.ALLOW_REPLAY !== true && req.body.saveReplay === true) {
+      cleanUpReqFiles(req)
+
+      return res.status(HttpStatusCode.FORBIDDEN_403)
+        .json({ error: 'Saving live replay is not allowed instance' })
+    }
+
+    if (req.body.permanentLive && req.body.saveReplay) {
+      cleanUpReqFiles(req)
+
+      return res.status(HttpStatusCode.BAD_REQUEST_400)
+        .json({ error: 'Cannot set this live as permanent while saving its replay' })
+    }
 
     const user = res.locals.oauth.token.User
     if (!await doesVideoChannelOfAccountExist(req.body.channelId, user, res)) return cleanUpReqFiles(req)
 
+    if (CONFIG.LIVE.MAX_INSTANCE_LIVES !== -1) {
+      const totalInstanceLives = await VideoModel.countLocalLives()
+
+      if (totalInstanceLives >= CONFIG.LIVE.MAX_INSTANCE_LIVES) {
+        cleanUpReqFiles(req)
+
+        return res.status(HttpStatusCode.FORBIDDEN_403)
+          .json({
+            code: ServerErrorCode.MAX_INSTANCE_LIVES_LIMIT_REACHED,
+            error: 'Cannot create this live because the max instance lives limit is reached.'
+          })
+      }
+    }
+
+    if (CONFIG.LIVE.MAX_USER_LIVES !== -1) {
+      const totalUserLives = await VideoModel.countLivesOfAccount(user.Account.id)
+
+      if (totalUserLives >= CONFIG.LIVE.MAX_USER_LIVES) {
+        cleanUpReqFiles(req)
+
+        return res.status(HttpStatusCode.FORBIDDEN_403)
+          .json({
+            code: ServerErrorCode.MAX_USER_LIVES_LIMIT_REACHED,
+            error: 'Cannot create this live because the max user lives limit is reached.'
+          })
+      }
+    }
+
+    if (!await isLiveVideoAccepted(req, res)) return cleanUpReqFiles(req)
+
     return next()
   }
 ])
 
+const videoLiveUpdateValidator = [
+  body('saveReplay')
+    .optional()
+    .customSanitizer(toBooleanOrNull)
+    .custom(isBooleanValid).withMessage('Should have a valid saveReplay attribute'),
+
+  (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    logger.debug('Checking videoLiveUpdateValidator parameters', { parameters: req.body })
+
+    if (areValidationErrors(req, res)) return
+
+    if (req.body.permanentLive && req.body.saveReplay) {
+      return res.status(HttpStatusCode.BAD_REQUEST_400)
+        .json({ error: 'Cannot set this live as permanent while saving its replay' })
+    }
+
+    if (CONFIG.LIVE.ALLOW_REPLAY !== true && req.body.saveReplay === true) {
+      return res.status(HttpStatusCode.FORBIDDEN_403)
+        .json({ error: 'Saving live replay is not allowed instance' })
+    }
+
+    if (res.locals.videoAll.state !== VideoState.WAITING_FOR_LIVE) {
+      return res.status(HttpStatusCode.BAD_REQUEST_400)
+        .json({ error: 'Cannot update a live that has already started' })
+    }
+
+    // Check the user can manage the live
+    const user = res.locals.oauth.token.User
+    if (!checkUserCanManageVideo(user, res.locals.videoAll, UserRight.GET_ANY_LIVE, res)) return
+
+    return next()
+  }
+]
+
 // ---------------------------------------------------------------------------
 
 export {
   videoLiveAddValidator,
+  videoLiveUpdateValidator,
   videoLiveGetValidator
 }
+
+// ---------------------------------------------------------------------------
+
+async function isLiveVideoAccepted (req: express.Request, res: express.Response) {
+  // Check we accept this video
+  const acceptParameters = {
+    liveVideoBody: req.body,
+    user: res.locals.oauth.token.User
+  }
+  const acceptedResult = await Hooks.wrapFun(
+    isLocalLiveVideoAccepted,
+    acceptParameters,
+    'filter:api.live-video.create.accept.result'
+  )
+
+  if (!acceptedResult || acceptedResult.accepted !== true) {
+    logger.info('Refused local live video.', { acceptedResult, acceptParameters })
+
+    res.status(HttpStatusCode.FORBIDDEN_403)
+       .json({ error: acceptedResult.errorMessage || 'Refused local live video' })
+
+    return false
+  }
+
+  return true
+}