]> git.immae.eu Git - github/Chocobozzz/PeerTube.git/blobdiff - server/middlewares/validators/videos/video-playlists.ts
projects / github / Chocobozzz / PeerTube.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Don't inject untrusted input
[github/Chocobozzz/PeerTube.git] / server / middlewares / validators / videos / video-playlists.ts
diff --git a/server/middlewares/validators/videos/video-playlists.ts b/server/middlewares/validators/videos/video-playlists.ts
index 42e6646f9a43759a1266a237f010a5b08d414b77..e4b7e5c56920c45b90d96f415001f10ac29b69f2 100644 (file)
--- a/server/middlewares/validators/videos/video-playlists.ts
+++ b/server/middlewares/validators/videos/video-playlists.ts
@@ -2,6 +2,7 @@ import express from 'express'
 import { body, param, query, ValidationChain } from 'express-validator'
 import { ExpressPromiseHandler } from '@server/types/express-handler'
 import { MUserAccountId } from '@server/types/models'
+import { forceNumber } from '@shared/core-utils'
 import {
   HttpStatusCode,
   UserRight,
@@ -29,7 +30,6 @@ import {
 } from '../../../helpers/custom-validators/video-playlists'
 import { isVideoImageValid } from '../../../helpers/custom-validators/videos'
 import { cleanUpReqFiles } from '../../../helpers/express-utils'
-import { logger } from '../../../helpers/logger'
 import { CONSTRAINTS_FIELDS } from '../../../initializers/constants'
 import { VideoPlaylistElementModel } from '../../../models/video/video-playlist-element'
 import { MVideoPlaylist } from '../../../types/models/video/video-playlist'
@@ -48,8 +48,6 @@ const videoPlaylistsAddValidator = getCommonPlaylistEditAttributes().concat([
     .custom(isVideoPlaylistNameValid),
 
   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
-    logger.debug('Checking videoPlaylistsAddValidator parameters', { parameters: req.body })
-
     if (areValidationErrors(req, res)) return cleanUpReqFiles(req)
 
     const body: VideoPlaylistCreate = req.body
@@ -76,8 +74,6 @@ const videoPlaylistsUpdateValidator = getCommonPlaylistEditAttributes().concat([
     .custom(isVideoPlaylistNameValid),
 
   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
-    logger.debug('Checking videoPlaylistsUpdateValidator parameters', { parameters: req.body })
-
     if (areValidationErrors(req, res)) return cleanUpReqFiles(req)
 
     if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return cleanUpReqFiles(req)
@@ -118,8 +114,6 @@ const videoPlaylistsDeleteValidator = [
   isValidPlaylistIdParam('playlistId'),
 
   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
-    logger.debug('Checking videoPlaylistsDeleteValidator parameters', { parameters: req.params })
-
     if (areValidationErrors(req, res)) return
 
     if (!await doesVideoPlaylistExist(req.params.playlistId, res)) return
@@ -142,8 +136,6 @@ const videoPlaylistsGetValidator = (fetchType: VideoPlaylistFetchType) => {
     isValidPlaylistIdParam('playlistId'),
 
     async (req: express.Request, res: express.Response, next: express.NextFunction) => {
-      logger.debug('Checking videoPlaylistsGetValidator parameters', { parameters: req.params })
-
       if (areValidationErrors(req, res)) return
 
       if (!await doesVideoPlaylistExist(req.params.playlistId, res, fetchType)) return
@@ -189,8 +181,6 @@ const videoPlaylistsSearchValidator = [
     .not().isEmpty(),
 
   (req: express.Request, res: express.Response, next: express.NextFunction) => {
-    logger.debug('Checking videoPlaylists search query', { parameters: req.query })
-
     if (areValidationErrors(req, res)) return
 
     return next()
@@ -211,8 +201,6 @@ const videoPlaylistsAddVideoValidator = [
     .custom(isVideoPlaylistTimestampValid),
 
   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
-    logger.debug('Checking videoPlaylistsAddVideoValidator parameters', { parameters: req.params })
-
     if (areValidationErrors(req, res)) return
 
     if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return
@@ -241,8 +229,6 @@ const videoPlaylistsUpdateOrRemoveVideoValidator = [
     .custom(isVideoPlaylistTimestampValid),
 
   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
-    logger.debug('Checking videoPlaylistsRemoveVideoValidator parameters', { parameters: req.params })
-
     if (areValidationErrors(req, res)) return
 
     if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return
@@ -271,11 +257,9 @@ const videoPlaylistElementAPGetValidator = [
     .custom(isIdValid),
 
   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
-    logger.debug('Checking videoPlaylistElementAPGetValidator parameters', { parameters: req.params })
-
     if (areValidationErrors(req, res)) return
 
-    const playlistElementId = parseInt(req.params.playlistElementId + '', 10)
+    const playlistElementId = forceNumber(req.params.playlistElementId)
     const playlistId = req.params.playlistId
 
     const videoPlaylistElement = await VideoPlaylistElementModel.loadByPlaylistAndElementIdForAP(playlistId, playlistElementId)
@@ -312,8 +296,6 @@ const videoPlaylistsReorderVideosValidator = [
     .isInt({ min: 1 }),
 
   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
-    logger.debug('Checking videoPlaylistsReorderVideosValidator parameters', { parameters: req.params })
-
     if (areValidationErrors(req, res)) return
 
     if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return
@@ -346,8 +328,6 @@ const commonVideoPlaylistFiltersValidator = [
     .custom(isVideoPlaylistTypeValid),
 
   (req: express.Request, res: express.Response, next: express.NextFunction) => {
-    logger.debug('Checking commonVideoPlaylistFiltersValidator parameters', { parameters: req.params })
-
     if (areValidationErrors(req, res)) return
 
     return next()
@@ -360,8 +340,6 @@ const doVideosInPlaylistExistValidator = [
     .custom(v => isArrayOf(v, isIdValid)).withMessage('Should have a valid video ids array'),
 
   (req: express.Request, res: express.Response, next: express.NextFunction) => {
-    logger.debug('Checking areVideosInPlaylistExistValidator parameters', { parameters: req.query })
-
     if (areValidationErrors(req, res)) return
 
     return next()
ActivityPub-federated video streaming platform using P2P directly in your web browser