]> git.immae.eu Git - github/Chocobozzz/PeerTube.git/blobdiff - server/middlewares/validators/videos/videos.ts
projects / github / Chocobozzz / PeerTube.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge branch 'develop' into pr/1285
[github/Chocobozzz/PeerTube.git] / server / middlewares / validators / videos / videos.ts
diff --git a/server/middlewares/validators/videos/videos.ts b/server/middlewares/validators/videos/videos.ts
index 656d161d8ab5b14d731aa76e9f3326b696ed3557..159727e2856d11dea05aa172e414ac27ae30f56e 100644 (file)
--- a/server/middlewares/validators/videos/videos.ts
+++ b/server/middlewares/validators/videos/videos.ts
@@ -14,6 +14,7 @@ import {
 } from '../../../helpers/custom-validators/misc'
 import {
   checkUserCanManageVideo,
+  isVideoOriginallyPublishedAtValid,
   isScheduleVideoUpdatePrivacyValid,
   isVideoCategoryValid,
   isVideoChannelOfAccountExist,
@@ -31,8 +32,8 @@ import {
 } from '../../../helpers/custom-validators/videos'
 import { getDurationFromVideoFile } from '../../../helpers/ffmpeg-utils'
 import { logger } from '../../../helpers/logger'
-import { CONSTRAINTS_FIELDS } from '../../../initializers'
-import { authenticate } from '../../oauth'
+import { CONFIG, CONSTRAINTS_FIELDS } from '../../../initializers'
+import { authenticatePromiseIfNeeded } from '../../oauth'
 import { areValidationErrors } from '../utils'
 import { cleanUpReqFiles } from '../../../helpers/express-utils'
 import { VideoModel } from '../../../models/video/video'
@@ -43,6 +44,7 @@ import { VideoChangeOwnershipModel } from '../../../models/video/video-change-ow
 import { AccountModel } from '../../../models/account/account'
 import { VideoFetchType } from '../../../helpers/video'
 import { isNSFWQueryValid, isNumberArray, isStringArray } from '../../../helpers/custom-validators/search'
+import { getServerActor } from '../../../helpers/utils'
 
 const videosAddValidator = getCommonVideoAttributes().concat([
   body('videofile')
@@ -127,6 +129,31 @@ const videosUpdateValidator = getCommonVideoAttributes().concat([
   }
 ])
 
+async function checkVideoFollowConstraints (req: express.Request, res: express.Response, next: express.NextFunction) {
+  const video: VideoModel = res.locals.video
+
+  // Anybody can watch local videos
+  if (video.isOwned() === true) return next()
+
+  // Logged user
+  if (res.locals.oauth) {
+    // Users can search or watch remote videos
+    if (CONFIG.SEARCH.REMOTE_URI.USERS === true) return next()
+  }
+
+  // Anybody can search or watch remote videos
+  if (CONFIG.SEARCH.REMOTE_URI.ANONYMOUS === true) return next()
+
+  // Check our instance follows an actor that shared this video
+  const serverActor = await getServerActor()
+  if (await VideoModel.checkVideoHasInstanceFollow(video.id, serverActor.id) === true) return next()
+
+  return res.status(403)
+            .json({
+              error: 'Cannot get this video regarding follow constraints.'
+            })
+}
+
 const videosCustomGetValidator = (fetchType: VideoFetchType) => {
   return [
     param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
@@ -141,17 +168,20 @@ const videosCustomGetValidator = (fetchType: VideoFetchType) => {
 
       // Video private or blacklisted
       if (video.privacy === VideoPrivacy.PRIVATE || video.VideoBlacklist) {
-        return authenticate(req, res, () => {
-          const user: UserModel = res.locals.oauth.token.User
+        await authenticatePromiseIfNeeded(req, res)
+
+        const user: UserModel = res.locals.oauth ? res.locals.oauth.token.User : null
 
-          // Only the owner or a user that have blacklist rights can see the video
-          if (video.VideoChannel.Account.userId !== user.id && !user.hasRight(UserRight.MANAGE_VIDEO_BLACKLIST)) {
-            return res.status(403)
-                      .json({ error: 'Cannot get this private or blacklisted video.' })
-          }
+        // Only the owner or a user that have blacklist rights can see the video
+        if (
+          !user ||
+          (video.VideoChannel.Account.userId !== user.id && !user.hasRight(UserRight.MANAGE_VIDEO_BLACKLIST))
+        ) {
+          return res.status(403)
+                    .json({ error: 'Cannot get this private or blacklisted video.' })
+        }
 
-          return next()
-        })
+        return next()
       }
 
       // Video is public, anyone can access it
@@ -311,7 +341,14 @@ function getCommonVideoAttributes () {
       .optional()
       .toBoolean()
       .custom(isBooleanValid).withMessage('Should have comments enabled boolean'),
-
+    body('downloadEnabled')
+      .optional()
+      .toBoolean()
+      .custom(isBooleanValid).withMessage('Should have downloading enabled boolean'),
+    body('originallyPublishedAt')
+        .optional()
+        .customSanitizer(toValueOrNull)
+        .custom(isVideoOriginallyPublishedAtValid).withMessage('Should have a valid original publication date'),
     body('scheduleUpdate')
       .optional()
       .customSanitizer(toValueOrNull),
@@ -376,6 +413,7 @@ export {
   videosAddValidator,
   videosUpdateValidator,
   videosGetValidator,
+  checkVideoFollowConstraints,
   videosCustomGetValidator,
   videosRemoveValidator,
 
@@ -393,6 +431,8 @@ export {
 function areErrorsInScheduleUpdate (req: express.Request, res: express.Response) {
   if (req.body.scheduleUpdate) {
     if (!req.body.scheduleUpdate.updateAt) {
+      logger.warn('Invalid parameters: scheduleUpdate.updateAt is mandatory.')
+
       res.status(400)
          .json({ error: 'Schedule update at is mandatory.' })
 
ActivityPub-federated video streaming platform using P2P directly in your web browser