import { ExpressPromiseHandler } from '@server/types/express-handler'
import { MUserAccountId, MVideoFullLight } from '@server/types/models'
import { getAllPrivacies } from '@shared/core-utils'
-import { HttpStatusCode, ServerErrorCode, UserRight, VideoInclude, VideoPrivacy } from '@shared/models'
+import { HttpStatusCode, ServerErrorCode, UserRight, VideoInclude } from '@shared/models'
import {
exists,
isBooleanValid,
isDateValid,
isFileValid,
isIdValid,
- isUUIDValid,
toArray,
toBooleanOrNull,
toIntOrNull,
import { VideoModel } from '../../../models/video/video'
import {
areValidationErrors,
- checkCanSeePrivateVideo,
+ checkCanSeeVideo,
checkUserCanManageVideo,
checkUserQuota,
doesVideoChannelOfAccountExist,
if (!await isVideoAccepted(req, res, file)) return cleanup()
- res.locals.videoFileResumable = file
+ res.locals.videoFileResumable = { ...file, originalname: file.filename }
return next()
}
const video = getVideoWithAttributes(res) as MVideoFullLight
- // Video private or blacklisted
- if (video.requiresAuth()) {
- if (await checkCanSeePrivateVideo(req, res, video, authenticateInQuery)) {
- return next()
- }
+ if (!await checkCanSeeVideo({ req, res, video, paramId: req.params.id, authenticateInQuery })) return
- return
- }
-
- // Video is public, anyone can access it
- if (video.privacy === VideoPrivacy.PUBLIC) return next()
-
- // Video is unlisted, check we used the uuid to fetch it
- if (video.privacy === VideoPrivacy.UNLISTED) {
- if (isUUIDValid(req.params.id)) return next()
-
- // Don't leak this unlisted video
- return res.fail({
- status: HttpStatusCode.NOT_FOUND_404,
- message: 'Video not found'
- })
- }
+ return next()
}
]
}
projects / github / Chocobozzz / PeerTube.git / blobdiff