import { VideoChangeOwnershipAccept } from '../../../shared/models/videos/video-change-ownership-accept.model'
import { VideoChangeOwnershipModel } from '../../models/video/video-change-ownership'
import { AccountModel } from '../../models/account/account'
+import { VideoFetchType } from '../../helpers/video'
const videosAddValidator = getCommonVideoAttributes().concat([
body('videofile')
}
])
-const videosGetValidator = [
- param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
-
- async (req: express.Request, res: express.Response, next: express.NextFunction) => {
- logger.debug('Checking videosGet parameters', { parameters: req.params })
+const videosCustomGetValidator = (fetchType: VideoFetchType) => {
+ return [
+ param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
- if (areValidationErrors(req, res)) return
- if (!await isVideoExist(req.params.id, res)) return
+ async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+ logger.debug('Checking videosGet parameters', { parameters: req.params })
- const video: VideoModel = res.locals.video
+ if (areValidationErrors(req, res)) return
+ if (!await isVideoExist(req.params.id, res, fetchType)) return
- // Video private or blacklisted
- if (video.privacy === VideoPrivacy.PRIVATE || video.VideoBlacklist) {
- return authenticate(req, res, () => {
- const user: UserModel = res.locals.oauth.token.User
+ const video: VideoModel = res.locals.video
- // Only the owner or a user that have blacklist rights can see the video
- if (video.VideoChannel.Account.userId !== user.id && !user.hasRight(UserRight.MANAGE_VIDEO_BLACKLIST)) {
- return res.status(403)
- .json({ error: 'Cannot get this private or blacklisted video.' })
- .end()
- }
+ // Video private or blacklisted
+ if (video.privacy === VideoPrivacy.PRIVATE || video.VideoBlacklist) {
+ return authenticate(req, res, () => {
+ const user: UserModel = res.locals.oauth.token.User
- return next()
- })
+ // Only the owner or a user that have blacklist rights can see the video
+ if (video.VideoChannel.Account.userId !== user.id && !user.hasRight(UserRight.MANAGE_VIDEO_BLACKLIST)) {
+ return res.status(403)
+ .json({ error: 'Cannot get this private or blacklisted video.' })
+ .end()
+ }
- return
- }
+ return next()
+ })
+ }
- // Video is public, anyone can access it
- if (video.privacy === VideoPrivacy.PUBLIC) return next()
+ // Video is public, anyone can access it
+ if (video.privacy === VideoPrivacy.PUBLIC) return next()
- // Video is unlisted, check we used the uuid to fetch it
- if (video.privacy === VideoPrivacy.UNLISTED) {
- if (isUUIDValid(req.params.id)) return next()
+ // Video is unlisted, check we used the uuid to fetch it
+ if (video.privacy === VideoPrivacy.UNLISTED) {
+ if (isUUIDValid(req.params.id)) return next()
- // Don't leak this unlisted video
- return res.status(404).end()
+ // Don't leak this unlisted video
+ return res.status(404).end()
+ }
}
- }
-]
+ ]
+}
+
+const videosGetValidator = videosCustomGetValidator('all')
const videosRemoveValidator = [
param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
videosAddValidator,
videosUpdateValidator,
videosGetValidator,
+ videosCustomGetValidator,
videosRemoveValidator,
videosShareValidator,
projects / github / Chocobozzz / PeerTube.git / blobdiff