X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=server%2Fmiddlewares%2Fvalidators%2Fshared%2Fvideos.ts;h=2c2ae381127f4294e3b42ef24cd5bff2f6b3d654;hb=83b1b7eaf1c04837f92de497e74895bee808eb83;hp=1a22d651381c37f65358670510c6ad4254aa6b46;hpb=ca4b4b2e5590c1b37cff1fe1be7f797b93351229;p=github%2FChocobozzz%2FPeerTube.git diff --git a/server/middlewares/validators/shared/videos.ts b/server/middlewares/validators/shared/videos.ts index 1a22d6513..2c2ae3811 100644 --- a/server/middlewares/validators/shared/videos.ts +++ b/server/middlewares/validators/shared/videos.ts @@ -1,31 +1,37 @@ -import { Response } from 'express' +import { Request, Response } from 'express' +import { isUUIDValid } from '@server/helpers/custom-validators/misc' import { loadVideo, VideoLoadType } from '@server/lib/model-loaders' +import { isAbleToUploadVideo } from '@server/lib/user' +import { authenticatePromise } from '@server/middlewares/auth' +import { VideoModel } from '@server/models/video/video' import { VideoChannelModel } from '@server/models/video/video-channel' import { VideoFileModel } from '@server/models/video/video-file' import { MUser, MUserAccountId, + MUserId, + MVideo, MVideoAccountLight, MVideoFormattableDetails, MVideoFullLight, - MVideoIdThumbnail, + MVideoId, MVideoImmutable, MVideoThumbnail, MVideoWithRights } from '@server/types/models' -import { HttpStatusCode } from '@shared/core-utils' -import { UserRight } from '@shared/models' +import { HttpStatusCode, ServerErrorCode, UserRight, VideoPrivacy } from '@shared/models' async function doesVideoExist (id: number | string, res: Response, fetchType: VideoLoadType = 'all') { const userId = res.locals.oauth ? res.locals.oauth.token.User.id : undefined const video = await loadVideo(id, fetchType, userId) - if (video === null) { + if (!video) { res.fail({ status: HttpStatusCode.NOT_FOUND_404, message: 'Video not found' }) + return false } @@ -43,21 +49,19 @@ async function doesVideoExist (id: number | string, res: Response, fetchType: Vi break case 'id': - res.locals.videoId = video as MVideoIdThumbnail + res.locals.videoId = video as MVideoId break case 'only-video': res.locals.onlyVideo = video as MVideoThumbnail break - - case 'only-video-with-rights': - res.locals.onlyVideoWithRights = video as MVideoWithRights - break } return true } +// --------------------------------------------------------------------------- + async function doesVideoFileOfVideoExist (id: number, videoIdOrUUID: number | string, res: Response) { if (!await VideoFileModel.doesVideoExistForVideoFile(id, videoIdOrUUID)) { res.fail({ @@ -70,6 +74,8 @@ async function doesVideoFileOfVideoExist (id: number, videoIdOrUUID: number | st return true } +// --------------------------------------------------------------------------- + async function doesVideoChannelOfAccountExist (channelId: number, user: MUserAccountId, res: Response) { const videoChannel = await VideoChannelModel.loadAndPopulateAccount(channelId) @@ -95,6 +101,78 @@ async function doesVideoChannelOfAccountExist (channelId: number, user: MUserAcc return true } +// --------------------------------------------------------------------------- + +async function checkCanSeeVideo (options: { + req: Request + res: Response + paramId: string + video: MVideo + authenticateInQuery?: boolean // default false +}) { + const { req, res, video, paramId, authenticateInQuery = false } = options + + if (video.requiresAuth()) { + return checkCanSeeAuthVideo(req, res, video, authenticateInQuery) + } + + if (video.privacy === VideoPrivacy.UNLISTED) { + if (isUUIDValid(paramId)) return true + + return checkCanSeeAuthVideo(req, res, video, authenticateInQuery) + } + + if (video.privacy === VideoPrivacy.PUBLIC) return true + + throw new Error('Fatal error when checking video right ' + video.url) +} + +async function checkCanSeeAuthVideo (req: Request, res: Response, video: MVideoId | MVideoWithRights, authenticateInQuery = false) { + const fail = () => { + res.fail({ + status: HttpStatusCode.FORBIDDEN_403, + message: 'Cannot fetch information of private/internal/blocked video' + }) + + return false + } + + await authenticatePromise(req, res, authenticateInQuery) + + const user = res.locals.oauth?.token.User + if (!user) return fail() + + const videoWithRights = (video as MVideoWithRights).VideoChannel?.Account?.userId + ? video as MVideoWithRights + : await VideoModel.loadAndPopulateAccountAndServerAndTags(video.id) + + const privacy = videoWithRights.privacy + + if (privacy === VideoPrivacy.INTERNAL) { + // We know we have a user + return true + } + + const isOwnedByUser = videoWithRights.VideoChannel.Account.userId === user.id + + if (videoWithRights.isBlacklisted()) { + if (isOwnedByUser || user.hasRight(UserRight.MANAGE_VIDEO_BLACKLIST)) return true + + return fail() + } + + if (privacy === VideoPrivacy.PRIVATE || privacy === VideoPrivacy.UNLISTED) { + if (isOwnedByUser || user.hasRight(UserRight.SEE_ALL_VIDEOS)) return true + + return fail() + } + + // Should not happen + return fail() +} + +// --------------------------------------------------------------------------- + function checkUserCanManageVideo (user: MUser, video: MVideoAccountLight, right: UserRight, res: Response, onlyOwned = true) { // Retrieve the user who did the request if (onlyOwned && video.isOwned() === false) { @@ -122,9 +200,27 @@ function checkUserCanManageVideo (user: MUser, video: MVideoAccountLight, right: // --------------------------------------------------------------------------- +async function checkUserQuota (user: MUserId, videoFileSize: number, res: Response) { + if (await isAbleToUploadVideo(user.id, videoFileSize) === false) { + res.fail({ + status: HttpStatusCode.PAYLOAD_TOO_LARGE_413, + message: 'The user video quota is exceeded with this video.', + type: ServerErrorCode.QUOTA_REACHED + }) + return false + } + + return true +} + +// --------------------------------------------------------------------------- + export { doesVideoChannelOfAccountExist, doesVideoExist, doesVideoFileOfVideoExist, - checkUserCanManageVideo + + checkUserCanManageVideo, + checkCanSeeVideo, + checkUserQuota }