X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=server%2Fmiddlewares%2Fvalidators%2Fshared%2Fvideos.ts;h=2c2ae381127f4294e3b42ef24cd5bff2f6b3d654;hb=83b1b7eaf1c04837f92de497e74895bee808eb83;hp=7f42a4893b841662e37f35e9a4c5439814ed5c23;hpb=c0e8b12e7fd554ba4d2ceb0c4900804c6a4c63ea;p=github%2FChocobozzz%2FPeerTube.git diff --git a/server/middlewares/validators/shared/videos.ts b/server/middlewares/validators/shared/videos.ts index 7f42a4893..2c2ae3811 100644 --- a/server/middlewares/validators/shared/videos.ts +++ b/server/middlewares/validators/shared/videos.ts @@ -1,30 +1,37 @@ -import { Response } from 'express' +import { Request, Response } from 'express' +import { isUUIDValid } from '@server/helpers/custom-validators/misc' import { loadVideo, VideoLoadType } from '@server/lib/model-loaders' +import { isAbleToUploadVideo } from '@server/lib/user' +import { authenticatePromise } from '@server/middlewares/auth' +import { VideoModel } from '@server/models/video/video' import { VideoChannelModel } from '@server/models/video/video-channel' import { VideoFileModel } from '@server/models/video/video-file' import { MUser, MUserAccountId, + MUserId, + MVideo, MVideoAccountLight, MVideoFormattableDetails, MVideoFullLight, MVideoId, MVideoImmutable, - MVideoThumbnail + MVideoThumbnail, + MVideoWithRights } from '@server/types/models' -import { HttpStatusCode } from '@shared/models' -import { UserRight } from '@shared/models' +import { HttpStatusCode, ServerErrorCode, UserRight, VideoPrivacy } from '@shared/models' async function doesVideoExist (id: number | string, res: Response, fetchType: VideoLoadType = 'all') { const userId = res.locals.oauth ? res.locals.oauth.token.User.id : undefined const video = await loadVideo(id, fetchType, userId) - if (video === null) { + if (!video) { res.fail({ status: HttpStatusCode.NOT_FOUND_404, message: 'Video not found' }) + return false } @@ -53,6 +60,8 @@ async function doesVideoExist (id: number | string, res: Response, fetchType: Vi return true } +// --------------------------------------------------------------------------- + async function doesVideoFileOfVideoExist (id: number, videoIdOrUUID: number | string, res: Response) { if (!await VideoFileModel.doesVideoExistForVideoFile(id, videoIdOrUUID)) { res.fail({ @@ -65,6 +74,8 @@ async function doesVideoFileOfVideoExist (id: number, videoIdOrUUID: number | st return true } +// --------------------------------------------------------------------------- + async function doesVideoChannelOfAccountExist (channelId: number, user: MUserAccountId, res: Response) { const videoChannel = await VideoChannelModel.loadAndPopulateAccount(channelId) @@ -90,6 +101,78 @@ async function doesVideoChannelOfAccountExist (channelId: number, user: MUserAcc return true } +// --------------------------------------------------------------------------- + +async function checkCanSeeVideo (options: { + req: Request + res: Response + paramId: string + video: MVideo + authenticateInQuery?: boolean // default false +}) { + const { req, res, video, paramId, authenticateInQuery = false } = options + + if (video.requiresAuth()) { + return checkCanSeeAuthVideo(req, res, video, authenticateInQuery) + } + + if (video.privacy === VideoPrivacy.UNLISTED) { + if (isUUIDValid(paramId)) return true + + return checkCanSeeAuthVideo(req, res, video, authenticateInQuery) + } + + if (video.privacy === VideoPrivacy.PUBLIC) return true + + throw new Error('Fatal error when checking video right ' + video.url) +} + +async function checkCanSeeAuthVideo (req: Request, res: Response, video: MVideoId | MVideoWithRights, authenticateInQuery = false) { + const fail = () => { + res.fail({ + status: HttpStatusCode.FORBIDDEN_403, + message: 'Cannot fetch information of private/internal/blocked video' + }) + + return false + } + + await authenticatePromise(req, res, authenticateInQuery) + + const user = res.locals.oauth?.token.User + if (!user) return fail() + + const videoWithRights = (video as MVideoWithRights).VideoChannel?.Account?.userId + ? video as MVideoWithRights + : await VideoModel.loadAndPopulateAccountAndServerAndTags(video.id) + + const privacy = videoWithRights.privacy + + if (privacy === VideoPrivacy.INTERNAL) { + // We know we have a user + return true + } + + const isOwnedByUser = videoWithRights.VideoChannel.Account.userId === user.id + + if (videoWithRights.isBlacklisted()) { + if (isOwnedByUser || user.hasRight(UserRight.MANAGE_VIDEO_BLACKLIST)) return true + + return fail() + } + + if (privacy === VideoPrivacy.PRIVATE || privacy === VideoPrivacy.UNLISTED) { + if (isOwnedByUser || user.hasRight(UserRight.SEE_ALL_VIDEOS)) return true + + return fail() + } + + // Should not happen + return fail() +} + +// --------------------------------------------------------------------------- + function checkUserCanManageVideo (user: MUser, video: MVideoAccountLight, right: UserRight, res: Response, onlyOwned = true) { // Retrieve the user who did the request if (onlyOwned && video.isOwned() === false) { @@ -117,9 +200,27 @@ function checkUserCanManageVideo (user: MUser, video: MVideoAccountLight, right: // --------------------------------------------------------------------------- +async function checkUserQuota (user: MUserId, videoFileSize: number, res: Response) { + if (await isAbleToUploadVideo(user.id, videoFileSize) === false) { + res.fail({ + status: HttpStatusCode.PAYLOAD_TOO_LARGE_413, + message: 'The user video quota is exceeded with this video.', + type: ServerErrorCode.QUOTA_REACHED + }) + return false + } + + return true +} + +// --------------------------------------------------------------------------- + export { doesVideoChannelOfAccountExist, doesVideoExist, doesVideoFileOfVideoExist, - checkUserCanManageVideo + + checkUserCanManageVideo, + checkCanSeeVideo, + checkUserQuota }