X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=server%2Fmiddlewares%2Fvalidators%2Fvideo-channels.ts;h=143ce95829ac6157b5413279ffb93f11033c3c5e;hb=a76138ff56ad3ad2df926f59578a06b22fb1f93c;hp=f0ead24e3d5395676c21e0637c5861d45729b6b8;hpb=608624252466acf9f1d9ee1c1170bd4fe4d18d18;p=github%2FChocobozzz%2FPeerTube.git diff --git a/server/middlewares/validators/video-channels.ts b/server/middlewares/validators/video-channels.ts index f0ead24e3..143ce9582 100644 --- a/server/middlewares/validators/video-channels.ts +++ b/server/middlewares/validators/video-channels.ts @@ -1,97 +1,102 @@ -import { body, param } from 'express-validator/check' import * as express from 'express' - -import { checkErrors } from './utils' -import { database as db } from '../../initializers' +import { body, param } from 'express-validator/check' +import { UserRight } from '../../../shared' +import { isAccountNameWithHostExist } from '../../helpers/custom-validators/accounts' +import { isIdOrUUIDValid } from '../../helpers/custom-validators/misc' import { - logger, - isIdOrUUIDValid, isVideoChannelDescriptionValid, + isVideoChannelExist, isVideoChannelNameValid, - checkVideoChannelExists, - checkVideoAccountExists -} from '../../helpers' -import { UserInstance } from '../../models' -import { UserRight } from '../../../shared' + isVideoChannelSupportValid +} from '../../helpers/custom-validators/video-channels' +import { logger } from '../../helpers/logger' +import { UserModel } from '../../models/account/user' +import { VideoChannelModel } from '../../models/video/video-channel' +import { areValidationErrors } from './utils' const listVideoAccountChannelsValidator = [ - param('accountId').custom(isIdOrUUIDValid).withMessage('Should have a valid account id'), + param('accountName').exists().withMessage('Should have a valid account name'), - (req: express.Request, res: express.Response, next: express.NextFunction) => { + async (req: express.Request, res: express.Response, next: express.NextFunction) => { logger.debug('Checking listVideoAccountChannelsValidator parameters', { parameters: req.body }) - checkErrors(req, res, () => { - checkVideoAccountExists(req.params.accountId, res, next) - }) + if (areValidationErrors(req, res)) return + if (!await isAccountNameWithHostExist(req.params.accountName, res)) return + + return next() } ] const videoChannelsAddValidator = [ - body('name').custom(isVideoChannelNameValid).withMessage('Should have a valid name'), - body('description').custom(isVideoChannelDescriptionValid).withMessage('Should have a valid description'), + body('displayName').custom(isVideoChannelNameValid).withMessage('Should have a valid display name'), + body('description').optional().custom(isVideoChannelDescriptionValid).withMessage('Should have a valid description'), + body('support').optional().custom(isVideoChannelSupportValid).withMessage('Should have a valid support text'), (req: express.Request, res: express.Response, next: express.NextFunction) => { logger.debug('Checking videoChannelsAdd parameters', { parameters: req.body }) - checkErrors(req, res, next) + if (areValidationErrors(req, res)) return + + return next() } ] const videoChannelsUpdateValidator = [ param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), - body('name').optional().custom(isVideoChannelNameValid).withMessage('Should have a valid name'), + body('displayName').optional().custom(isVideoChannelNameValid).withMessage('Should have a valid display name'), body('description').optional().custom(isVideoChannelDescriptionValid).withMessage('Should have a valid description'), + body('support').optional().custom(isVideoChannelSupportValid).withMessage('Should have a valid support text'), - (req: express.Request, res: express.Response, next: express.NextFunction) => { + async (req: express.Request, res: express.Response, next: express.NextFunction) => { logger.debug('Checking videoChannelsUpdate parameters', { parameters: req.body }) - checkErrors(req, res, () => { - checkVideoChannelExists(req.params.id, res, () => { - // We need to make additional checks - if (res.locals.videoChannel.isOwned() === false) { - return res.status(403) - .json({ error: 'Cannot update video channel of another server' }) - .end() - } - - if (res.locals.videoChannel.Account.userId !== res.locals.oauth.token.User.id) { - return res.status(403) - .json({ error: 'Cannot update video channel of another user' }) - .end() - } - - next() - }) - }) + if (areValidationErrors(req, res)) return + if (!await isVideoChannelExist(req.params.id, res)) return + + // We need to make additional checks + if (res.locals.videoChannel.Actor.isOwned() === false) { + return res.status(403) + .json({ error: 'Cannot update video channel of another server' }) + .end() + } + + if (res.locals.videoChannel.Account.userId !== res.locals.oauth.token.User.id) { + return res.status(403) + .json({ error: 'Cannot update video channel of another user' }) + .end() + } + + return next() } ] const videoChannelsRemoveValidator = [ param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), - (req: express.Request, res: express.Response, next: express.NextFunction) => { + async (req: express.Request, res: express.Response, next: express.NextFunction) => { logger.debug('Checking videoChannelsRemove parameters', { parameters: req.params }) - checkErrors(req, res, () => { - checkVideoChannelExists(req.params.id, res, () => { - // Check if the user who did the request is able to delete the video - checkUserCanDeleteVideoChannel(res, () => { - checkVideoChannelIsNotTheLastOne(res, next) - }) - }) - }) + if (areValidationErrors(req, res)) return + if (!await isVideoChannelExist(req.params.id, res)) return + + if (!checkUserCanDeleteVideoChannel(res.locals.oauth.token.User, res.locals.videoChannel, res)) return + if (!await checkVideoChannelIsNotTheLastOne(res)) return + + return next() } ] -const videoChannelGetValidator = [ +const videoChannelsGetValidator = [ param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), - (req: express.Request, res: express.Response, next: express.NextFunction) => { + async (req: express.Request, res: express.Response, next: express.NextFunction) => { logger.debug('Checking videoChannelsGet parameters', { parameters: req.params }) - checkErrors(req, res, () => { - checkVideoChannelExists(req.params.id, res, next) - }) + if (areValidationErrors(req, res)) return + + if (!await isVideoChannelExist(req.params.id, res)) return + + return next() } ] @@ -102,43 +107,44 @@ export { videoChannelsAddValidator, videoChannelsUpdateValidator, videoChannelsRemoveValidator, - videoChannelGetValidator + videoChannelsGetValidator } // --------------------------------------------------------------------------- -function checkUserCanDeleteVideoChannel (res: express.Response, callback: () => void) { - const user: UserInstance = res.locals.oauth.token.User - - // Retrieve the user who did the request - if (res.locals.videoChannel.isOwned() === false) { - return res.status(403) +function checkUserCanDeleteVideoChannel (user: UserModel, videoChannel: VideoChannelModel, res: express.Response) { + if (videoChannel.Actor.isOwned() === false) { + res.status(403) .json({ error: 'Cannot remove video channel of another server.' }) .end() + + return false } // Check if the user can delete the video channel // The user can delete it if s/he is an admin // Or if s/he is the video channel's account - if (user.hasRight(UserRight.REMOVE_ANY_VIDEO_CHANNEL) === false && res.locals.videoChannel.Account.userId !== user.id) { - return res.status(403) + if (user.hasRight(UserRight.REMOVE_ANY_VIDEO_CHANNEL) === false && videoChannel.Account.userId !== user.id) { + res.status(403) .json({ error: 'Cannot remove video channel of another user' }) .end() + + return false } - // If we reach this comment, we can delete the video - callback() + return true } -function checkVideoChannelIsNotTheLastOne (res: express.Response, callback: () => void) { - db.VideoChannel.countByAccount(res.locals.oauth.token.User.Account.id) - .then(count => { - if (count <= 1) { - return res.status(409) - .json({ error: 'Cannot remove the last channel of this user' }) - .end() - } - - callback() - }) +async function checkVideoChannelIsNotTheLastOne (res: express.Response) { + const count = await VideoChannelModel.countByAccount(res.locals.oauth.token.User.Account.id) + + if (count <= 1) { + res.status(409) + .json({ error: 'Cannot remove the last channel of this user' }) + .end() + + return false + } + + return true }