X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=server%2Fmiddlewares%2Fvalidators%2Fvideo-comments.ts;h=69385249923ce6214c44dfb8592930a8037dc820;hb=96f29c0f6d2e623fb088e88200934c5df8da9924;hp=5e1be00f23c187791114e817b0d6bcdb6092283b;hpb=bf1f650817dadfd5eeee9e5e0b6b6938c136e25d;p=github%2FChocobozzz%2FPeerTube.git diff --git a/server/middlewares/validators/video-comments.ts b/server/middlewares/validators/video-comments.ts index 5e1be00f2..693852499 100644 --- a/server/middlewares/validators/video-comments.ts +++ b/server/middlewares/validators/video-comments.ts @@ -1,9 +1,12 @@ import * as express from 'express' import { body, param } from 'express-validator/check' -import { logger } from '../../helpers' +import { UserRight } from '../../../shared' import { isIdOrUUIDValid, isIdValid } from '../../helpers/custom-validators/misc' import { isValidVideoCommentText } from '../../helpers/custom-validators/video-comments' import { isVideoExist } from '../../helpers/custom-validators/videos' +import { logger } from '../../helpers/logger' +import { UserModel } from '../../models/account/user' +import { VideoModel } from '../../models/video/video' import { VideoCommentModel } from '../../models/video/video-comment' import { areValidationErrors } from './utils' @@ -11,10 +14,10 @@ const listVideoCommentThreadsValidator = [ param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'), async (req: express.Request, res: express.Response, next: express.NextFunction) => { - logger.debug('Checking blacklistRemove parameters.', { parameters: req.params }) + logger.debug('Checking listVideoCommentThreads parameters.', { parameters: req.params }) if (areValidationErrors(req, res)) return - if (!await isVideoExist(req.params.videoId, res)) return + if (!await isVideoExist(req.params.videoId, res, 'only-video')) return return next() } @@ -25,11 +28,11 @@ const listVideoThreadCommentsValidator = [ param('threadId').custom(isIdValid).not().isEmpty().withMessage('Should have a valid threadId'), async (req: express.Request, res: express.Response, next: express.NextFunction) => { - logger.debug('Checking blacklistRemove parameters.', { parameters: req.params }) + logger.debug('Checking listVideoThreadComments parameters.', { parameters: req.params }) if (areValidationErrors(req, res)) return - if (!await isVideoExist(req.params.videoId, res)) return - if (!await isVideoCommentThreadExist(req.params.threadId, req.params.videoId, res)) return + if (!await isVideoExist(req.params.videoId, res, 'only-video')) return + if (!await isVideoCommentThreadExist(req.params.threadId, res.locals.video, res)) return return next() } @@ -40,10 +43,11 @@ const addVideoCommentThreadValidator = [ body('text').custom(isValidVideoCommentText).not().isEmpty().withMessage('Should have a valid comment text'), async (req: express.Request, res: express.Response, next: express.NextFunction) => { - logger.debug('Checking blacklistRemove parameters.', { parameters: req.params }) + logger.debug('Checking addVideoCommentThread parameters.', { parameters: req.params, body: req.body }) if (areValidationErrors(req, res)) return if (!await isVideoExist(req.params.videoId, res)) return + if (!isVideoCommentsEnabled(res.locals.video, res)) return return next() } @@ -55,11 +59,45 @@ const addVideoCommentReplyValidator = [ body('text').custom(isValidVideoCommentText).not().isEmpty().withMessage('Should have a valid comment text'), async (req: express.Request, res: express.Response, next: express.NextFunction) => { - logger.debug('Checking blacklistRemove parameters.', { parameters: req.params }) + logger.debug('Checking addVideoCommentReply parameters.', { parameters: req.params, body: req.body }) + + if (areValidationErrors(req, res)) return + if (!await isVideoExist(req.params.videoId, res)) return + if (!isVideoCommentsEnabled(res.locals.video, res)) return + if (!await isVideoCommentExist(req.params.commentId, res.locals.video, res)) return + + return next() + } +] + +const videoCommentGetValidator = [ + param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'), + param('commentId').custom(isIdValid).not().isEmpty().withMessage('Should have a valid commentId'), + + async (req: express.Request, res: express.Response, next: express.NextFunction) => { + logger.debug('Checking videoCommentGetValidator parameters.', { parameters: req.params }) + + if (areValidationErrors(req, res)) return + if (!await isVideoExist(req.params.videoId, res, 'id')) return + if (!await isVideoCommentExist(req.params.commentId, res.locals.video, res)) return + + return next() + } +] + +const removeVideoCommentValidator = [ + param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'), + param('commentId').custom(isIdValid).not().isEmpty().withMessage('Should have a valid commentId'), + + async (req: express.Request, res: express.Response, next: express.NextFunction) => { + logger.debug('Checking removeVideoCommentValidator parameters.', { parameters: req.params }) if (areValidationErrors(req, res)) return if (!await isVideoExist(req.params.videoId, res)) return - if (!await isVideoCommentExist(req.params.commentId, req.params.videoId, res)) return + if (!await isVideoCommentExist(req.params.commentId, res.locals.video, res)) return + + // Check if the user who did the request is able to delete the video + if (!checkUserCanDeleteVideoComment(res.locals.oauth.token.User, res.locals.videoComment, res)) return return next() } @@ -71,12 +109,14 @@ export { listVideoCommentThreadsValidator, listVideoThreadCommentsValidator, addVideoCommentThreadValidator, - addVideoCommentReplyValidator + addVideoCommentReplyValidator, + videoCommentGetValidator, + removeVideoCommentValidator } // --------------------------------------------------------------------------- -async function isVideoCommentThreadExist (id: number, videoId: number, res: express.Response) { +async function isVideoCommentThreadExist (id: number, video: VideoModel, res: express.Response) { const videoComment = await VideoCommentModel.loadById(id) if (!videoComment) { @@ -87,7 +127,7 @@ async function isVideoCommentThreadExist (id: number, videoId: number, res: expr return false } - if (videoComment.videoId !== videoId) { + if (videoComment.videoId !== video.id) { res.status(400) .json({ error: 'Video comment is associated to this video.' }) .end() @@ -107,8 +147,8 @@ async function isVideoCommentThreadExist (id: number, videoId: number, res: expr return true } -async function isVideoCommentExist (id: number, videoId: number, res: express.Response) { - const videoComment = await VideoCommentModel.loadById(id) +async function isVideoCommentExist (id: number, video: VideoModel, res: express.Response) { + const videoComment = await VideoCommentModel.loadByIdAndPopulateVideoAndAccountAndReply(id) if (!videoComment) { res.status(404) @@ -118,7 +158,7 @@ async function isVideoCommentExist (id: number, videoId: number, res: express.Re return false } - if (videoComment.videoId !== videoId) { + if (videoComment.videoId !== video.id) { res.status(400) .json({ error: 'Video comment is associated to this video.' }) .end() @@ -129,3 +169,27 @@ async function isVideoCommentExist (id: number, videoId: number, res: express.Re res.locals.videoComment = videoComment return true } + +function isVideoCommentsEnabled (video: VideoModel, res: express.Response) { + if (video.commentsEnabled !== true) { + res.status(409) + .json({ error: 'Video comments are disabled for this video.' }) + .end() + + return false + } + + return true +} + +function checkUserCanDeleteVideoComment (user: UserModel, videoComment: VideoCommentModel, res: express.Response) { + const account = videoComment.Account + if (user.hasRight(UserRight.REMOVE_ANY_VIDEO_COMMENT) === false && account.userId !== user.id) { + res.status(403) + .json({ error: 'Cannot remove video comment of another user' }) + .end() + return false + } + + return true +}