X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=server%2Fmiddlewares%2Fvalidators%2Fvideos%2Fvideo-comments.ts;h=da2fafb10aaa32d6033244187b2fda2c5a72367a;hb=338eb9d33af690db716805fd2277bf68f473b58f;hp=ffde208b71209aa03b1e4c03e72a82330f64570e;hpb=0f6acda11681de90d38dd18669863c6e270851ee;p=github%2FChocobozzz%2FPeerTube.git diff --git a/server/middlewares/validators/videos/video-comments.ts b/server/middlewares/validators/videos/video-comments.ts index ffde208b7..da2fafb10 100644 --- a/server/middlewares/validators/videos/video-comments.ts +++ b/server/middlewares/validators/videos/video-comments.ts @@ -1,14 +1,16 @@ import * as express from 'express' -import { body, param } from 'express-validator/check' +import { body, param } from 'express-validator' import { UserRight } from '../../../../shared' import { isIdOrUUIDValid, isIdValid } from '../../../helpers/custom-validators/misc' import { isValidVideoCommentText } from '../../../helpers/custom-validators/video-comments' -import { doesVideoExist } from '../../../helpers/custom-validators/videos' import { logger } from '../../../helpers/logger' -import { UserModel } from '../../../models/account/user' -import { VideoModel } from '../../../models/video/video' import { VideoCommentModel } from '../../../models/video/video-comment' import { areValidationErrors } from '../utils' +import { Hooks } from '../../../lib/plugins/hooks' +import { AcceptResult, isLocalVideoCommentReplyAccepted, isLocalVideoThreadAccepted } from '../../../lib/moderation' +import { doesVideoExist } from '../../../helpers/middlewares' +import { MCommentOwner, MVideo, MVideoFullLight, MVideoId } from '../../../typings/models/video' +import { MUser } from '@server/typings/models' const listVideoCommentThreadsValidator = [ param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'), @@ -32,7 +34,7 @@ const listVideoThreadCommentsValidator = [ if (areValidationErrors(req, res)) return if (!await doesVideoExist(req.params.videoId, res, 'only-video')) return - if (!await doesVideoCommentThreadExist(req.params.threadId, res.locals.video, res)) return + if (!await doesVideoCommentThreadExist(req.params.threadId, res.locals.onlyVideo, res)) return return next() } @@ -47,7 +49,8 @@ const addVideoCommentThreadValidator = [ if (areValidationErrors(req, res)) return if (!await doesVideoExist(req.params.videoId, res)) return - if (!isVideoCommentsEnabled(res.locals.video, res)) return + if (!isVideoCommentsEnabled(res.locals.videoAll, res)) return + if (!await isVideoCommentAccepted(req, res, res.locals.videoAll, false)) return return next() } @@ -63,8 +66,9 @@ const addVideoCommentReplyValidator = [ if (areValidationErrors(req, res)) return if (!await doesVideoExist(req.params.videoId, res)) return - if (!isVideoCommentsEnabled(res.locals.video, res)) return - if (!await doesVideoCommentExist(req.params.commentId, res.locals.video, res)) return + if (!isVideoCommentsEnabled(res.locals.videoAll, res)) return + if (!await doesVideoCommentExist(req.params.commentId, res.locals.videoAll, res)) return + if (!await isVideoCommentAccepted(req, res, res.locals.videoAll, true)) return return next() } @@ -79,7 +83,7 @@ const videoCommentGetValidator = [ if (areValidationErrors(req, res)) return if (!await doesVideoExist(req.params.videoId, res, 'id')) return - if (!await doesVideoCommentExist(req.params.commentId, res.locals.video, res)) return + if (!await doesVideoCommentExist(req.params.commentId, res.locals.videoId, res)) return return next() } @@ -94,10 +98,10 @@ const removeVideoCommentValidator = [ if (areValidationErrors(req, res)) return if (!await doesVideoExist(req.params.videoId, res)) return - if (!await doesVideoCommentExist(req.params.commentId, res.locals.video, res)) return + if (!await doesVideoCommentExist(req.params.commentId, res.locals.videoAll, res)) return // Check if the user who did the request is able to delete the video - if (!checkUserCanDeleteVideoComment(res.locals.oauth.token.User, res.locals.videoComment, res)) return + if (!checkUserCanDeleteVideoComment(res.locals.oauth.token.User, res.locals.videoCommentFull, res)) return return next() } @@ -116,7 +120,8 @@ export { // --------------------------------------------------------------------------- -async function doesVideoCommentThreadExist (id: number, video: VideoModel, res: express.Response) { +async function doesVideoCommentThreadExist (idArg: number | string, video: MVideoId, res: express.Response) { + const id = parseInt(idArg + '', 10) const videoComment = await VideoCommentModel.loadById(id) if (!videoComment) { @@ -129,7 +134,7 @@ async function doesVideoCommentThreadExist (id: number, video: VideoModel, res: if (videoComment.videoId !== video.id) { res.status(400) - .json({ error: 'Video comment is associated to this video.' }) + .json({ error: 'Video comment is not associated to this video.' }) .end() return false @@ -147,7 +152,8 @@ async function doesVideoCommentThreadExist (id: number, video: VideoModel, res: return true } -async function doesVideoCommentExist (id: number, video: VideoModel, res: express.Response) { +async function doesVideoCommentExist (idArg: number | string, video: MVideoId, res: express.Response) { + const id = parseInt(idArg + '', 10) const videoComment = await VideoCommentModel.loadByIdAndPopulateVideoAndAccountAndReply(id) if (!videoComment) { @@ -160,17 +166,17 @@ async function doesVideoCommentExist (id: number, video: VideoModel, res: expres if (videoComment.videoId !== video.id) { res.status(400) - .json({ error: 'Video comment is associated to this video.' }) + .json({ error: 'Video comment is not associated to this video.' }) .end() return false } - res.locals.videoComment = videoComment + res.locals.videoCommentFull = videoComment return true } -function isVideoCommentsEnabled (video: VideoModel, res: express.Response) { +function isVideoCommentsEnabled (video: MVideo, res: express.Response) { if (video.commentsEnabled !== true) { res.status(409) .json({ error: 'Video comments are disabled for this video.' }) @@ -182,7 +188,14 @@ function isVideoCommentsEnabled (video: VideoModel, res: express.Response) { return true } -function checkUserCanDeleteVideoComment (user: UserModel, videoComment: VideoCommentModel, res: express.Response) { +function checkUserCanDeleteVideoComment (user: MUser, videoComment: MCommentOwner, res: express.Response) { + if (videoComment.isDeleted()) { + res.status(409) + .json({ error: 'This comment is already deleted' }) + .end() + return false + } + const account = videoComment.Account if (user.hasRight(UserRight.REMOVE_ANY_VIDEO_COMMENT) === false && account.userId !== user.id) { res.status(403) @@ -193,3 +206,39 @@ function checkUserCanDeleteVideoComment (user: UserModel, videoComment: VideoCom return true } + +async function isVideoCommentAccepted (req: express.Request, res: express.Response, video: MVideoFullLight, isReply: boolean) { + const acceptParameters = { + video, + commentBody: req.body, + user: res.locals.oauth.token.User + } + + let acceptedResult: AcceptResult + + if (isReply) { + const acceptReplyParameters = Object.assign(acceptParameters, { parentComment: res.locals.videoCommentFull }) + + acceptedResult = await Hooks.wrapFun( + isLocalVideoCommentReplyAccepted, + acceptReplyParameters, + 'filter:api.video-comment-reply.create.accept.result' + ) + } else { + acceptedResult = await Hooks.wrapFun( + isLocalVideoThreadAccepted, + acceptParameters, + 'filter:api.video-thread.create.accept.result' + ) + } + + if (!acceptedResult || acceptedResult.accepted !== true) { + logger.info('Refused local comment.', { acceptedResult, acceptParameters }) + res.status(403) + .json({ error: acceptedResult.errorMessage || 'Refused local comment' }) + + return false + } + + return true +}