X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=server%2Fmiddlewares%2Fvalidators%2Fvideos%2Fvideo-imports.ts;h=72442aeb67e0b5ceb26fb1db5988847fa50c22b8;hb=cb0eda5602a21d1626a7face32de6153ed07b5f9;hp=5dc5db5338fd8250e6bcceb79d022ac9eb85a5ba;hpb=7cd1b12c19d0589d1d692ed0571ca0800f028aea;p=github%2FChocobozzz%2FPeerTube.git diff --git a/server/middlewares/validators/videos/video-imports.ts b/server/middlewares/validators/videos/video-imports.ts index 5dc5db533..72442aeb6 100644 --- a/server/middlewares/validators/videos/video-imports.ts +++ b/server/middlewares/validators/videos/video-imports.ts @@ -1,26 +1,32 @@ -import * as express from 'express' -import { body } from 'express-validator' +import express from 'express' +import { body, param, query } from 'express-validator' +import { isResolvingToUnicastOnly } from '@server/helpers/dns' +import { isPreImportVideoAccepted } from '@server/lib/moderation' +import { Hooks } from '@server/lib/plugins/hooks' +import { MUserAccountId, MVideoImport } from '@server/types/models' +import { forceNumber } from '@shared/core-utils' +import { HttpStatusCode, UserRight, VideoImportState } from '@shared/models' +import { VideoImportCreate } from '@shared/models/videos/import/video-import-create.model' import { isIdValid, toIntOrNull } from '../../../helpers/custom-validators/misc' -import { logger } from '../../../helpers/logger' -import { areValidationErrors } from '../utils' -import { getCommonVideoEditAttributes } from './videos' import { isVideoImportTargetUrlValid, isVideoImportTorrentFile } from '../../../helpers/custom-validators/video-imports' -import { cleanUpReqFiles } from '../../../helpers/express-utils' import { isVideoMagnetUriValid, isVideoNameValid } from '../../../helpers/custom-validators/videos' +import { cleanUpReqFiles } from '../../../helpers/express-utils' +import { logger } from '../../../helpers/logger' import { CONFIG } from '../../../initializers/config' import { CONSTRAINTS_FIELDS } from '../../../initializers/constants' -import { doesVideoChannelOfAccountExist } from '../../../helpers/middlewares' +import { areValidationErrors, doesVideoChannelOfAccountExist, doesVideoImportExist } from '../shared' +import { getCommonVideoEditAttributes } from './videos' const videoImportAddValidator = getCommonVideoEditAttributes().concat([ body('channelId') .customSanitizer(toIntOrNull) - .custom(isIdValid).withMessage('Should have correct video channel id'), + .custom(isIdValid), body('targetUrl') .optional() - .custom(isVideoImportTargetUrlValid).withMessage('Should have a valid video import target URL'), + .custom(isVideoImportTargetUrlValid), body('magnetUri') .optional() - .custom(isVideoMagnetUriValid).withMessage('Should have a valid video magnet URI'), + .custom(isVideoMagnetUriValid), body('torrentfile') .custom((value, { req }) => isVideoImportTorrentFile(req.files)) .withMessage( @@ -29,28 +35,32 @@ const videoImportAddValidator = getCommonVideoEditAttributes().concat([ ), body('name') .optional() - .custom(isVideoNameValid).withMessage('Should have a valid name'), + .custom(isVideoNameValid).withMessage( + `Should have a video name between ${CONSTRAINTS_FIELDS.VIDEOS.NAME.min} and ${CONSTRAINTS_FIELDS.VIDEOS.NAME.max} characters long` + ), async (req: express.Request, res: express.Response, next: express.NextFunction) => { - logger.debug('Checking videoImportAddValidator parameters', { parameters: req.body }) - const user = res.locals.oauth.token.User - const torrentFile = req.files && req.files['torrentfile'] ? req.files['torrentfile'][0] : undefined + const torrentFile = req.files?.['torrentfile'] ? req.files['torrentfile'][0] : undefined if (areValidationErrors(req, res)) return cleanUpReqFiles(req) - if (req.body.targetUrl && CONFIG.IMPORT.VIDEOS.HTTP.ENABLED !== true) { + if (CONFIG.IMPORT.VIDEOS.HTTP.ENABLED !== true && req.body.targetUrl) { cleanUpReqFiles(req) - return res.status(409) - .json({ error: 'HTTP import is not enabled on this instance.' }) - .end() + + return res.fail({ + status: HttpStatusCode.CONFLICT_409, + message: 'HTTP import is not enabled on this instance.' + }) } if (CONFIG.IMPORT.VIDEOS.TORRENT.ENABLED !== true && (req.body.magnetUri || torrentFile)) { cleanUpReqFiles(req) - return res.status(409) - .json({ error: 'Torrent/magnet URI import is not enabled on this instance.' }) - .end() + + return res.fail({ + status: HttpStatusCode.CONFLICT_409, + message: 'Torrent/magnet URI import is not enabled on this instance.' + }) } if (!await doesVideoChannelOfAccountExist(req.body.channelId, user, res)) return cleanUpReqFiles(req) @@ -59,19 +69,131 @@ const videoImportAddValidator = getCommonVideoEditAttributes().concat([ if (!req.body.targetUrl && !req.body.magnetUri && !torrentFile) { cleanUpReqFiles(req) - return res.status(400) - .json({ error: 'Should have a magnetUri or a targetUrl or a torrent file.' }) - .end() + return res.fail({ message: 'Should have a magnetUri or a targetUrl or a torrent file.' }) + } + + if (req.body.targetUrl) { + const hostname = new URL(req.body.targetUrl).hostname + + if (await isResolvingToUnicastOnly(hostname) !== true) { + cleanUpReqFiles(req) + + return res.fail({ + status: HttpStatusCode.FORBIDDEN_403, + message: 'Cannot use non unicast IP as targetUrl.' + }) + } } + if (!await isImportAccepted(req, res)) return cleanUpReqFiles(req) + return next() } ]) +const getMyVideoImportsValidator = [ + query('videoChannelSyncId') + .optional() + .custom(isIdValid), + + (req: express.Request, res: express.Response, next: express.NextFunction) => { + if (areValidationErrors(req, res)) return + + return next() + } +] + +const videoImportDeleteValidator = [ + param('id') + .custom(isIdValid), + + async (req: express.Request, res: express.Response, next: express.NextFunction) => { + if (areValidationErrors(req, res)) return + + if (!await doesVideoImportExist(parseInt(req.params.id), res)) return + if (!checkUserCanManageImport(res.locals.oauth.token.user, res.locals.videoImport, res)) return + + if (res.locals.videoImport.state === VideoImportState.PENDING) { + return res.fail({ + status: HttpStatusCode.CONFLICT_409, + message: 'Cannot delete a pending video import. Cancel it or wait for the end of the import first.' + }) + } + + return next() + } +] + +const videoImportCancelValidator = [ + param('id') + .custom(isIdValid), + + async (req: express.Request, res: express.Response, next: express.NextFunction) => { + if (areValidationErrors(req, res)) return + + if (!await doesVideoImportExist(forceNumber(req.params.id), res)) return + if (!checkUserCanManageImport(res.locals.oauth.token.user, res.locals.videoImport, res)) return + + if (res.locals.videoImport.state !== VideoImportState.PENDING) { + return res.fail({ + status: HttpStatusCode.CONFLICT_409, + message: 'Cannot cancel a non pending video import.' + }) + } + + return next() + } +] + // --------------------------------------------------------------------------- export { - videoImportAddValidator + videoImportAddValidator, + videoImportCancelValidator, + videoImportDeleteValidator, + getMyVideoImportsValidator } // --------------------------------------------------------------------------- + +async function isImportAccepted (req: express.Request, res: express.Response) { + const body: VideoImportCreate = req.body + const hookName = body.targetUrl + ? 'filter:api.video.pre-import-url.accept.result' + : 'filter:api.video.pre-import-torrent.accept.result' + + // Check we accept this video + const acceptParameters = { + videoImportBody: body, + user: res.locals.oauth.token.User + } + const acceptedResult = await Hooks.wrapFun( + isPreImportVideoAccepted, + acceptParameters, + hookName + ) + + if (!acceptedResult || acceptedResult.accepted !== true) { + logger.info('Refused to import video.', { acceptedResult, acceptParameters }) + + res.fail({ + status: HttpStatusCode.FORBIDDEN_403, + message: acceptedResult.errorMessage || 'Refused to import video' + }) + return false + } + + return true +} + +function checkUserCanManageImport (user: MUserAccountId, videoImport: MVideoImport, res: express.Response) { + if (user.hasRight(UserRight.MANAGE_VIDEO_IMPORTS) === false && videoImport.userId !== user.id) { + res.fail({ + status: HttpStatusCode.FORBIDDEN_403, + message: 'Cannot manage video import of another user' + }) + return false + } + + return true +}