X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=server%2Fmiddlewares%2Fvalidators%2Fvideos%2Fvideo-imports.ts;h=a3a5cc5315e5414de3da9b4e3b3c0cf00d6514dd;hb=419b520ca4434d17f3505013174e195c3a316716;hp=48d20f904c8228d5462f8a502811f621c286e54c;hpb=be0f59b4eec3c2c4dcd151e2b174be39dff1568e;p=github%2FChocobozzz%2FPeerTube.git

diff --git a/server/middlewares/validators/videos/video-imports.ts b/server/middlewares/validators/videos/video-imports.ts
index 48d20f904..a3a5cc531 100644
--- a/server/middlewares/validators/videos/video-imports.ts
+++ b/server/middlewares/validators/videos/video-imports.ts
@@ -1,18 +1,24 @@
-import * as express from 'express'
-import { body } from 'express-validator/check'
-import { isIdValid } from '../../../helpers/custom-validators/misc'
-import { logger } from '../../../helpers/logger'
-import { areValidationErrors } from '../utils'
-import { getCommonVideoAttributes } from './videos'
+import express from 'express'
+import { body, param } from 'express-validator'
+import { isValid as isIPValid, parse as parseIP } from 'ipaddr.js'
+import { isPreImportVideoAccepted } from '@server/lib/moderation'
+import { Hooks } from '@server/lib/plugins/hooks'
+import { MUserAccountId, MVideoImport } from '@server/types/models'
+import { HttpStatusCode, UserRight, VideoImportState } from '@shared/models'
+import { VideoImportCreate } from '@shared/models/videos/import/video-import-create.model'
+import { isIdValid, toIntOrNull } from '../../../helpers/custom-validators/misc'
 import { isVideoImportTargetUrlValid, isVideoImportTorrentFile } from '../../../helpers/custom-validators/video-imports'
+import { isVideoMagnetUriValid, isVideoNameValid } from '../../../helpers/custom-validators/videos'
 import { cleanUpReqFiles } from '../../../helpers/express-utils'
-import { isVideoChannelOfAccountExist, isVideoMagnetUriValid, isVideoNameValid } from '../../../helpers/custom-validators/videos'
-import { CONFIG } from '../../../initializers/constants'
-import { CONSTRAINTS_FIELDS } from '../../../initializers'
+import { logger } from '../../../helpers/logger'
+import { CONFIG } from '../../../initializers/config'
+import { CONSTRAINTS_FIELDS } from '../../../initializers/constants'
+import { areValidationErrors, doesVideoChannelOfAccountExist, doesVideoImportExist } from '../shared'
+import { getCommonVideoEditAttributes } from './videos'
 
-const videoImportAddValidator = getCommonVideoAttributes().concat([
+const videoImportAddValidator = getCommonVideoEditAttributes().concat([
   body('channelId')
-    .toInt()
+    .customSanitizer(toIntOrNull)
     .custom(isIdValid).withMessage('Should have correct video channel id'),
   body('targetUrl')
     .optional()
@@ -21,55 +27,169 @@ const videoImportAddValidator = getCommonVideoAttributes().concat([
     .optional()
     .custom(isVideoMagnetUriValid).withMessage('Should have a valid video magnet URI'),
   body('torrentfile')
-    .custom((value, { req }) => isVideoImportTorrentFile(req.files)).withMessage(
-    'This torrent file is not supported or too large. Please, make sure it is of the following type: '
-    + CONSTRAINTS_FIELDS.VIDEO_IMPORTS.TORRENT_FILE.EXTNAME.join(', ')
-  ),
+    .custom((value, { req }) => isVideoImportTorrentFile(req.files))
+    .withMessage(
+      'This torrent file is not supported or too large. Please, make sure it is of the following type: ' +
+      CONSTRAINTS_FIELDS.VIDEO_IMPORTS.TORRENT_FILE.EXTNAME.join(', ')
+    ),
   body('name')
     .optional()
-    .custom(isVideoNameValid).withMessage('Should have a valid name'),
+    .custom(isVideoNameValid).withMessage(
+      `Should have a video name between ${CONSTRAINTS_FIELDS.VIDEOS.NAME.min} and ${CONSTRAINTS_FIELDS.VIDEOS.NAME.max} characters long`
+    ),
 
   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
     logger.debug('Checking videoImportAddValidator parameters', { parameters: req.body })
 
     const user = res.locals.oauth.token.User
-    const torrentFile = req.files && req.files['torrentfile'] ? req.files['torrentfile'][0] : undefined
+    const torrentFile = req.files?.['torrentfile'] ? req.files['torrentfile'][0] : undefined
 
     if (areValidationErrors(req, res)) return cleanUpReqFiles(req)
 
-    if (req.body.targetUrl && CONFIG.IMPORT.VIDEOS.HTTP.ENABLED !== true) {
+    if (CONFIG.IMPORT.VIDEOS.HTTP.ENABLED !== true && req.body.targetUrl) {
       cleanUpReqFiles(req)
-      return res.status(409)
-        .json({ error: 'HTTP import is not enabled on this instance.' })
-        .end()
+
+      return res.fail({
+        status: HttpStatusCode.CONFLICT_409,
+        message: 'HTTP import is not enabled on this instance.'
+      })
     }
 
     if (CONFIG.IMPORT.VIDEOS.TORRENT.ENABLED !== true && (req.body.magnetUri || torrentFile)) {
       cleanUpReqFiles(req)
-      return res.status(409)
-                .json({ error: 'Torrent/magnet URI import is not enabled on this instance.' })
-                .end()
+
+      return res.fail({
+        status: HttpStatusCode.CONFLICT_409,
+        message: 'Torrent/magnet URI import is not enabled on this instance.'
+      })
     }
 
-    if (!await isVideoChannelOfAccountExist(req.body.channelId, user, res)) return cleanUpReqFiles(req)
+    if (!await doesVideoChannelOfAccountExist(req.body.channelId, user, res)) return cleanUpReqFiles(req)
 
     // Check we have at least 1 required param
     if (!req.body.targetUrl && !req.body.magnetUri && !torrentFile) {
       cleanUpReqFiles(req)
 
-      return res.status(400)
-        .json({ error: 'Should have a magnetUri or a targetUrl or a torrent file.' })
-        .end()
+      return res.fail({ message: 'Should have a magnetUri or a targetUrl or a torrent file.' })
     }
 
+    if (req.body.targetUrl) {
+      const hostname = new URL(req.body.targetUrl).hostname
+
+      if (isIPValid(hostname)) {
+        const parsed = parseIP(hostname)
+
+        if (parsed.range() !== 'unicast') {
+          cleanUpReqFiles(req)
+
+          return res.fail({
+            status: HttpStatusCode.FORBIDDEN_403,
+            message: 'Cannot use non unicast IP as targetUrl.'
+          })
+        }
+      }
+    }
+
+    if (!await isImportAccepted(req, res)) return cleanUpReqFiles(req)
+
     return next()
   }
 ])
 
+const videoImportDeleteValidator = [
+  param('id')
+    .custom(isIdValid).withMessage('Should have correct import id'),
+
+  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    logger.debug('Checking videoImportDeleteValidator parameters', { parameters: req.params })
+
+    if (areValidationErrors(req, res)) return
+
+    if (!await doesVideoImportExist(parseInt(req.params.id), res)) return
+    if (!checkUserCanManageImport(res.locals.oauth.token.user, res.locals.videoImport, res)) return
+
+    if (res.locals.videoImport.state === VideoImportState.PENDING) {
+      return res.fail({
+        status: HttpStatusCode.CONFLICT_409,
+        message: 'Cannot delete a pending video import. Cancel it or wait for the end of the import first.'
+      })
+    }
+
+    return next()
+  }
+]
+
+const videoImportCancelValidator = [
+  param('id')
+    .custom(isIdValid).withMessage('Should have correct import id'),
+
+  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    logger.debug('Checking videoImportCancelValidator parameters', { parameters: req.params })
+
+    if (areValidationErrors(req, res)) return
+
+    if (!await doesVideoImportExist(parseInt(req.params.id), res)) return
+    if (!checkUserCanManageImport(res.locals.oauth.token.user, res.locals.videoImport, res)) return
+
+    if (res.locals.videoImport.state !== VideoImportState.PENDING) {
+      return res.fail({
+        status: HttpStatusCode.CONFLICT_409,
+        message: 'Cannot cancel a non pending video import.'
+      })
+    }
+
+    return next()
+  }
+]
+
 // ---------------------------------------------------------------------------
 
 export {
-  videoImportAddValidator
+  videoImportAddValidator,
+  videoImportCancelValidator,
+  videoImportDeleteValidator
 }
 
 // ---------------------------------------------------------------------------
+
+async function isImportAccepted (req: express.Request, res: express.Response) {
+  const body: VideoImportCreate = req.body
+  const hookName = body.targetUrl
+    ? 'filter:api.video.pre-import-url.accept.result'
+    : 'filter:api.video.pre-import-torrent.accept.result'
+
+  // Check we accept this video
+  const acceptParameters = {
+    videoImportBody: body,
+    user: res.locals.oauth.token.User
+  }
+  const acceptedResult = await Hooks.wrapFun(
+    isPreImportVideoAccepted,
+    acceptParameters,
+    hookName
+  )
+
+  if (!acceptedResult || acceptedResult.accepted !== true) {
+    logger.info('Refused to import video.', { acceptedResult, acceptParameters })
+
+    res.fail({
+      status: HttpStatusCode.FORBIDDEN_403,
+      message: acceptedResult.errorMessage || 'Refused to import video'
+    })
+    return false
+  }
+
+  return true
+}
+
+function checkUserCanManageImport (user: MUserAccountId, videoImport: MVideoImport, res: express.Response) {
+  if (user.hasRight(UserRight.MANAGE_VIDEO_IMPORTS) === false && videoImport.userId !== user.id) {
+    res.fail({
+      status: HttpStatusCode.FORBIDDEN_403,
+      message: 'Cannot manage video import of another user'
+    })
+    return false
+  }
+
+  return true
+}