X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=server%2Fmiddlewares%2Fvalidators%2Fvideos%2Fvideo-playlists.ts;h=c7a6f68e30b2ff67cea59a1d8de71c5cd4fdecc7;hb=2d53be0267acc49cda46707b885096193a1f4e9c;hp=2c3f7e542c36fc0e8643fa74ae9afc0941878bc1;hpb=74dc3bca2b14f5fd3fe80c394dfc34177a46db77;p=github%2FChocobozzz%2FPeerTube.git diff --git a/server/middlewares/validators/videos/video-playlists.ts b/server/middlewares/validators/videos/video-playlists.ts index 2c3f7e542..c7a6f68e3 100644 --- a/server/middlewares/validators/videos/video-playlists.ts +++ b/server/middlewares/validators/videos/video-playlists.ts @@ -1,29 +1,40 @@ import * as express from 'express' -import { body, param, query, ValidationChain } from 'express-validator/check' +import { body, param, query, ValidationChain } from 'express-validator' import { UserRight, VideoPlaylistCreate, VideoPlaylistUpdate } from '../../../../shared' import { logger } from '../../../helpers/logger' -import { UserModel } from '../../../models/account/user' import { areValidationErrors } from '../utils' -import { doesVideoExist, isVideoImage } from '../../../helpers/custom-validators/videos' +import { isVideoImage } from '../../../helpers/custom-validators/videos' import { CONSTRAINTS_FIELDS } from '../../../initializers/constants' -import { isArrayOf, isIdOrUUIDValid, isIdValid, isUUIDValid, toIntArray, toValueOrNull } from '../../../helpers/custom-validators/misc' import { - doesVideoPlaylistExist, + isArrayOf, + isIdOrUUIDValid, + isIdValid, + isUUIDValid, + toIntArray, + toIntOrNull, + toValueOrNull +} from '../../../helpers/custom-validators/misc' +import { isVideoPlaylistDescriptionValid, isVideoPlaylistNameValid, isVideoPlaylistPrivacyValid, isVideoPlaylistTimestampValid, isVideoPlaylistTypeValid } from '../../../helpers/custom-validators/video-playlists' -import { VideoPlaylistModel } from '../../../models/video/video-playlist' import { cleanUpReqFiles } from '../../../helpers/express-utils' -import { doesVideoChannelIdExist } from '../../../helpers/custom-validators/video-channels' import { VideoPlaylistElementModel } from '../../../models/video/video-playlist-element' import { authenticatePromiseIfNeeded } from '../../oauth' import { VideoPlaylistPrivacy } from '../../../../shared/models/videos/playlist/video-playlist-privacy.model' import { VideoPlaylistType } from '../../../../shared/models/videos/playlist/video-playlist-type.model' +import { doesVideoChannelIdExist, doesVideoExist, doesVideoPlaylistExist, VideoPlaylistFetchType } from '../../../helpers/middlewares' +import { MVideoPlaylist } from '../../../types/models/video/video-playlist' +import { MUserAccountId } from '@server/types/models' +import { HttpStatusCode } from '../../../../shared/core-utils/miscs/http-error-codes' const videoPlaylistsAddValidator = getCommonPlaylistEditAttributes().concat([ + body('displayName') + .custom(isVideoPlaylistNameValid).withMessage('Should have a valid display name'), + async (req: express.Request, res: express.Response, next: express.NextFunction) => { logger.debug('Checking videoPlaylistsAddValidator parameters', { parameters: req.body }) @@ -34,7 +45,7 @@ const videoPlaylistsAddValidator = getCommonPlaylistEditAttributes().concat([ if (body.privacy === VideoPlaylistPrivacy.PUBLIC && !body.videoChannelId) { cleanUpReqFiles(req) - return res.status(400) + return res.status(HttpStatusCode.BAD_REQUEST_400) .json({ error: 'Cannot set "public" a playlist that is not assigned to a channel.' }) } @@ -46,6 +57,10 @@ const videoPlaylistsUpdateValidator = getCommonPlaylistEditAttributes().concat([ param('playlistId') .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'), + body('displayName') + .optional() + .custom(isVideoPlaylistNameValid).withMessage('Should have a valid display name'), + async (req: express.Request, res: express.Response, next: express.NextFunction) => { logger.debug('Checking videoPlaylistsUpdateValidator parameters', { parameters: req.body }) @@ -53,20 +68,14 @@ const videoPlaylistsUpdateValidator = getCommonPlaylistEditAttributes().concat([ if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return cleanUpReqFiles(req) - const videoPlaylist = res.locals.videoPlaylist + const videoPlaylist = getPlaylist(res) - if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, res.locals.videoPlaylist, UserRight.REMOVE_ANY_VIDEO_PLAYLIST, res)) { + if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.REMOVE_ANY_VIDEO_PLAYLIST, res)) { return cleanUpReqFiles(req) } const body: VideoPlaylistUpdate = req.body - if (videoPlaylist.privacy !== VideoPlaylistPrivacy.PRIVATE && body.privacy === VideoPlaylistPrivacy.PRIVATE) { - cleanUpReqFiles(req) - return res.status(400) - .json({ error: 'Cannot set "private" a video playlist that was not private.' }) - } - const newPrivacy = body.privacy || videoPlaylist.privacy if (newPrivacy === VideoPlaylistPrivacy.PUBLIC && ( @@ -75,13 +84,13 @@ const videoPlaylistsUpdateValidator = getCommonPlaylistEditAttributes().concat([ ) ) { cleanUpReqFiles(req) - return res.status(400) + return res.status(HttpStatusCode.BAD_REQUEST_400) .json({ error: 'Cannot set "public" a playlist that is not assigned to a channel.' }) } if (videoPlaylist.type === VideoPlaylistType.WATCH_LATER) { cleanUpReqFiles(req) - return res.status(400) + return res.status(HttpStatusCode.BAD_REQUEST_400) .json({ error: 'Cannot update a watch later playlist.' }) } @@ -102,13 +111,13 @@ const videoPlaylistsDeleteValidator = [ if (!await doesVideoPlaylistExist(req.params.playlistId, res)) return - const videoPlaylist = res.locals.videoPlaylist + const videoPlaylist = getPlaylist(res) if (videoPlaylist.type === VideoPlaylistType.WATCH_LATER) { - return res.status(400) + return res.status(HttpStatusCode.BAD_REQUEST_400) .json({ error: 'Cannot delete a watch later playlist.' }) } - if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, res.locals.videoPlaylist, UserRight.REMOVE_ANY_VIDEO_PLAYLIST, res)) { + if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.REMOVE_ANY_VIDEO_PLAYLIST, res)) { return } @@ -116,40 +125,55 @@ const videoPlaylistsDeleteValidator = [ } ] -const videoPlaylistsGetValidator = [ - param('playlistId') - .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'), +const videoPlaylistsGetValidator = (fetchType: VideoPlaylistFetchType) => { + return [ + param('playlistId') + .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'), - async (req: express.Request, res: express.Response, next: express.NextFunction) => { - logger.debug('Checking videoPlaylistsGetValidator parameters', { parameters: req.params }) + async (req: express.Request, res: express.Response, next: express.NextFunction) => { + logger.debug('Checking videoPlaylistsGetValidator parameters', { parameters: req.params }) - if (areValidationErrors(req, res)) return + if (areValidationErrors(req, res)) return - if (!await doesVideoPlaylistExist(req.params.playlistId, res)) return + if (!await doesVideoPlaylistExist(req.params.playlistId, res, fetchType)) return - const videoPlaylist = res.locals.videoPlaylist + const videoPlaylist = res.locals.videoPlaylistFull || res.locals.videoPlaylistSummary - // Video is unlisted, check we used the uuid to fetch it - if (videoPlaylist.privacy === VideoPlaylistPrivacy.UNLISTED) { - if (isUUIDValid(req.params.playlistId)) return next() + // Video is unlisted, check we used the uuid to fetch it + if (videoPlaylist.privacy === VideoPlaylistPrivacy.UNLISTED) { + if (isUUIDValid(req.params.playlistId)) return next() - return res.status(404).end() - } + return res.status(HttpStatusCode.NOT_FOUND_404).end() + } + + if (videoPlaylist.privacy === VideoPlaylistPrivacy.PRIVATE) { + await authenticatePromiseIfNeeded(req, res) + + const user = res.locals.oauth ? res.locals.oauth.token.User : null - if (videoPlaylist.privacy === VideoPlaylistPrivacy.PRIVATE) { - await authenticatePromiseIfNeeded(req, res) + if ( + !user || + (videoPlaylist.OwnerAccount.id !== user.Account.id && !user.hasRight(UserRight.UPDATE_ANY_VIDEO_PLAYLIST)) + ) { + return res.status(HttpStatusCode.FORBIDDEN_403) + .json({ error: 'Cannot get this private video playlist.' }) + } - const user = res.locals.oauth ? res.locals.oauth.token.User : null - if ( - !user || - (videoPlaylist.OwnerAccount.userId !== user.id && !user.hasRight(UserRight.UPDATE_ANY_VIDEO_PLAYLIST)) - ) { - return res.status(403) - .json({ error: 'Cannot get this private video playlist.' }) + return next() } return next() } + ] +} + +const videoPlaylistsSearchValidator = [ + query('search').optional().not().isEmpty().withMessage('Should have a valid search'), + + (req: express.Request, res: express.Response, next: express.NextFunction) => { + logger.debug('Checking videoPlaylists search query', { parameters: req.query }) + + if (areValidationErrors(req, res)) return return next() } @@ -175,19 +199,9 @@ const videoPlaylistsAddVideoValidator = [ if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return if (!await doesVideoExist(req.body.videoId, res, 'only-video')) return - const videoPlaylist = res.locals.videoPlaylist - const video = res.locals.video - - const videoPlaylistElement = await VideoPlaylistElementModel.loadByPlaylistAndVideo(videoPlaylist.id, video.id) - if (videoPlaylistElement) { - res.status(409) - .json({ error: 'This video in this playlist already exists' }) - .end() - - return - } + const videoPlaylist = getPlaylist(res) - if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, res.locals.videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) { + if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) { return } @@ -198,8 +212,8 @@ const videoPlaylistsAddVideoValidator = [ const videoPlaylistsUpdateOrRemoveVideoValidator = [ param('playlistId') .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'), - param('videoId') - .custom(isIdOrUUIDValid).withMessage('Should have an video id/uuid'), + param('playlistElementId') + .custom(isIdValid).withMessage('Should have an element id/uuid'), body('startTimestamp') .optional() .custom(isVideoPlaylistTimestampValid).withMessage('Should have a valid start timestamp'), @@ -213,14 +227,12 @@ const videoPlaylistsUpdateOrRemoveVideoValidator = [ if (areValidationErrors(req, res)) return if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return - if (!await doesVideoExist(req.params.videoId, res, 'id')) return - const videoPlaylist = res.locals.videoPlaylist - const video = res.locals.video + const videoPlaylist = getPlaylist(res) - const videoPlaylistElement = await VideoPlaylistElementModel.loadByPlaylistAndVideo(videoPlaylist.id, video.id) + const videoPlaylistElement = await VideoPlaylistElementModel.loadById(req.params.playlistElementId) if (!videoPlaylistElement) { - res.status(404) + res.status(HttpStatusCode.NOT_FOUND_404) .json({ error: 'Video playlist element not found' }) .end() @@ -237,17 +249,20 @@ const videoPlaylistsUpdateOrRemoveVideoValidator = [ const videoPlaylistElementAPGetValidator = [ param('playlistId') .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'), - param('videoId') - .custom(isIdOrUUIDValid).withMessage('Should have an video id/uuid'), + param('playlistElementId') + .custom(isIdValid).withMessage('Should have an playlist element id'), async (req: express.Request, res: express.Response, next: express.NextFunction) => { logger.debug('Checking videoPlaylistElementAPGetValidator parameters', { parameters: req.params }) if (areValidationErrors(req, res)) return - const videoPlaylistElement = await VideoPlaylistElementModel.loadByPlaylistAndVideoForAP(req.params.playlistId, req.params.videoId) + const playlistElementId = parseInt(req.params.playlistElementId + '', 10) + const playlistId = req.params.playlistId + + const videoPlaylistElement = await VideoPlaylistElementModel.loadByPlaylistAndElementIdForAP(playlistId, playlistElementId) if (!videoPlaylistElement) { - res.status(404) + res.status(HttpStatusCode.NOT_FOUND_404) .json({ error: 'Video playlist element not found' }) .end() @@ -255,10 +270,10 @@ const videoPlaylistElementAPGetValidator = [ } if (videoPlaylistElement.VideoPlaylist.privacy === VideoPlaylistPrivacy.PRIVATE) { - return res.status(403).end() + return res.status(HttpStatusCode.FORBIDDEN_403).end() } - res.locals.videoPlaylistElement = videoPlaylistElement + res.locals.videoPlaylistElementAP = videoPlaylistElement return next() } @@ -282,7 +297,7 @@ const videoPlaylistsReorderVideosValidator = [ if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return - const videoPlaylist = res.locals.videoPlaylist + const videoPlaylist = getPlaylist(res) if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) return const nextPosition = await VideoPlaylistElementModel.getNextPositionOf(videoPlaylist.id) @@ -291,7 +306,7 @@ const videoPlaylistsReorderVideosValidator = [ const reorderLength: number = req.body.reorderLength if (startPosition >= nextPosition || insertAfterPosition >= nextPosition) { - res.status(400) + res.status(HttpStatusCode.BAD_REQUEST_400) .json({ error: `Start position or insert after position exceed the playlist limits (max: ${nextPosition - 1})` }) .end() @@ -299,7 +314,7 @@ const videoPlaylistsReorderVideosValidator = [ } if (reorderLength && reorderLength + startPosition > nextPosition) { - res.status(400) + res.status(HttpStatusCode.BAD_REQUEST_400) .json({ error: `Reorder length with this start position exceeds the playlist limits (max: ${nextPosition - startPosition})` }) .end() @@ -345,6 +360,7 @@ export { videoPlaylistsUpdateValidator, videoPlaylistsDeleteValidator, videoPlaylistsGetValidator, + videoPlaylistsSearchValidator, videoPlaylistsAddVideoValidator, videoPlaylistsUpdateOrRemoveVideoValidator, @@ -362,31 +378,29 @@ export { function getCommonPlaylistEditAttributes () { return [ body('thumbnailfile') - .custom((value, { req }) => isVideoImage(req.files, 'thumbnailfile')).withMessage( - 'This thumbnail file is not supported or too large. Please, make sure it is of the following type: ' - + CONSTRAINTS_FIELDS.VIDEO_PLAYLISTS.IMAGE.EXTNAME.join(', ') - ), + .custom((value, { req }) => isVideoImage(req.files, 'thumbnailfile')) + .withMessage( + 'This thumbnail file is not supported or too large. Please, make sure it is of the following type: ' + + CONSTRAINTS_FIELDS.VIDEO_PLAYLISTS.IMAGE.EXTNAME.join(', ') + ), - body('displayName') - .custom(isVideoPlaylistNameValid).withMessage('Should have a valid display name'), body('description') .optional() .customSanitizer(toValueOrNull) .custom(isVideoPlaylistDescriptionValid).withMessage('Should have a valid description'), body('privacy') .optional() - .toInt() + .customSanitizer(toIntOrNull) .custom(isVideoPlaylistPrivacyValid).withMessage('Should have correct playlist privacy'), body('videoChannelId') .optional() - .customSanitizer(toValueOrNull) - .toInt() + .customSanitizer(toIntOrNull) ] as (ValidationChain | express.Handler)[] } -function checkUserCanManageVideoPlaylist (user: UserModel, videoPlaylist: VideoPlaylistModel, right: UserRight, res: express.Response) { +function checkUserCanManageVideoPlaylist (user: MUserAccountId, videoPlaylist: MVideoPlaylist, right: UserRight, res: express.Response) { if (videoPlaylist.isOwned() === false) { - res.status(403) + res.status(HttpStatusCode.FORBIDDEN_403) .json({ error: 'Cannot manage video playlist of another server.' }) .end() @@ -397,7 +411,7 @@ function checkUserCanManageVideoPlaylist (user: UserModel, videoPlaylist: VideoP // The user can delete it if s/he is an admin // Or if s/he is the video playlist's owner if (user.hasRight(right) === false && videoPlaylist.ownerAccountId !== user.Account.id) { - res.status(403) + res.status(HttpStatusCode.FORBIDDEN_403) .json({ error: 'Cannot manage video playlist of another user' }) .end() @@ -406,3 +420,7 @@ function checkUserCanManageVideoPlaylist (user: UserModel, videoPlaylist: VideoP return true } + +function getPlaylist (res: express.Response) { + return res.locals.videoPlaylistFull || res.locals.videoPlaylistSummary +}