X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=server%2Fmiddlewares%2Fvalidators%2Fvideos%2Fvideo-playlists.ts;h=e4b7e5c56920c45b90d96f415001f10ac29b69f2;hb=4638cd713dcdd007cd7f49b9a95fa62ac7823e7c;hp=ef8d0b8511eeaefe4cf060e43335fbf9fbd75c3b;hpb=418d092afa81e2c8fe8ac6838fc4b5eb0af6a782;p=github%2FChocobozzz%2FPeerTube.git diff --git a/server/middlewares/validators/videos/video-playlists.ts b/server/middlewares/validators/videos/video-playlists.ts index ef8d0b851..e4b7e5c56 100644 --- a/server/middlewares/validators/videos/video-playlists.ts +++ b/server/middlewares/validators/videos/video-playlists.ts @@ -1,69 +1,129 @@ -import * as express from 'express' -import { body, param, ValidationChain } from 'express-validator/check' -import { UserRight, VideoPrivacy } from '../../../../shared' -import { logger } from '../../../helpers/logger' -import { UserModel } from '../../../models/account/user' -import { areValidationErrors } from '../utils' -import { isVideoExist, isVideoImage } from '../../../helpers/custom-validators/videos' -import { CONSTRAINTS_FIELDS } from '../../../initializers' -import { isIdOrUUIDValid, toValueOrNull } from '../../../helpers/custom-validators/misc' +import express from 'express' +import { body, param, query, ValidationChain } from 'express-validator' +import { ExpressPromiseHandler } from '@server/types/express-handler' +import { MUserAccountId } from '@server/types/models' +import { forceNumber } from '@shared/core-utils' +import { + HttpStatusCode, + UserRight, + VideoPlaylistCreate, + VideoPlaylistPrivacy, + VideoPlaylistType, + VideoPlaylistUpdate +} from '@shared/models' +import { + isArrayOf, + isIdOrUUIDValid, + isIdValid, + isUUIDValid, + toCompleteUUID, + toIntArray, + toIntOrNull, + toValueOrNull +} from '../../../helpers/custom-validators/misc' import { isVideoPlaylistDescriptionValid, - isVideoPlaylistExist, isVideoPlaylistNameValid, - isVideoPlaylistPrivacyValid + isVideoPlaylistPrivacyValid, + isVideoPlaylistTimestampValid, + isVideoPlaylistTypeValid } from '../../../helpers/custom-validators/video-playlists' -import { VideoPlaylistModel } from '../../../models/video/video-playlist' +import { isVideoImageValid } from '../../../helpers/custom-validators/videos' import { cleanUpReqFiles } from '../../../helpers/express-utils' -import { isVideoChannelIdExist } from '../../../helpers/custom-validators/video-channels' +import { CONSTRAINTS_FIELDS } from '../../../initializers/constants' import { VideoPlaylistElementModel } from '../../../models/video/video-playlist-element' -import { VideoModel } from '../../../models/video/video' -import { authenticatePromiseIfNeeded } from '../../oauth' -import { VideoPlaylistPrivacy } from '../../../../shared/models/videos/playlist/video-playlist-privacy.model' +import { MVideoPlaylist } from '../../../types/models/video/video-playlist' +import { authenticatePromise } from '../../auth' +import { + areValidationErrors, + doesVideoChannelIdExist, + doesVideoExist, + doesVideoPlaylistExist, + isValidPlaylistIdParam, + VideoPlaylistFetchType +} from '../shared' const videoPlaylistsAddValidator = getCommonPlaylistEditAttributes().concat([ - async (req: express.Request, res: express.Response, next: express.NextFunction) => { - logger.debug('Checking videoPlaylistsAddValidator parameters', { parameters: req.body }) + body('displayName') + .custom(isVideoPlaylistNameValid), + async (req: express.Request, res: express.Response, next: express.NextFunction) => { if (areValidationErrors(req, res)) return cleanUpReqFiles(req) - if (req.body.videoChannelId && !await isVideoChannelIdExist(req.body.videoChannelId, res)) return cleanUpReqFiles(req) + const body: VideoPlaylistCreate = req.body + if (body.videoChannelId && !await doesVideoChannelIdExist(body.videoChannelId, res)) return cleanUpReqFiles(req) + + if ( + !body.videoChannelId && + (body.privacy === VideoPlaylistPrivacy.PUBLIC || body.privacy === VideoPlaylistPrivacy.UNLISTED) + ) { + cleanUpReqFiles(req) + + return res.fail({ message: 'Cannot set "public" or "unlisted" a playlist that is not assigned to a channel.' }) + } return next() } ]) const videoPlaylistsUpdateValidator = getCommonPlaylistEditAttributes().concat([ - param('playlistId') - .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'), + isValidPlaylistIdParam('playlistId'), - async (req: express.Request, res: express.Response, next: express.NextFunction) => { - logger.debug('Checking videoPlaylistsUpdateValidator parameters', { parameters: req.body }) + body('displayName') + .optional() + .custom(isVideoPlaylistNameValid), + async (req: express.Request, res: express.Response, next: express.NextFunction) => { if (areValidationErrors(req, res)) return cleanUpReqFiles(req) - if (!await isVideoPlaylistExist(req.params.playlistId, res)) return cleanUpReqFiles(req) - if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, res.locals.videoPlaylist, UserRight.REMOVE_ANY_VIDEO_PLAYLIST, res)) { + if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return cleanUpReqFiles(req) + + const videoPlaylist = getPlaylist(res) + + if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.REMOVE_ANY_VIDEO_PLAYLIST, res)) { return cleanUpReqFiles(req) } - if (req.body.videoChannelId && !await isVideoChannelIdExist(req.body.videoChannelId, res)) return cleanUpReqFiles(req) + const body: VideoPlaylistUpdate = req.body + + const newPrivacy = body.privacy || videoPlaylist.privacy + if (newPrivacy === VideoPlaylistPrivacy.PUBLIC && + ( + (!videoPlaylist.videoChannelId && !body.videoChannelId) || + body.videoChannelId === null + ) + ) { + cleanUpReqFiles(req) + + return res.fail({ message: 'Cannot set "public" a playlist that is not assigned to a channel.' }) + } + + if (videoPlaylist.type === VideoPlaylistType.WATCH_LATER) { + cleanUpReqFiles(req) + + return res.fail({ message: 'Cannot update a watch later playlist.' }) + } + + if (body.videoChannelId && !await doesVideoChannelIdExist(body.videoChannelId, res)) return cleanUpReqFiles(req) return next() } ]) const videoPlaylistsDeleteValidator = [ - param('playlistId') - .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'), + isValidPlaylistIdParam('playlistId'), async (req: express.Request, res: express.Response, next: express.NextFunction) => { - logger.debug('Checking videoPlaylistsDeleteValidator parameters', { parameters: req.params }) - if (areValidationErrors(req, res)) return - if (!await isVideoPlaylistExist(req.params.playlistId, res)) return - if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, res.locals.videoPlaylist, UserRight.REMOVE_ANY_VIDEO_PLAYLIST, res)) { + if (!await doesVideoPlaylistExist(req.params.playlistId, res)) return + + const videoPlaylist = getPlaylist(res) + if (videoPlaylist.type === VideoPlaylistType.WATCH_LATER) { + return res.fail({ message: 'Cannot delete a watch later playlist.' }) + } + + if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.REMOVE_ANY_VIDEO_PLAYLIST, res)) { return } @@ -71,71 +131,84 @@ const videoPlaylistsDeleteValidator = [ } ] -const videoPlaylistsGetValidator = [ - param('playlistId') - .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'), +const videoPlaylistsGetValidator = (fetchType: VideoPlaylistFetchType) => { + return [ + isValidPlaylistIdParam('playlistId'), + + async (req: express.Request, res: express.Response, next: express.NextFunction) => { + if (areValidationErrors(req, res)) return - async (req: express.Request, res: express.Response, next: express.NextFunction) => { - logger.debug('Checking videoPlaylistsGetValidator parameters', { parameters: req.params }) + if (!await doesVideoPlaylistExist(req.params.playlistId, res, fetchType)) return - if (areValidationErrors(req, res)) return + const videoPlaylist = res.locals.videoPlaylistFull || res.locals.videoPlaylistSummary - if (!await isVideoPlaylistExist(req.params.playlistId, res)) return + // Video is unlisted, check we used the uuid to fetch it + if (videoPlaylist.privacy === VideoPlaylistPrivacy.UNLISTED) { + if (isUUIDValid(req.params.playlistId)) return next() + + return res.fail({ + status: HttpStatusCode.NOT_FOUND_404, + message: 'Playlist not found' + }) + } - const videoPlaylist: VideoPlaylistModel = res.locals.videoPlaylist - if (videoPlaylist.privacy === VideoPlaylistPrivacy.PRIVATE) { - await authenticatePromiseIfNeeded(req, res) + if (videoPlaylist.privacy === VideoPlaylistPrivacy.PRIVATE) { + await authenticatePromise(req, res) - const user: UserModel = res.locals.oauth ? res.locals.oauth.token.User : null + const user = res.locals.oauth ? res.locals.oauth.token.User : null - if ( - !user || - (videoPlaylist.OwnerAccount.userId !== user.id && !user.hasRight(UserRight.UPDATE_ANY_VIDEO_PLAYLIST)) - ) { - return res.status(403) - .json({ error: 'Cannot get this private video playlist.' }) + if ( + !user || + (videoPlaylist.OwnerAccount.id !== user.Account.id && !user.hasRight(UserRight.UPDATE_ANY_VIDEO_PLAYLIST)) + ) { + return res.fail({ + status: HttpStatusCode.FORBIDDEN_403, + message: 'Cannot get this private video playlist.' + }) + } + + return next() } return next() } + ] +} + +const videoPlaylistsSearchValidator = [ + query('search') + .optional() + .not().isEmpty(), + + (req: express.Request, res: express.Response, next: express.NextFunction) => { + if (areValidationErrors(req, res)) return return next() } ] const videoPlaylistsAddVideoValidator = [ - param('playlistId') - .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'), + isValidPlaylistIdParam('playlistId'), + body('videoId') - .custom(isIdOrUUIDValid).withMessage('Should have a valid video id/uuid'), + .customSanitizer(toCompleteUUID) + .custom(isIdOrUUIDValid).withMessage('Should have a valid video id/uuid/short uuid'), body('startTimestamp') .optional() - .isInt({ min: 0 }).withMessage('Should have a valid start timestamp'), + .custom(isVideoPlaylistTimestampValid), body('stopTimestamp') .optional() - .isInt({ min: 0 }).withMessage('Should have a valid stop timestamp'), + .custom(isVideoPlaylistTimestampValid), async (req: express.Request, res: express.Response, next: express.NextFunction) => { - logger.debug('Checking videoPlaylistsAddVideoValidator parameters', { parameters: req.params }) - if (areValidationErrors(req, res)) return - if (!await isVideoPlaylistExist(req.params.playlistId, res)) return - if (!await isVideoExist(req.body.videoId, res, 'id')) return - - const videoPlaylist: VideoPlaylistModel = res.locals.videoPlaylist - const video: VideoModel = res.locals.video + if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return + if (!await doesVideoExist(req.body.videoId, res, 'only-video')) return - const videoPlaylistElement = await VideoPlaylistElementModel.loadByPlaylistAndVideo(videoPlaylist.id, video.id) - if (videoPlaylistElement) { - res.status(409) - .json({ error: 'This video in this playlist already exists' }) - .end() + const videoPlaylist = getPlaylist(res) - return - } - - if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, res.locals.videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) { + if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) { return } @@ -144,34 +217,30 @@ const videoPlaylistsAddVideoValidator = [ ] const videoPlaylistsUpdateOrRemoveVideoValidator = [ - param('playlistId') - .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'), - param('videoId') - .custom(isIdOrUUIDValid).withMessage('Should have an video id/uuid'), + isValidPlaylistIdParam('playlistId'), + param('playlistElementId') + .customSanitizer(toCompleteUUID) + .custom(isIdValid).withMessage('Should have an element id/uuid/short uuid'), body('startTimestamp') .optional() - .isInt({ min: 0 }).withMessage('Should have a valid start timestamp'), + .custom(isVideoPlaylistTimestampValid), body('stopTimestamp') .optional() - .isInt({ min: 0 }).withMessage('Should have a valid stop timestamp'), + .custom(isVideoPlaylistTimestampValid), async (req: express.Request, res: express.Response, next: express.NextFunction) => { - logger.debug('Checking videoPlaylistsRemoveVideoValidator parameters', { parameters: req.params }) - if (areValidationErrors(req, res)) return - if (!await isVideoPlaylistExist(req.params.playlistId, res)) return - if (!await isVideoExist(req.params.playlistId, res, 'id')) return + if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return - const videoPlaylist: VideoPlaylistModel = res.locals.videoPlaylist - const video: VideoModel = res.locals.video + const videoPlaylist = getPlaylist(res) - const videoPlaylistElement = await VideoPlaylistElementModel.loadByPlaylistAndVideo(videoPlaylist.id, video.id) + const videoPlaylistElement = await VideoPlaylistElementModel.loadById(req.params.playlistElementId) if (!videoPlaylistElement) { - res.status(404) - .json({ error: 'Video playlist element not found' }) - .end() - + res.fail({ + status: HttpStatusCode.NOT_FOUND_404, + message: 'Video playlist element not found' + }) return } res.locals.videoPlaylistElement = videoPlaylistElement @@ -183,56 +252,96 @@ const videoPlaylistsUpdateOrRemoveVideoValidator = [ ] const videoPlaylistElementAPGetValidator = [ - param('playlistId') - .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'), - param('videoId') - .custom(isIdOrUUIDValid).withMessage('Should have an video id/uuid'), + isValidPlaylistIdParam('playlistId'), + param('playlistElementId') + .custom(isIdValid), async (req: express.Request, res: express.Response, next: express.NextFunction) => { - logger.debug('Checking videoPlaylistElementAPGetValidator parameters', { parameters: req.params }) - if (areValidationErrors(req, res)) return - const videoPlaylistElement = await VideoPlaylistElementModel.loadByPlaylistAndVideoForAP(req.params.playlistId, req.params.videoId) - if (!videoPlaylistElement) { - res.status(404) - .json({ error: 'Video playlist element not found' }) - .end() + const playlistElementId = forceNumber(req.params.playlistElementId) + const playlistId = req.params.playlistId + const videoPlaylistElement = await VideoPlaylistElementModel.loadByPlaylistAndElementIdForAP(playlistId, playlistElementId) + if (!videoPlaylistElement) { + res.fail({ + status: HttpStatusCode.NOT_FOUND_404, + message: 'Video playlist element not found' + }) return } if (videoPlaylistElement.VideoPlaylist.privacy === VideoPlaylistPrivacy.PRIVATE) { - return res.status(403).end() + return res.fail({ + status: HttpStatusCode.FORBIDDEN_403, + message: 'Cannot get this private video playlist.' + }) } - res.locals.videoPlaylistElement = videoPlaylistElement + res.locals.videoPlaylistElementAP = videoPlaylistElement return next() } ] const videoPlaylistsReorderVideosValidator = [ - param('playlistId') - .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'), + isValidPlaylistIdParam('playlistId'), + body('startPosition') - .isInt({ min: 1 }).withMessage('Should have a valid start position'), + .isInt({ min: 1 }), body('insertAfterPosition') - .isInt({ min: 0 }).withMessage('Should have a valid insert after position'), + .isInt({ min: 0 }), body('reorderLength') .optional() - .isInt({ min: 1 }).withMessage('Should have a valid range length'), + .isInt({ min: 1 }), async (req: express.Request, res: express.Response, next: express.NextFunction) => { - logger.debug('Checking videoPlaylistsReorderVideosValidator parameters', { parameters: req.params }) - if (areValidationErrors(req, res)) return - if (!await isVideoPlaylistExist(req.params.playlistId, res)) return + if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return - const videoPlaylist: VideoPlaylistModel = res.locals.videoPlaylist + const videoPlaylist = getPlaylist(res) if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) return + const nextPosition = await VideoPlaylistElementModel.getNextPositionOf(videoPlaylist.id) + const startPosition: number = req.body.startPosition + const insertAfterPosition: number = req.body.insertAfterPosition + const reorderLength: number = req.body.reorderLength + + if (startPosition >= nextPosition || insertAfterPosition >= nextPosition) { + res.fail({ message: `Start position or insert after position exceed the playlist limits (max: ${nextPosition - 1})` }) + return + } + + if (reorderLength && reorderLength + startPosition > nextPosition) { + res.fail({ message: `Reorder length with this start position exceeds the playlist limits (max: ${nextPosition - startPosition})` }) + return + } + + return next() + } +] + +const commonVideoPlaylistFiltersValidator = [ + query('playlistType') + .optional() + .custom(isVideoPlaylistTypeValid), + + (req: express.Request, res: express.Response, next: express.NextFunction) => { + if (areValidationErrors(req, res)) return + + return next() + } +] + +const doVideosInPlaylistExistValidator = [ + query('videoIds') + .customSanitizer(toIntArray) + .custom(v => isArrayOf(v, isIdValid)).withMessage('Should have a valid video ids array'), + + (req: express.Request, res: express.Response, next: express.NextFunction) => { + if (areValidationErrors(req, res)) return + return next() } ] @@ -244,12 +353,17 @@ export { videoPlaylistsUpdateValidator, videoPlaylistsDeleteValidator, videoPlaylistsGetValidator, + videoPlaylistsSearchValidator, videoPlaylistsAddVideoValidator, videoPlaylistsUpdateOrRemoveVideoValidator, videoPlaylistsReorderVideosValidator, - videoPlaylistElementAPGetValidator + videoPlaylistElementAPGetValidator, + + commonVideoPlaylistFiltersValidator, + + doVideosInPlaylistExistValidator } // --------------------------------------------------------------------------- @@ -257,33 +371,32 @@ export { function getCommonPlaylistEditAttributes () { return [ body('thumbnailfile') - .custom((value, { req }) => isVideoImage(req.files, 'thumbnailfile')).withMessage( - 'This thumbnail file is not supported or too large. Please, make sure it is of the following type: ' - + CONSTRAINTS_FIELDS.VIDEO_PLAYLISTS.IMAGE.EXTNAME.join(', ') - ), + .custom((value, { req }) => isVideoImageValid(req.files, 'thumbnailfile')) + .withMessage( + 'This thumbnail file is not supported or too large. Please, make sure it is of the following type: ' + + CONSTRAINTS_FIELDS.VIDEO_PLAYLISTS.IMAGE.EXTNAME.join(', ') + ), - body('displayName') - .custom(isVideoPlaylistNameValid).withMessage('Should have a valid display name'), body('description') .optional() .customSanitizer(toValueOrNull) - .custom(isVideoPlaylistDescriptionValid).withMessage('Should have a valid description'), + .custom(isVideoPlaylistDescriptionValid), body('privacy') .optional() - .toInt() - .custom(isVideoPlaylistPrivacyValid).withMessage('Should have correct playlist privacy'), + .customSanitizer(toIntOrNull) + .custom(isVideoPlaylistPrivacyValid), body('videoChannelId') .optional() - .toInt() - ] as (ValidationChain | express.Handler)[] + .customSanitizer(toIntOrNull) + ] as (ValidationChain | ExpressPromiseHandler)[] } -function checkUserCanManageVideoPlaylist (user: UserModel, videoPlaylist: VideoPlaylistModel, right: UserRight, res: express.Response) { +function checkUserCanManageVideoPlaylist (user: MUserAccountId, videoPlaylist: MVideoPlaylist, right: UserRight, res: express.Response) { if (videoPlaylist.isOwned() === false) { - res.status(403) - .json({ error: 'Cannot manage video playlist of another server.' }) - .end() - + res.fail({ + status: HttpStatusCode.FORBIDDEN_403, + message: 'Cannot manage video playlist of another server.' + }) return false } @@ -291,12 +404,16 @@ function checkUserCanManageVideoPlaylist (user: UserModel, videoPlaylist: VideoP // The user can delete it if s/he is an admin // Or if s/he is the video playlist's owner if (user.hasRight(right) === false && videoPlaylist.ownerAccountId !== user.Account.id) { - res.status(403) - .json({ error: 'Cannot manage video playlist of another user' }) - .end() - + res.fail({ + status: HttpStatusCode.FORBIDDEN_403, + message: 'Cannot manage video playlist of another user' + }) return false } return true } + +function getPlaylist (res: express.Response) { + return res.locals.videoPlaylistFull || res.locals.videoPlaylistSummary +}