X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=server%2Fmiddlewares%2Fvalidators%2Fvideos%2Fvideo-playlists.ts;h=f5fee845ef5db29af317a9d62a277eff5e03b11e;hb=3318147300b4f998adf728eb0a5a14a4c1829c51;hp=0d2e6e90c5fceacedddccc4c57d2c005aa0fc106;hpb=10363c74c1d869f0e0c7bc4d0367b1f34d1bb6a4;p=github%2FChocobozzz%2FPeerTube.git diff --git a/server/middlewares/validators/videos/video-playlists.ts b/server/middlewares/validators/videos/video-playlists.ts index 0d2e6e90c..f5fee845e 100644 --- a/server/middlewares/validators/videos/video-playlists.ts +++ b/server/middlewares/validators/videos/video-playlists.ts @@ -1,16 +1,21 @@ -import * as express from 'express' +import express from 'express' import { body, param, query, ValidationChain } from 'express-validator' -import { ExpressPromiseHandler } from '@server/types/express' +import { ExpressPromiseHandler } from '@server/types/express-handler' import { MUserAccountId } from '@server/types/models' -import { UserRight, VideoPlaylistCreate, VideoPlaylistUpdate } from '../../../../shared' -import { HttpStatusCode } from '../../../../shared/core-utils/miscs/http-error-codes' -import { VideoPlaylistPrivacy } from '../../../../shared/models/videos/playlist/video-playlist-privacy.model' -import { VideoPlaylistType } from '../../../../shared/models/videos/playlist/video-playlist-type.model' +import { + HttpStatusCode, + UserRight, + VideoPlaylistCreate, + VideoPlaylistPrivacy, + VideoPlaylistType, + VideoPlaylistUpdate +} from '@shared/models' import { isArrayOf, isIdOrUUIDValid, isIdValid, isUUIDValid, + toCompleteUUID, toIntArray, toIntOrNull, toValueOrNull @@ -29,7 +34,14 @@ import { CONSTRAINTS_FIELDS } from '../../../initializers/constants' import { VideoPlaylistElementModel } from '../../../models/video/video-playlist-element' import { MVideoPlaylist } from '../../../types/models/video/video-playlist' import { authenticatePromiseIfNeeded } from '../../auth' -import { areValidationErrors, doesVideoChannelIdExist, doesVideoExist, doesVideoPlaylistExist, VideoPlaylistFetchType } from '../shared' +import { + areValidationErrors, + doesVideoChannelIdExist, + doesVideoExist, + doesVideoPlaylistExist, + isValidPlaylistIdParam, + VideoPlaylistFetchType +} from '../shared' const videoPlaylistsAddValidator = getCommonPlaylistEditAttributes().concat([ body('displayName') @@ -43,10 +55,13 @@ const videoPlaylistsAddValidator = getCommonPlaylistEditAttributes().concat([ const body: VideoPlaylistCreate = req.body if (body.videoChannelId && !await doesVideoChannelIdExist(body.videoChannelId, res)) return cleanUpReqFiles(req) - if (body.privacy === VideoPlaylistPrivacy.PUBLIC && !body.videoChannelId) { + if ( + !body.videoChannelId && + (body.privacy === VideoPlaylistPrivacy.PUBLIC || body.privacy === VideoPlaylistPrivacy.UNLISTED) + ) { cleanUpReqFiles(req) - return res.fail({ message: 'Cannot set "public" a playlist that is not assigned to a channel.' }) + return res.fail({ message: 'Cannot set "public" or "unlisted" a playlist that is not assigned to a channel.' }) } return next() @@ -54,8 +69,7 @@ const videoPlaylistsAddValidator = getCommonPlaylistEditAttributes().concat([ ]) const videoPlaylistsUpdateValidator = getCommonPlaylistEditAttributes().concat([ - param('playlistId') - .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'), + isValidPlaylistIdParam('playlistId'), body('displayName') .optional() @@ -101,8 +115,7 @@ const videoPlaylistsUpdateValidator = getCommonPlaylistEditAttributes().concat([ ]) const videoPlaylistsDeleteValidator = [ - param('playlistId') - .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'), + isValidPlaylistIdParam('playlistId'), async (req: express.Request, res: express.Response, next: express.NextFunction) => { logger.debug('Checking videoPlaylistsDeleteValidator parameters', { parameters: req.params }) @@ -126,8 +139,7 @@ const videoPlaylistsDeleteValidator = [ const videoPlaylistsGetValidator = (fetchType: VideoPlaylistFetchType) => { return [ - param('playlistId') - .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'), + isValidPlaylistIdParam('playlistId'), async (req: express.Request, res: express.Response, next: express.NextFunction) => { logger.debug('Checking videoPlaylistsGetValidator parameters', { parameters: req.params }) @@ -184,9 +196,10 @@ const videoPlaylistsSearchValidator = [ ] const videoPlaylistsAddVideoValidator = [ - param('playlistId') - .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'), + isValidPlaylistIdParam('playlistId'), + body('videoId') + .customSanitizer(toCompleteUUID) .custom(isIdOrUUIDValid).withMessage('Should have a valid video id/uuid'), body('startTimestamp') .optional() @@ -214,9 +227,9 @@ const videoPlaylistsAddVideoValidator = [ ] const videoPlaylistsUpdateOrRemoveVideoValidator = [ - param('playlistId') - .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'), + isValidPlaylistIdParam('playlistId'), param('playlistElementId') + .customSanitizer(toCompleteUUID) .custom(isIdValid).withMessage('Should have an element id/uuid'), body('startTimestamp') .optional() @@ -251,8 +264,7 @@ const videoPlaylistsUpdateOrRemoveVideoValidator = [ ] const videoPlaylistElementAPGetValidator = [ - param('playlistId') - .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'), + isValidPlaylistIdParam('playlistId'), param('playlistElementId') .custom(isIdValid).withMessage('Should have an playlist element id'), @@ -287,8 +299,7 @@ const videoPlaylistElementAPGetValidator = [ ] const videoPlaylistsReorderVideosValidator = [ - param('playlistId') - .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'), + isValidPlaylistIdParam('playlistId'), body('startPosition') .isInt({ min: 1 }).withMessage('Should have a valid start position'), body('insertAfterPosition')