X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=server%2Fmiddlewares%2Fvalidators%2Fvideos.ts;h=67eabe468268f27e96c4429e9c4df976f32fb75a;hb=46f8d69b4e58a3006c32b2e0d97b9262fd30fd6b;hp=9befbc9ee7e506d195c94b899f1ebc5e939bfe5b;hpb=74d63469355bad731cdd32defdc85913df3cbd5c;p=github%2FChocobozzz%2FPeerTube.git diff --git a/server/middlewares/validators/videos.ts b/server/middlewares/validators/videos.ts index 9befbc9ee..67eabe468 100644 --- a/server/middlewares/validators/videos.ts +++ b/server/middlewares/validators/videos.ts @@ -41,6 +41,7 @@ import { checkUserCanTerminateOwnershipChange, doesChangeVideoOwnershipExist } f import { VideoChangeOwnershipAccept } from '../../../shared/models/videos/video-change-ownership-accept.model' import { VideoChangeOwnershipModel } from '../../models/video/video-change-ownership' import { AccountModel } from '../../models/account/account' +import { VideoFetchType } from '../../helpers/video' const videosAddValidator = getCommonVideoAttributes().concat([ body('videofile') @@ -128,47 +129,49 @@ const videosUpdateValidator = getCommonVideoAttributes().concat([ } ]) -const videosGetValidator = [ - param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), - - async (req: express.Request, res: express.Response, next: express.NextFunction) => { - logger.debug('Checking videosGet parameters', { parameters: req.params }) +const videosCustomGetValidator = (fetchType: VideoFetchType) => { + return [ + param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), - if (areValidationErrors(req, res)) return - if (!await isVideoExist(req.params.id, res)) return + async (req: express.Request, res: express.Response, next: express.NextFunction) => { + logger.debug('Checking videosGet parameters', { parameters: req.params }) - const video: VideoModel = res.locals.video + if (areValidationErrors(req, res)) return + if (!await isVideoExist(req.params.id, res, fetchType)) return - // Video private or blacklisted - if (video.privacy === VideoPrivacy.PRIVATE || video.VideoBlacklist) { - return authenticate(req, res, () => { - const user: UserModel = res.locals.oauth.token.User + const video: VideoModel = res.locals.video - // Only the owner or a user that have blacklist rights can see the video - if (video.VideoChannel.Account.userId !== user.id && !user.hasRight(UserRight.MANAGE_VIDEO_BLACKLIST)) { - return res.status(403) - .json({ error: 'Cannot get this private or blacklisted video.' }) - .end() - } + // Video private or blacklisted + if (video.privacy === VideoPrivacy.PRIVATE || video.VideoBlacklist) { + return authenticate(req, res, () => { + const user: UserModel = res.locals.oauth.token.User - return next() - }) + // Only the owner or a user that have blacklist rights can see the video + if (video.VideoChannel.Account.userId !== user.id && !user.hasRight(UserRight.MANAGE_VIDEO_BLACKLIST)) { + return res.status(403) + .json({ error: 'Cannot get this private or blacklisted video.' }) + .end() + } - return - } + return next() + }) + } - // Video is public, anyone can access it - if (video.privacy === VideoPrivacy.PUBLIC) return next() + // Video is public, anyone can access it + if (video.privacy === VideoPrivacy.PUBLIC) return next() - // Video is unlisted, check we used the uuid to fetch it - if (video.privacy === VideoPrivacy.UNLISTED) { - if (isUUIDValid(req.params.id)) return next() + // Video is unlisted, check we used the uuid to fetch it + if (video.privacy === VideoPrivacy.UNLISTED) { + if (isUUIDValid(req.params.id)) return next() - // Don't leak this unlisted video - return res.status(404).end() + // Don't leak this unlisted video + return res.status(404).end() + } } - } -] + ] +} + +const videosGetValidator = videosCustomGetValidator('all') const videosRemoveValidator = [ param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), @@ -366,6 +369,7 @@ export { videosAddValidator, videosUpdateValidator, videosGetValidator, + videosCustomGetValidator, videosRemoveValidator, videosShareValidator,