aboutsummaryrefslogblamecommitdiffhomepage
path: root/server/middlewares/validators/videos/video-passwords.ts
blob: 200e496f6b588ae001bd942f9d2bf7b2123d909e (plain) (tree) 
40346ead2













































































1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77













































































                                                                                                    
import express from 'express'
import {
  areValidationErrors,
  doesVideoExist,
  isVideoPasswordProtected,
  isValidVideoIdParam,
  doesVideoPasswordExist,
  isVideoPasswordDeletable,
  checkUserCanManageVideo
} from '../shared'
import { body, param } from 'express-validator'
import { isIdValid } from '@server/helpers/custom-validators/misc'
import { isValidPasswordProtectedPrivacy } from '@server/helpers/custom-validators/videos'
import { UserRight } from '@shared/models'

const listVideoPasswordValidator = [
  isValidVideoIdParam('videoId'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    if (areValidationErrors(req, res)) return

    if (!await doesVideoExist(req.params.videoId, res)) return
    if (!isVideoPasswordProtected(res)) return

    // Check if the user who did the request is able to access video password list
    const user = res.locals.oauth.token.User
    if (!checkUserCanManageVideo(user, res.locals.videoAll, UserRight.SEE_ALL_VIDEOS, res)) return

    return next()
  }
]

const updateVideoPasswordListValidator = [
  body('passwords')
    .optional()
    .isArray()
    .withMessage('Video passwords should be an array.'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    if (areValidationErrors(req, res)) return

    if (!await doesVideoExist(req.params.videoId, res)) return
    if (!isValidPasswordProtectedPrivacy(req, res)) return

    // Check if the user who did the request is able to update video passwords
    const user = res.locals.oauth.token.User
    if (!checkUserCanManageVideo(user, res.locals.videoAll, UserRight.UPDATE_ANY_VIDEO, res)) return

    return next()
  }
]

const removeVideoPasswordValidator = [
  isValidVideoIdParam('videoId'),

  param('passwordId')
    .custom(isIdValid),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    if (areValidationErrors(req, res)) return

    if (!await doesVideoExist(req.params.videoId, res)) return
    if (!isVideoPasswordProtected(res)) return
    if (!await doesVideoPasswordExist(req.params.passwordId, res)) return
    if (!await isVideoPasswordDeletable(res)) return

    return next()
  }
]

// ---------------------------------------------------------------------------

export {
  listVideoPasswordValidator,
  updateVideoPasswordListValidator,
  removeVideoPasswordValidator
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-26 16:13:51 +0000