Refractor validators

author: Chocobozzz <florian.bigard@gmail.com> 2017-11-27 17:30:46 +0100
committer: Chocobozzz <florian.bigard@gmail.com> 2017-11-27 19:43:01 +0100
commit: a2431b7dcbc72c05101dcdbe631ff84a823aeb51 (patch)
tree: 09278a822905622a70ff976a75e09d99bc45639a /server/middlewares/validators/videos.ts
parent: fcaf1e0aa84213a1b1f1b1a44a3276eae35ebe70 (diff)
download: PeerTube-a2431b7dcbc72c05101dcdbe631ff84a823aeb51.tar.gz
PeerTube-a2431b7dcbc72c05101dcdbe631ff84a823aeb51.tar.zst
PeerTube-a2431b7dcbc72c05101dcdbe631ff84a823aeb51.zip
1 files changed, 121 insertions, 131 deletions
diff --git a/server/middlewares/validators/videos.ts b/server/middlewares/validators/videos.ts
index 5ffc85210..3cbf98312 100644
--- a/server/middlewares/validators/videos.ts
+++ b/server/middlewares/validators/videos.ts
@@ -3,11 +3,11 @@ import { body, param, query } from 'express-validator/check'
 import { UserRight, VideoPrivacy } from '../../../shared'
 import { isIdOrUUIDValid, isIdValid } from '../../helpers/custom-validators/misc'
 import {
-  checkVideoExists,
  isVideoAbuseReasonValid,
  isVideoCategoryValid,
  isVideoDescriptionValid,
  isVideoDurationValid,
+  isVideoExist,
  isVideoFile,
  isVideoLanguageValid,
  isVideoLicenceValid,
@@ -20,12 +20,11 @@ import {
 import { getDurationFromVideoFile } from '../../helpers/ffmpeg-utils'
 import { logger } from '../../helpers/logger'
 import { CONSTRAINTS_FIELDS, SEARCHABLE_COLUMNS } from '../../initializers'
 import { database as db } from '../../initializers/database'
 import { UserInstance } from '../../models/account/user-interface'
+import { VideoInstance } from '../../models/video/video-interface'
 import { authenticate } from '../oauth'
-import { areValidationErrors, checkErrors } from './utils'
+import { areValidationErrors } from './utils'
-import { isVideoExistsPromise } from '../../helpers/index'
 const videosAddValidator = [
  body('videofile').custom((value, { req }) => isVideoFile(req.files)).withMessage(
@@ -42,68 +41,58 @@ const videosAddValidator = [
  body('privacy').custom(isVideoPrivacyValid).withMessage('Should have correct video privacy'),
  body('tags').optional().custom(isVideoTagsValid).withMessage('Should have correct tags'),
-  (req: express.Request, res: express.Response, next: express.NextFunction) => {
+  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking videosAdd parameters', { parameters: req.body, files: req.files })
-    checkErrors(req, res, () => {
+    if (areValidationErrors(req, res)) return
-      const videoFile: Express.Multer.File = req.files['videofile'][0]
-      const user = res.locals.oauth.token.User
+    const videoFile: Express.Multer.File = req.files['videofile'][0]
+    const user = res.locals.oauth.token.User
-      return db.VideoChannel.loadByIdAndAccount(req.body.channelId, user.Account.id)
+    const videoChannel = await db.VideoChannel.loadByIdAndAccount(req.body.channelId, user.Account.id)
-        .then(videoChannel => {
+    if (!videoChannel) {
-          if (!videoChannel) {
+      res.status(400)
-            res.status(400)
+        .json({ error: 'Unknown video video channel for this account.' })
-              .json({ error: 'Unknown video video channel for this account.' })
+        .end()
-              .end()
-            return undefined
+      return
-          }
+    }
-          res.locals.videoChannel = videoChannel
+    res.locals.videoChannel = videoChannel
-          return user.isAbleToUploadVideo(videoFile)
+    const isAble = await user.isAbleToUploadVideo(videoFile)
-        })
+    if (isAble === false) {
-        .then(isAble => {
+      res.status(403)
-          if (isAble === false) {
+         .json({ error: 'The user video quota is exceeded with this video.' })
-            res.status(403)
+         .end()
-               .json({ error: 'The user video quota is exceeded with this video.' })
-               .end()
+      return
+    }
-            return undefined
-          }
+    let duration: number
-          return getDurationFromVideoFile(videoFile.path)
+    try {
-            .catch(err => {
+      duration = await getDurationFromVideoFile(videoFile.path)
-              logger.error('Invalid input file in videosAddValidator.', err)
+    } catch (err) {
-              res.status(400)
+      logger.error('Invalid input file in videosAddValidator.', err)
-                 .json({ error: 'Invalid input file.' })
+      res.status(400)
-                 .end()
+         .json({ error: 'Invalid input file.' })
+         .end()
-              return undefined
-            })
+      return
-        })
+    }
-        .then(duration => {
-          // Previous test failed, abort
+    if (!isVideoDurationValid('' + duration)) {
-          if (duration === undefined) return undefined
+      return res.status(400)
+                .json({
-          if (!isVideoDurationValid('' + duration)) {
+                  error: 'Duration of the video file is too big (max: ' + CONSTRAINTS_FIELDS.VIDEOS.DURATION.max + 's).'
-            return res.status(400)
+                })
-                      .json({
+                .end()
-                        error: 'Duration of the video file is too big (max: ' + CONSTRAINTS_FIELDS.VIDEOS.DURATION.max + 's).'
+    }
-                      })
-                      .end()
+    videoFile['duration'] = duration
-          }
+    return next()
-          videoFile['duration'] = duration
-          next()
-        })
-        .catch(err => {
-          logger.error('Error in video add validator', err)
-          res.sendStatus(500)
-          return undefined
-        })
-    })
  }
 ]
@@ -118,61 +107,59 @@ const videosUpdateValidator = [
  body('description').optional().custom(isVideoDescriptionValid).withMessage('Should have a valid description'),
  body('tags').optional().custom(isVideoTagsValid).withMessage('Should have correct tags'),
-  (req: express.Request, res: express.Response, next: express.NextFunction) => {
+  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking videosUpdate parameters', { parameters: req.body })
-    checkErrors(req, res, () => {
+    if (areValidationErrors(req, res)) return
-      checkVideoExists(req.params.id, res, () => {
+    if (!await isVideoExist(req.params.id, res)) return
-        const video = res.locals.video
+    const video = res.locals.video
-        // We need to make additional checks
-        if (video.isOwned() === false) {
+    // We need to make additional checks
-          return res.status(403)
+    if (video.isOwned() === false) {
-                    .json({ error: 'Cannot update video of another server' })
+      return res.status(403)
-                    .end()
+                .json({ error: 'Cannot update video of another server' })
-        }
+                .end()
+    }
-        if (video.VideoChannel.Account.userId !== res.locals.oauth.token.User.id) {
-          return res.status(403)
+    if (video.VideoChannel.Account.userId !== res.locals.oauth.token.User.id) {
-                    .json({ error: 'Cannot update video of another user' })
+      return res.status(403)
-                    .end()
+                .json({ error: 'Cannot update video of another user' })
-        }
+                .end()
+    }
-        if (video.privacy !== VideoPrivacy.PRIVATE && req.body.privacy === VideoPrivacy.PRIVATE) {
-          return res.status(409)
+    if (video.privacy !== VideoPrivacy.PRIVATE && req.body.privacy === VideoPrivacy.PRIVATE) {
-            .json({ error: 'Cannot set "private" a video that was not private anymore.' })
+      return res.status(409)
-            .end()
+        .json({ error: 'Cannot set "private" a video that was not private anymore.' })
-        }
+        .end()
+    }
-        next()
-      })
+    return next()
-    })
  }
 ]
 const videosGetValidator = [
  param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
-  (req: express.Request, res: express.Response, next: express.NextFunction) => {
+  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking videosGet parameters', { parameters: req.params })
-    checkErrors(req, res, () => {
+    if (areValidationErrors(req, res)) return
-      checkVideoExists(req.params.id, res, () => {
+    if (!await isVideoExist(req.params.id, res)) return
-        const video = res.locals.video
-        // Video is not private, anyone can access it
+    const video = res.locals.video
-        if (video.privacy !== VideoPrivacy.PRIVATE) return next()
-        authenticate(req, res, () => {
+    // Video is not private, anyone can access it
-          if (video.VideoChannel.Account.userId !== res.locals.oauth.token.User.id) {
+    if (video.privacy !== VideoPrivacy.PRIVATE) return next()
-            return res.status(403)
-              .json({ error: 'Cannot get this private video of another user' })
-              .end()
-          }
-          next()
+    authenticate(req, res, () => {
-        })
+      if (video.VideoChannel.Account.userId !== res.locals.oauth.token.User.id) {
-      })
+        return res.status(403)
+          .json({ error: 'Cannot get this private video of another user' })
+          .end()
+      }
+      return next()
    })
  }
 ]
@@ -180,17 +167,16 @@ const videosGetValidator = [
 const videosRemoveValidator = [
  param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
-  (req: express.Request, res: express.Response, next: express.NextFunction) => {
+  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking videosRemove parameters', { parameters: req.params })
-    checkErrors(req, res, () => {
+    if (areValidationErrors(req, res)) return
-      checkVideoExists(req.params.id, res, () => {
+    if (!await isVideoExist(req.params.id, res)) return
-        // Check if the user who did the request is able to delete the video
-        checkUserCanDeleteVideo(res.locals.oauth.token.User, res, () => {
+    // Check if the user who did the request is able to delete the video
-          next()
+    if (!checkUserCanDeleteVideo(res.locals.oauth.token.User, res.locals.video, res)) return
-        })
-      })
+    return next()
-    })
  }
 ]
@@ -201,7 +187,9 @@ const videosSearchValidator = [
  (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking videosSearch parameters', { parameters: req.params })
-    checkErrors(req, res, next)
+    if (areValidationErrors(req, res)) return
+    return next()
  }
 ]
@@ -209,12 +197,13 @@ const videoAbuseReportValidator = [
  param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
  body('reason').custom(isVideoAbuseReasonValid).withMessage('Should have a valid reason'),
-  (req: express.Request, res: express.Response, next: express.NextFunction) => {
+  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking videoAbuseReport parameters', { parameters: req.body })
-    checkErrors(req, res, () => {
+    if (areValidationErrors(req, res)) return
-      checkVideoExists(req.params.id, res, next)
+    if (!await isVideoExist(req.params.id, res)) return
-    })
+    return next()
  }
 ]
@@ -222,12 +211,13 @@ const videoRateValidator = [
  param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
  body('rating').custom(isVideoRatingTypeValid).withMessage('Should have a valid rate type'),
-  (req: express.Request, res: express.Response, next: express.NextFunction) => {
+  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking videoRate parameters', { parameters: req.body })
-    checkErrors(req, res, () => {
+    if (areValidationErrors(req, res)) return
-      checkVideoExists(req.params.id, res, next)
+    if (!await isVideoExist(req.params.id, res)) return
-    })
+    return next()
  }
 ]
@@ -239,7 +229,7 @@ const videosShareValidator = [
    logger.debug('Checking videoShare parameters', { parameters: req.params })
    if (areValidationErrors(req, res)) return
-    if (!await isVideoExistsPromise(req.params.id, res)) return
+    if (!await isVideoExist(req.params.id, res)) return
    const share = await db.VideoShare.load(req.params.accountId, res.locals.video.id)
    if (!share) {
@@ -248,7 +238,6 @@ const videosShareValidator = [
    }
    res.locals.videoShare = share
    return next()
  }
 ]
@@ -270,24 +259,25 @@ export {
 // ---------------------------------------------------------------------------
-function checkUserCanDeleteVideo (user: UserInstance, res: express.Response, callback: () => void) {
+function checkUserCanDeleteVideo (user: UserInstance, video: VideoInstance, res: express.Response) {
  // Retrieve the user who did the request
-  if (res.locals.video.isOwned() === false) {
+  if (video.isOwned() === false) {
-    return res.status(403)
+    res.status(403)
              .json({ error: 'Cannot remove video of another server, blacklist it' })
              .end()
+    return false
  }
  // Check if the user can delete the video
  // The user can delete it if s/he is an admin
  // Or if s/he is the video's account
-  const account = res.locals.video.VideoChannel.Account
+  const account = video.VideoChannel.Account
  if (user.hasRight(UserRight.REMOVE_ANY_VIDEO) === false && account.userId !== user.id) {
-    return res.status(403)
+    res.status(403)
              .json({ error: 'Cannot remove video of another user' })
              .end()
+    return false
  }
-  // If we reach this comment, we can delete the video
+  return true
-  callback()
 }
author	Chocobozzz <florian.bigard@gmail.com>	2017-11-27 17:30:46 +0100
committer	Chocobozzz <florian.bigard@gmail.com>	2017-11-27 19:43:01 +0100
commit	a2431b7dcbc72c05101dcdbe631ff84a823aeb51 (patch)
tree	09278a822905622a70ff976a75e09d99bc45639a /server/middlewares/validators/videos.ts
parent	fcaf1e0aa84213a1b1f1b1a44a3276eae35ebe70 (diff)
download	PeerTube-a2431b7dcbc72c05101dcdbe631ff84a823aeb51.tar.gz PeerTube-a2431b7dcbc72c05101dcdbe631ff84a823aeb51.tar.zst PeerTube-a2431b7dcbc72c05101dcdbe631ff84a823aeb51.zip

diff --git a/server/middlewares/validators/videos.ts b/server/middlewares/validators/videos.ts index 5ffc85210..3cbf98312 100644 --- a/server/middlewares/validators/videos.ts +++ b/server/middlewares/validators/videos.ts
@@ -3,11 +3,11 @@ import { body, param, query } from 'express-validator/check'
3	import { UserRight, VideoPrivacy } from '../../../shared'	3	import { UserRight, VideoPrivacy } from '../../../shared'
4	import { isIdOrUUIDValid, isIdValid } from '../../helpers/custom-validators/misc'	4	import { isIdOrUUIDValid, isIdValid } from '../../helpers/custom-validators/misc'
5	import {	5	import {
6	checkVideoExists,
7	isVideoAbuseReasonValid,	6	isVideoAbuseReasonValid,
8	isVideoCategoryValid,	7	isVideoCategoryValid,
9	isVideoDescriptionValid,	8	isVideoDescriptionValid,
10	isVideoDurationValid,	9	isVideoDurationValid,
		10	isVideoExist,
11	isVideoFile,	11	isVideoFile,
12	isVideoLanguageValid,	12	isVideoLanguageValid,
13	isVideoLicenceValid,	13	isVideoLicenceValid,
@@ -20,12 +20,11 @@ import {
20	import { getDurationFromVideoFile } from '../../helpers/ffmpeg-utils'	20	import { getDurationFromVideoFile } from '../../helpers/ffmpeg-utils'
21	import { logger } from '../../helpers/logger'	21	import { logger } from '../../helpers/logger'
22	import { CONSTRAINTS_FIELDS, SEARCHABLE_COLUMNS } from '../../initializers'	22	import { CONSTRAINTS_FIELDS, SEARCHABLE_COLUMNS } from '../../initializers'
23
24	import { database as db } from '../../initializers/database'	23	import { database as db } from '../../initializers/database'
25	import { UserInstance } from '../../models/account/user-interface'	24	import { UserInstance } from '../../models/account/user-interface'
		25	import { VideoInstance } from '../../models/video/video-interface'
26	import { authenticate } from '../oauth'	26	import { authenticate } from '../oauth'
27	import { areValidationErrors, checkErrors } from './utils'	27	import { areValidationErrors } from './utils'
28	import { isVideoExistsPromise } from '../../helpers/index'
29		28
30	const videosAddValidator = [	29	const videosAddValidator = [
31	body('videofile').custom((value, { req }) => isVideoFile(req.files)).withMessage(	30	body('videofile').custom((value, { req }) => isVideoFile(req.files)).withMessage(
@@ -42,68 +41,58 @@ const videosAddValidator = [
42	body('privacy').custom(isVideoPrivacyValid).withMessage('Should have correct video privacy'),	41	body('privacy').custom(isVideoPrivacyValid).withMessage('Should have correct video privacy'),
43	body('tags').optional().custom(isVideoTagsValid).withMessage('Should have correct tags'),	42	body('tags').optional().custom(isVideoTagsValid).withMessage('Should have correct tags'),
44		43
45	(req: express.Request, res: express.Response, next: express.NextFunction) => {	44	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
46	logger.debug('Checking videosAdd parameters', { parameters: req.body, files: req.files })	45	logger.debug('Checking videosAdd parameters', { parameters: req.body, files: req.files })
47		46
48	checkErrors(req, res, () => {	47	if (areValidationErrors(req, res)) return
49	const videoFile: Express.Multer.File = req.files['videofile'][0]	48
50	const user = res.locals.oauth.token.User	49	const videoFile: Express.Multer.File = req.files['videofile'][0]
		50	const user = res.locals.oauth.token.User
51		51
52	return db.VideoChannel.loadByIdAndAccount(req.body.channelId, user.Account.id)	52	const videoChannel = await db.VideoChannel.loadByIdAndAccount(req.body.channelId, user.Account.id)
53	.then(videoChannel => {	53	if (!videoChannel) {
54	if (!videoChannel) {	54	res.status(400)
55	res.status(400)	55	.json({ error: 'Unknown video video channel for this account.' })
56	.json({ error: 'Unknown video video channel for this account.' })	56	.end()
57	.end()
58		57
59	return undefined	58	return
60	}	59	}
61		60
62	res.locals.videoChannel = videoChannel	61	res.locals.videoChannel = videoChannel
63		62
64	return user.isAbleToUploadVideo(videoFile)	63	const isAble = await user.isAbleToUploadVideo(videoFile)
65	})	64	if (isAble === false) {
66	.then(isAble => {	65	res.status(403)
67	if (isAble === false) {	66	.json({ error: 'The user video quota is exceeded with this video.' })
68	res.status(403)	67	.end()
69	.json({ error: 'The user video quota is exceeded with this video.' })	68
70	.end()	69	return
71		70	}
72	return undefined	71
73	}	72	let duration: number
74		73
75	return getDurationFromVideoFile(videoFile.path)	74	try {
76	.catch(err => {	75	duration = await getDurationFromVideoFile(videoFile.path)
77	logger.error('Invalid input file in videosAddValidator.', err)	76	} catch (err) {
78	res.status(400)	77	logger.error('Invalid input file in videosAddValidator.', err)
79	.json({ error: 'Invalid input file.' })	78	res.status(400)
80	.end()	79	.json({ error: 'Invalid input file.' })
81		80	.end()
82	return undefined	81
83	})	82	return
84	})	83	}
85	.then(duration => {	84
86	// Previous test failed, abort	85	if (!isVideoDurationValid('' + duration)) {
87	if (duration === undefined) return undefined	86	return res.status(400)
88		87	.json({
89	if (!isVideoDurationValid('' + duration)) {	88	error: 'Duration of the video file is too big (max: ' + CONSTRAINTS_FIELDS.VIDEOS.DURATION.max + 's).'
90	return res.status(400)	89	})
91	.json({	90	.end()
92	error: 'Duration of the video file is too big (max: ' + CONSTRAINTS_FIELDS.VIDEOS.DURATION.max + 's).'	91	}
93	})	92
94	.end()	93	videoFile['duration'] = duration
95	}	94
96		95	return next()
97	videoFile['duration'] = duration
98	next()
99	})
100	.catch(err => {
101	logger.error('Error in video add validator', err)
102	res.sendStatus(500)
103
104	return undefined
105	})
106	})
107	}	96	}
108	]	97	]
109		98
@@ -118,61 +107,59 @@ const videosUpdateValidator = [
118	body('description').optional().custom(isVideoDescriptionValid).withMessage('Should have a valid description'),	107	body('description').optional().custom(isVideoDescriptionValid).withMessage('Should have a valid description'),
119	body('tags').optional().custom(isVideoTagsValid).withMessage('Should have correct tags'),	108	body('tags').optional().custom(isVideoTagsValid).withMessage('Should have correct tags'),
120		109
121	(req: express.Request, res: express.Response, next: express.NextFunction) => {	110	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
122	logger.debug('Checking videosUpdate parameters', { parameters: req.body })	111	logger.debug('Checking videosUpdate parameters', { parameters: req.body })
123		112
124	checkErrors(req, res, () => {	113	if (areValidationErrors(req, res)) return
125	checkVideoExists(req.params.id, res, () => {	114	if (!await isVideoExist(req.params.id, res)) return
126	const video = res.locals.video	115
127		116	const video = res.locals.video
128	// We need to make additional checks	117
129	if (video.isOwned() === false) {	118	// We need to make additional checks
130	return res.status(403)	119	if (video.isOwned() === false) {
131	.json({ error: 'Cannot update video of another server' })	120	return res.status(403)
132	.end()	121	.json({ error: 'Cannot update video of another server' })
133	}	122	.end()
134		123	}
135	if (video.VideoChannel.Account.userId !== res.locals.oauth.token.User.id) {	124
136	return res.status(403)	125	if (video.VideoChannel.Account.userId !== res.locals.oauth.token.User.id) {
137	.json({ error: 'Cannot update video of another user' })	126	return res.status(403)
138	.end()	127	.json({ error: 'Cannot update video of another user' })
139	}	128	.end()
140		129	}
141	if (video.privacy !== VideoPrivacy.PRIVATE && req.body.privacy === VideoPrivacy.PRIVATE) {	130
142	return res.status(409)	131	if (video.privacy !== VideoPrivacy.PRIVATE && req.body.privacy === VideoPrivacy.PRIVATE) {
143	.json({ error: 'Cannot set "private" a video that was not private anymore.' })	132	return res.status(409)
144	.end()	133	.json({ error: 'Cannot set "private" a video that was not private anymore.' })
145	}	134	.end()
146		135	}
147	next()	136
148	})	137	return next()
149	})
150	}	138	}
151	]	139	]
152		140
153	const videosGetValidator = [	141	const videosGetValidator = [
154	param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),	142	param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
155		143
156	(req: express.Request, res: express.Response, next: express.NextFunction) => {	144	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
157	logger.debug('Checking videosGet parameters', { parameters: req.params })	145	logger.debug('Checking videosGet parameters', { parameters: req.params })
158		146
159	checkErrors(req, res, () => {	147	if (areValidationErrors(req, res)) return
160	checkVideoExists(req.params.id, res, () => {	148	if (!await isVideoExist(req.params.id, res)) return
161	const video = res.locals.video
162		149
163	// Video is not private, anyone can access it	150	const video = res.locals.video
164	if (video.privacy !== VideoPrivacy.PRIVATE) return next()
165		151
166	authenticate(req, res, () => {	152	// Video is not private, anyone can access it
167	if (video.VideoChannel.Account.userId !== res.locals.oauth.token.User.id) {	153	if (video.privacy !== VideoPrivacy.PRIVATE) return next()
168	return res.status(403)
169	.json({ error: 'Cannot get this private video of another user' })
170	.end()
171	}
172		154
173	next()	155	authenticate(req, res, () => {
174	})	156	if (video.VideoChannel.Account.userId !== res.locals.oauth.token.User.id) {
175	})	157	return res.status(403)
		158	.json({ error: 'Cannot get this private video of another user' })
		159	.end()
		160	}
		161
		162	return next()
176	})	163	})
177	}	164	}
178	]	165	]
@@ -180,17 +167,16 @@ const videosGetValidator = [
180	const videosRemoveValidator = [	167	const videosRemoveValidator = [
181	param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),	168	param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
182		169
183	(req: express.Request, res: express.Response, next: express.NextFunction) => {	170	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
184	logger.debug('Checking videosRemove parameters', { parameters: req.params })	171	logger.debug('Checking videosRemove parameters', { parameters: req.params })
185		172
186	checkErrors(req, res, () => {	173	if (areValidationErrors(req, res)) return
187	checkVideoExists(req.params.id, res, () => {	174	if (!await isVideoExist(req.params.id, res)) return
188	// Check if the user who did the request is able to delete the video	175
189	checkUserCanDeleteVideo(res.locals.oauth.token.User, res, () => {	176	// Check if the user who did the request is able to delete the video
190	next()	177	if (!checkUserCanDeleteVideo(res.locals.oauth.token.User, res.locals.video, res)) return
191	})	178
192	})	179	return next()
193	})
194	}	180	}
195	]	181	]
196		182
@@ -201,7 +187,9 @@ const videosSearchValidator = [
201	(req: express.Request, res: express.Response, next: express.NextFunction) => {	187	(req: express.Request, res: express.Response, next: express.NextFunction) => {
202	logger.debug('Checking videosSearch parameters', { parameters: req.params })	188	logger.debug('Checking videosSearch parameters', { parameters: req.params })
203		189
204	checkErrors(req, res, next)	190	if (areValidationErrors(req, res)) return
		191
		192	return next()
205	}	193	}
206	]	194	]
207		195
@@ -209,12 +197,13 @@ const videoAbuseReportValidator = [
209	param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),	197	param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
210	body('reason').custom(isVideoAbuseReasonValid).withMessage('Should have a valid reason'),	198	body('reason').custom(isVideoAbuseReasonValid).withMessage('Should have a valid reason'),
211		199
212	(req: express.Request, res: express.Response, next: express.NextFunction) => {	200	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
213	logger.debug('Checking videoAbuseReport parameters', { parameters: req.body })	201	logger.debug('Checking videoAbuseReport parameters', { parameters: req.body })
214		202
215	checkErrors(req, res, () => {	203	if (areValidationErrors(req, res)) return
216	checkVideoExists(req.params.id, res, next)	204	if (!await isVideoExist(req.params.id, res)) return
217	})	205
		206	return next()
218	}	207	}
219	]	208	]
220		209
@@ -222,12 +211,13 @@ const videoRateValidator = [
222	param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),	211	param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
223	body('rating').custom(isVideoRatingTypeValid).withMessage('Should have a valid rate type'),	212	body('rating').custom(isVideoRatingTypeValid).withMessage('Should have a valid rate type'),
224		213
225	(req: express.Request, res: express.Response, next: express.NextFunction) => {	214	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
226	logger.debug('Checking videoRate parameters', { parameters: req.body })	215	logger.debug('Checking videoRate parameters', { parameters: req.body })
227		216
228	checkErrors(req, res, () => {	217	if (areValidationErrors(req, res)) return
229	checkVideoExists(req.params.id, res, next)	218	if (!await isVideoExist(req.params.id, res)) return
230	})	219
		220	return next()
231	}	221	}
232	]	222	]
233		223
@@ -239,7 +229,7 @@ const videosShareValidator = [
239	logger.debug('Checking videoShare parameters', { parameters: req.params })	229	logger.debug('Checking videoShare parameters', { parameters: req.params })
240		230
241	if (areValidationErrors(req, res)) return	231	if (areValidationErrors(req, res)) return
242	if (!await isVideoExistsPromise(req.params.id, res)) return	232	if (!await isVideoExist(req.params.id, res)) return
243		233
244	const share = await db.VideoShare.load(req.params.accountId, res.locals.video.id)	234	const share = await db.VideoShare.load(req.params.accountId, res.locals.video.id)
245	if (!share) {	235	if (!share) {
@@ -248,7 +238,6 @@ const videosShareValidator = [
248	}	238	}
249		239
250	res.locals.videoShare = share	240	res.locals.videoShare = share
251
252	return next()	241	return next()
253	}	242	}
254	]	243	]
@@ -270,24 +259,25 @@ export {
270		259
271	// ---------------------------------------------------------------------------	260	// ---------------------------------------------------------------------------
272		261
273	function checkUserCanDeleteVideo (user: UserInstance, res: express.Response, callback: () => void) {	262	function checkUserCanDeleteVideo (user: UserInstance, video: VideoInstance, res: express.Response) {
274	// Retrieve the user who did the request	263	// Retrieve the user who did the request
275	if (res.locals.video.isOwned() === false) {	264	if (video.isOwned() === false) {
276	return res.status(403)	265	res.status(403)
277	.json({ error: 'Cannot remove video of another server, blacklist it' })	266	.json({ error: 'Cannot remove video of another server, blacklist it' })
278	.end()	267	.end()
		268	return false
279	}	269	}
280		270
281	// Check if the user can delete the video	271	// Check if the user can delete the video
282	// The user can delete it if s/he is an admin	272	// The user can delete it if s/he is an admin
283	// Or if s/he is the video's account	273	// Or if s/he is the video's account
284	const account = res.locals.video.VideoChannel.Account	274	const account = video.VideoChannel.Account
285	if (user.hasRight(UserRight.REMOVE_ANY_VIDEO) === false && account.userId !== user.id) {	275	if (user.hasRight(UserRight.REMOVE_ANY_VIDEO) === false && account.userId !== user.id) {
286	return res.status(403)	276	res.status(403)
287	.json({ error: 'Cannot remove video of another user' })	277	.json({ error: 'Cannot remove video of another user' })
288	.end()	278	.end()
		279	return false
289	}	280	}
290		281
291	// If we reach this comment, we can delete the video	282	return true
292	callback()
293	}	283	}