diff options
author | Chocobozzz <florian.bigard@gmail.com> | 2017-05-15 22:22:03 +0200 |
---|---|---|
committer | Chocobozzz <florian.bigard@gmail.com> | 2017-05-20 09:57:40 +0200 |
commit | 65fcc3119c334b75dd13bcfdebf186afdc580a8f (patch) | |
tree | 4f2158c61a9b7c3f47cfa233d01413b946ee53c0 /server/middlewares/validators/videos.ts | |
parent | d5f345ed4cfac4e1fa84dcb4fce1cda4d32f9c73 (diff) | |
download | PeerTube-65fcc3119c334b75dd13bcfdebf186afdc580a8f.tar.gz PeerTube-65fcc3119c334b75dd13bcfdebf186afdc580a8f.tar.zst PeerTube-65fcc3119c334b75dd13bcfdebf186afdc580a8f.zip |
First typescript iteration
Diffstat (limited to 'server/middlewares/validators/videos.ts')
-rw-r--r-- | server/middlewares/validators/videos.ts | 199 |
1 files changed, 199 insertions, 0 deletions
diff --git a/server/middlewares/validators/videos.ts b/server/middlewares/validators/videos.ts new file mode 100644 index 000000000..5a49cf73c --- /dev/null +++ b/server/middlewares/validators/videos.ts | |||
@@ -0,0 +1,199 @@ | |||
1 | const db = require('../../initializers/database') | ||
2 | import { checkErrors } from './utils' | ||
3 | import { CONSTRAINTS_FIELDS, SEARCHABLE_COLUMNS } from '../../initializers' | ||
4 | import { logger, isVideoDurationValid } from '../../helpers' | ||
5 | |||
6 | function videosAddValidator (req, res, next) { | ||
7 | req.checkBody('videofile', 'Should have a valid file').isVideoFile(req.files) | ||
8 | req.checkBody('name', 'Should have a valid name').isVideoNameValid() | ||
9 | req.checkBody('category', 'Should have a valid category').isVideoCategoryValid() | ||
10 | req.checkBody('licence', 'Should have a valid licence').isVideoLicenceValid() | ||
11 | req.checkBody('language', 'Should have a valid language').optional().isVideoLanguageValid() | ||
12 | req.checkBody('nsfw', 'Should have a valid NSFW attribute').isVideoNSFWValid() | ||
13 | req.checkBody('description', 'Should have a valid description').isVideoDescriptionValid() | ||
14 | req.checkBody('tags', 'Should have correct tags').optional().isVideoTagsValid() | ||
15 | |||
16 | logger.debug('Checking videosAdd parameters', { parameters: req.body, files: req.files }) | ||
17 | |||
18 | checkErrors(req, res, function () { | ||
19 | const videoFile = req.files.videofile[0] | ||
20 | |||
21 | db.Video.getDurationFromFile(videoFile.path, function (err, duration) { | ||
22 | if (err) { | ||
23 | return res.status(400).send('Cannot retrieve metadata of the file.') | ||
24 | } | ||
25 | |||
26 | if (!isVideoDurationValid(duration)) { | ||
27 | return res.status(400).send('Duration of the video file is too big (max: ' + CONSTRAINTS_FIELDS.VIDEOS.DURATION.max + 's).') | ||
28 | } | ||
29 | |||
30 | videoFile.duration = duration | ||
31 | next() | ||
32 | }) | ||
33 | }) | ||
34 | } | ||
35 | |||
36 | function videosUpdateValidator (req, res, next) { | ||
37 | req.checkParams('id', 'Should have a valid id').notEmpty().isUUID(4) | ||
38 | req.checkBody('name', 'Should have a valid name').optional().isVideoNameValid() | ||
39 | req.checkBody('category', 'Should have a valid category').optional().isVideoCategoryValid() | ||
40 | req.checkBody('licence', 'Should have a valid licence').optional().isVideoLicenceValid() | ||
41 | req.checkBody('language', 'Should have a valid language').optional().isVideoLanguageValid() | ||
42 | req.checkBody('nsfw', 'Should have a valid NSFW attribute').optional().isVideoNSFWValid() | ||
43 | req.checkBody('description', 'Should have a valid description').optional().isVideoDescriptionValid() | ||
44 | req.checkBody('tags', 'Should have correct tags').optional().isVideoTagsValid() | ||
45 | |||
46 | logger.debug('Checking videosUpdate parameters', { parameters: req.body }) | ||
47 | |||
48 | checkErrors(req, res, function () { | ||
49 | checkVideoExists(req.params.id, res, function () { | ||
50 | // We need to make additional checks | ||
51 | if (res.locals.video.isOwned() === false) { | ||
52 | return res.status(403).send('Cannot update video of another pod') | ||
53 | } | ||
54 | |||
55 | if (res.locals.video.Author.userId !== res.locals.oauth.token.User.id) { | ||
56 | return res.status(403).send('Cannot update video of another user') | ||
57 | } | ||
58 | |||
59 | next() | ||
60 | }) | ||
61 | }) | ||
62 | } | ||
63 | |||
64 | function videosGetValidator (req, res, next) { | ||
65 | req.checkParams('id', 'Should have a valid id').notEmpty().isUUID(4) | ||
66 | |||
67 | logger.debug('Checking videosGet parameters', { parameters: req.params }) | ||
68 | |||
69 | checkErrors(req, res, function () { | ||
70 | checkVideoExists(req.params.id, res, next) | ||
71 | }) | ||
72 | } | ||
73 | |||
74 | function videosRemoveValidator (req, res, next) { | ||
75 | req.checkParams('id', 'Should have a valid id').notEmpty().isUUID(4) | ||
76 | |||
77 | logger.debug('Checking videosRemove parameters', { parameters: req.params }) | ||
78 | |||
79 | checkErrors(req, res, function () { | ||
80 | checkVideoExists(req.params.id, res, function () { | ||
81 | // We need to make additional checks | ||
82 | |||
83 | // Check if the user who did the request is able to delete the video | ||
84 | checkUserCanDeleteVideo(res.locals.oauth.token.User.id, res, function () { | ||
85 | next() | ||
86 | }) | ||
87 | }) | ||
88 | }) | ||
89 | } | ||
90 | |||
91 | function videosSearchValidator (req, res, next) { | ||
92 | const searchableColumns = SEARCHABLE_COLUMNS.VIDEOS | ||
93 | req.checkParams('value', 'Should have a valid search').notEmpty() | ||
94 | req.checkQuery('field', 'Should have correct searchable column').optional().isIn(searchableColumns) | ||
95 | |||
96 | logger.debug('Checking videosSearch parameters', { parameters: req.params }) | ||
97 | |||
98 | checkErrors(req, res, next) | ||
99 | } | ||
100 | |||
101 | function videoAbuseReportValidator (req, res, next) { | ||
102 | req.checkParams('id', 'Should have a valid id').notEmpty().isUUID(4) | ||
103 | req.checkBody('reason', 'Should have a valid reason').isVideoAbuseReasonValid() | ||
104 | |||
105 | logger.debug('Checking videoAbuseReport parameters', { parameters: req.body }) | ||
106 | |||
107 | checkErrors(req, res, function () { | ||
108 | checkVideoExists(req.params.id, res, next) | ||
109 | }) | ||
110 | } | ||
111 | |||
112 | function videoRateValidator (req, res, next) { | ||
113 | req.checkParams('id', 'Should have a valid id').notEmpty().isUUID(4) | ||
114 | req.checkBody('rating', 'Should have a valid rate type').isVideoRatingTypeValid() | ||
115 | |||
116 | logger.debug('Checking videoRate parameters', { parameters: req.body }) | ||
117 | |||
118 | checkErrors(req, res, function () { | ||
119 | checkVideoExists(req.params.id, res, next) | ||
120 | }) | ||
121 | } | ||
122 | |||
123 | function videosBlacklistValidator (req, res, next) { | ||
124 | req.checkParams('id', 'Should have a valid id').notEmpty().isUUID(4) | ||
125 | |||
126 | logger.debug('Checking videosBlacklist parameters', { parameters: req.params }) | ||
127 | |||
128 | checkErrors(req, res, function () { | ||
129 | checkVideoExists(req.params.id, res, function () { | ||
130 | checkVideoIsBlacklistable(req, res, next) | ||
131 | }) | ||
132 | }) | ||
133 | } | ||
134 | |||
135 | // --------------------------------------------------------------------------- | ||
136 | |||
137 | export { | ||
138 | videosAddValidator, | ||
139 | videosUpdateValidator, | ||
140 | videosGetValidator, | ||
141 | videosRemoveValidator, | ||
142 | videosSearchValidator, | ||
143 | |||
144 | videoAbuseReportValidator, | ||
145 | |||
146 | videoRateValidator, | ||
147 | |||
148 | videosBlacklistValidator | ||
149 | } | ||
150 | |||
151 | // --------------------------------------------------------------------------- | ||
152 | |||
153 | function checkVideoExists (id, res, callback) { | ||
154 | db.Video.loadAndPopulateAuthorAndPodAndTags(id, function (err, video) { | ||
155 | if (err) { | ||
156 | logger.error('Error in video request validator.', { error: err }) | ||
157 | return res.sendStatus(500) | ||
158 | } | ||
159 | |||
160 | if (!video) return res.status(404).send('Video not found') | ||
161 | |||
162 | res.locals.video = video | ||
163 | callback() | ||
164 | }) | ||
165 | } | ||
166 | |||
167 | function checkUserCanDeleteVideo (userId, res, callback) { | ||
168 | // Retrieve the user who did the request | ||
169 | db.User.loadById(userId, function (err, user) { | ||
170 | if (err) { | ||
171 | logger.error('Error in video request validator.', { error: err }) | ||
172 | return res.sendStatus(500) | ||
173 | } | ||
174 | |||
175 | // Check if the user can delete the video | ||
176 | // The user can delete it if s/he is an admin | ||
177 | // Or if s/he is the video's author | ||
178 | if (user.isAdmin() === false) { | ||
179 | if (res.locals.video.isOwned() === false) { | ||
180 | return res.status(403).send('Cannot remove video of another pod') | ||
181 | } | ||
182 | |||
183 | if (res.locals.video.Author.userId !== res.locals.oauth.token.User.id) { | ||
184 | return res.status(403).send('Cannot remove video of another user') | ||
185 | } | ||
186 | } | ||
187 | |||
188 | // If we reach this comment, we can delete the video | ||
189 | callback() | ||
190 | }) | ||
191 | } | ||
192 | |||
193 | function checkVideoIsBlacklistable (req, res, callback) { | ||
194 | if (res.locals.video.isOwned() === true) { | ||
195 | return res.status(403).send('Cannot blacklist a local video') | ||
196 | } | ||
197 | |||
198 | callback() | ||
199 | } | ||