Fix ownership change with a live video

author: Chocobozzz <me@florianbigard.com> 2021-06-28 11:54:40 +0200
committer: Chocobozzz <me@florianbigard.com> 2021-06-28 11:54:40 +0200
commit: 21b5c2982ff93bc67d5dd4c04db352a3f96608b0 (patch)
tree: 7d07f1dc83782b8eb06ff960456a154a1a2d92d0 /server/middlewares/validators/videos/video-ownership-changes.ts
parent: 50cb778ee6c55e318331ff80a91e891751ab5c73 (diff)
download: PeerTube-21b5c2982ff93bc67d5dd4c04db352a3f96608b0.tar.gz
PeerTube-21b5c2982ff93bc67d5dd4c04db352a3f96608b0.tar.zst
PeerTube-21b5c2982ff93bc67d5dd4c04db352a3f96608b0.zip
1 files changed, 119 insertions, 0 deletions
diff --git a/server/middlewares/validators/videos/video-ownership-changes.ts b/server/middlewares/validators/videos/video-ownership-changes.ts
new file mode 100644
index 000000000..120b0469c
--- /dev/null
+++ b/server/middlewares/validators/videos/video-ownership-changes.ts
@@ -0,0 +1,119 @@
+import * as express from 'express'
+import { param } from 'express-validator'
+import { isIdOrUUIDValid } from '@server/helpers/custom-validators/misc'
+import { checkUserCanTerminateOwnershipChange } from '@server/helpers/custom-validators/video-ownership'
+import { logger } from '@server/helpers/logger'
+import { isAbleToUploadVideo } from '@server/lib/user'
+import { AccountModel } from '@server/models/account/account'
+import { MVideoWithAllFiles } from '@server/types/models'
+import { HttpStatusCode } from '@shared/core-utils'
+import { ServerErrorCode, UserRight, VideoChangeOwnershipAccept, VideoChangeOwnershipStatus, VideoState } from '@shared/models'
+import {
+  areValidationErrors,
+  checkUserCanManageVideo,
+  doesChangeVideoOwnershipExist,
+  doesVideoChannelOfAccountExist,
+  doesVideoExist
+} from '../shared'
+const videosChangeOwnershipValidator = [
+  param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
+  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    logger.debug('Checking changeOwnership parameters', { parameters: req.params })
+    if (areValidationErrors(req, res)) return
+    if (!await doesVideoExist(req.params.videoId, res)) return
+    // Check if the user who did the request is able to change the ownership of the video
+    if (!checkUserCanManageVideo(res.locals.oauth.token.User, res.locals.videoAll, UserRight.CHANGE_VIDEO_OWNERSHIP, res)) return
+    const nextOwner = await AccountModel.loadLocalByName(req.body.username)
+    if (!nextOwner) {
+      res.fail({ message: 'Changing video ownership to a remote account is not supported yet' })
+      return
+    }
+    res.locals.nextOwner = nextOwner
+    return next()
+  }
+]
+const videosTerminateChangeOwnershipValidator = [
+  param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
+  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    logger.debug('Checking changeOwnership parameters', { parameters: req.params })
+    if (areValidationErrors(req, res)) return
+    if (!await doesChangeVideoOwnershipExist(req.params.id, res)) return
+    // Check if the user who did the request is able to change the ownership of the video
+    if (!checkUserCanTerminateOwnershipChange(res.locals.oauth.token.User, res.locals.videoChangeOwnership, res)) return
+    const videoChangeOwnership = res.locals.videoChangeOwnership
+    if (videoChangeOwnership.status !== VideoChangeOwnershipStatus.WAITING) {
+      res.fail({
+        status: HttpStatusCode.FORBIDDEN_403,
+        message: 'Ownership already accepted or refused'
+      })
+      return
+    }
+    return next()
+  }
+]
+const videosAcceptChangeOwnershipValidator = [
+  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    const body = req.body as VideoChangeOwnershipAccept
+    if (!await doesVideoChannelOfAccountExist(body.channelId, res.locals.oauth.token.User, res)) return
+    const videoChangeOwnership = res.locals.videoChangeOwnership
+    const video = videoChangeOwnership.Video
+    if (!await checkCanAccept(video, res)) return
+    return next()
+  }
+]
+export {
+  videosChangeOwnershipValidator,
+  videosTerminateChangeOwnershipValidator,
+  videosAcceptChangeOwnershipValidator
+}
+// ---------------------------------------------------------------------------
+async function checkCanAccept (video: MVideoWithAllFiles, res: express.Response): Promise<boolean> {
+  if (video.isLive) {
+    if (video.state !== VideoState.WAITING_FOR_LIVE) {
+      res.fail({
+        status: HttpStatusCode.BAD_REQUEST_400,
+        message: 'You can accept an ownership change of a published live.'
+      })
+      return false
+    }
+    return true
+  }
+  const user = res.locals.oauth.token.User
+  if (!await isAbleToUploadVideo(user.id, video.getMaxQualityFile().size)) {
+    res.fail({
+      status: HttpStatusCode.PAYLOAD_TOO_LARGE_413,
+      message: 'The user video quota is exceeded with this video.',
+      type: ServerErrorCode.QUOTA_REACHED
+    })
+    return false
+  }
+  return true
+}
author	Chocobozzz <me@florianbigard.com>	2021-06-28 11:54:40 +0200
committer	Chocobozzz <me@florianbigard.com>	2021-06-28 11:54:40 +0200
commit	21b5c2982ff93bc67d5dd4c04db352a3f96608b0 (patch)
tree	7d07f1dc83782b8eb06ff960456a154a1a2d92d0 /server/middlewares/validators/videos/video-ownership-changes.ts
parent	50cb778ee6c55e318331ff80a91e891751ab5c73 (diff)
download	PeerTube-21b5c2982ff93bc67d5dd4c04db352a3f96608b0.tar.gz PeerTube-21b5c2982ff93bc67d5dd4c04db352a3f96608b0.tar.zst PeerTube-21b5c2982ff93bc67d5dd4c04db352a3f96608b0.zip

diff --git a/server/middlewares/validators/videos/video-ownership-changes.ts b/server/middlewares/validators/videos/video-ownership-changes.ts new file mode 100644 index 000000000..120b0469c --- /dev/null +++ b/server/middlewares/validators/videos/video-ownership-changes.ts
@@ -0,0 +1,119 @@
	1	import * as express from 'express'
	2	import { param } from 'express-validator'
	3	import { isIdOrUUIDValid } from '@server/helpers/custom-validators/misc'
	4	import { checkUserCanTerminateOwnershipChange } from '@server/helpers/custom-validators/video-ownership'
	5	import { logger } from '@server/helpers/logger'
	6	import { isAbleToUploadVideo } from '@server/lib/user'
	7	import { AccountModel } from '@server/models/account/account'
	8	import { MVideoWithAllFiles } from '@server/types/models'
	9	import { HttpStatusCode } from '@shared/core-utils'
	10	import { ServerErrorCode, UserRight, VideoChangeOwnershipAccept, VideoChangeOwnershipStatus, VideoState } from '@shared/models'
	11	import {
	12	areValidationErrors,
	13	checkUserCanManageVideo,
	14	doesChangeVideoOwnershipExist,
	15	doesVideoChannelOfAccountExist,
	16	doesVideoExist
	17	} from '../shared'
	18
	19	const videosChangeOwnershipValidator = [
	20	param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
	21
	22	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
	23	logger.debug('Checking changeOwnership parameters', { parameters: req.params })
	24
	25	if (areValidationErrors(req, res)) return
	26	if (!await doesVideoExist(req.params.videoId, res)) return
	27
	28	// Check if the user who did the request is able to change the ownership of the video
	29	if (!checkUserCanManageVideo(res.locals.oauth.token.User, res.locals.videoAll, UserRight.CHANGE_VIDEO_OWNERSHIP, res)) return
	30
	31	const nextOwner = await AccountModel.loadLocalByName(req.body.username)
	32	if (!nextOwner) {
	33	res.fail({ message: 'Changing video ownership to a remote account is not supported yet' })
	34	return
	35	}
	36
	37	res.locals.nextOwner = nextOwner
	38	return next()
	39	}
	40	]
	41
	42	const videosTerminateChangeOwnershipValidator = [
	43	param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
	44
	45	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
	46	logger.debug('Checking changeOwnership parameters', { parameters: req.params })
	47
	48	if (areValidationErrors(req, res)) return
	49	if (!await doesChangeVideoOwnershipExist(req.params.id, res)) return
	50
	51	// Check if the user who did the request is able to change the ownership of the video
	52	if (!checkUserCanTerminateOwnershipChange(res.locals.oauth.token.User, res.locals.videoChangeOwnership, res)) return
	53
	54	const videoChangeOwnership = res.locals.videoChangeOwnership
	55
	56	if (videoChangeOwnership.status !== VideoChangeOwnershipStatus.WAITING) {
	57	res.fail({
	58	status: HttpStatusCode.FORBIDDEN_403,
	59	message: 'Ownership already accepted or refused'
	60	})
	61	return
	62	}
	63
	64	return next()
	65	}
	66	]
	67
	68	const videosAcceptChangeOwnershipValidator = [
	69	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
	70	const body = req.body as VideoChangeOwnershipAccept
	71	if (!await doesVideoChannelOfAccountExist(body.channelId, res.locals.oauth.token.User, res)) return
	72
	73	const videoChangeOwnership = res.locals.videoChangeOwnership
	74
	75	const video = videoChangeOwnership.Video
	76
	77	if (!await checkCanAccept(video, res)) return
	78
	79	return next()
	80	}
	81	]
	82
	83	export {
	84	videosChangeOwnershipValidator,
	85	videosTerminateChangeOwnershipValidator,
	86	videosAcceptChangeOwnershipValidator
	87	}
	88
	89	// ---------------------------------------------------------------------------
	90
	91	async function checkCanAccept (video: MVideoWithAllFiles, res: express.Response): Promise<boolean> {
	92	if (video.isLive) {
	93
	94	if (video.state !== VideoState.WAITING_FOR_LIVE) {
	95	res.fail({
	96	status: HttpStatusCode.BAD_REQUEST_400,
	97	message: 'You can accept an ownership change of a published live.'
	98	})
	99
	100	return false
	101	}
	102
	103	return true
	104	}
	105
	106	const user = res.locals.oauth.token.User
	107
	108	if (!await isAbleToUploadVideo(user.id, video.getMaxQualityFile().size)) {
	109	res.fail({
	110	status: HttpStatusCode.PAYLOAD_TOO_LARGE_413,
	111	message: 'The user video quota is exceeded with this video.',
	112	type: ServerErrorCode.QUOTA_REACHED
	113	})
	114
	115	return false
	116	}
	117
	118	return true
	119	}