diff options
author | Chocobozzz <me@florianbigard.com> | 2022-06-22 09:44:08 +0200 |
---|---|---|
committer | Chocobozzz <me@florianbigard.com> | 2022-06-22 10:25:31 +0200 |
commit | ff9d43f62a4f4737c5bfe955883b48c5440f323a (patch) | |
tree | 60593f4b57ec5cd712986a3db370f39b0b7a4cef /server/middlewares/validators/videos | |
parent | 2e401e8575decb1d491d0db48ca1ab1eba5b2a66 (diff) | |
download | PeerTube-ff9d43f62a4f4737c5bfe955883b48c5440f323a.tar.gz PeerTube-ff9d43f62a4f4737c5bfe955883b48c5440f323a.tar.zst PeerTube-ff9d43f62a4f4737c5bfe955883b48c5440f323a.zip |
Refactor video rights checker
Diffstat (limited to 'server/middlewares/validators/videos')
4 files changed, 13 insertions, 33 deletions
diff --git a/server/middlewares/validators/videos/video-captions.ts b/server/middlewares/validators/videos/video-captions.ts index 441c6b4be..dfb8fefc5 100644 --- a/server/middlewares/validators/videos/video-captions.ts +++ b/server/middlewares/validators/videos/video-captions.ts | |||
@@ -7,7 +7,7 @@ import { logger } from '../../../helpers/logger' | |||
7 | import { CONSTRAINTS_FIELDS, MIMETYPES } from '../../../initializers/constants' | 7 | import { CONSTRAINTS_FIELDS, MIMETYPES } from '../../../initializers/constants' |
8 | import { | 8 | import { |
9 | areValidationErrors, | 9 | areValidationErrors, |
10 | checkCanSeeVideoIfPrivate, | 10 | checkCanSeeVideo, |
11 | checkUserCanManageVideo, | 11 | checkUserCanManageVideo, |
12 | doesVideoCaptionExist, | 12 | doesVideoCaptionExist, |
13 | doesVideoExist, | 13 | doesVideoExist, |
@@ -74,7 +74,7 @@ const listVideoCaptionsValidator = [ | |||
74 | if (!await doesVideoExist(req.params.videoId, res, 'only-video')) return | 74 | if (!await doesVideoExist(req.params.videoId, res, 'only-video')) return |
75 | 75 | ||
76 | const video = res.locals.onlyVideo | 76 | const video = res.locals.onlyVideo |
77 | if (!await checkCanSeeVideoIfPrivate(req, res, video)) return | 77 | if (!await checkCanSeeVideo({ req, res, video, paramId: req.params.videoId })) return |
78 | 78 | ||
79 | return next() | 79 | return next() |
80 | } | 80 | } |
diff --git a/server/middlewares/validators/videos/video-comments.ts b/server/middlewares/validators/videos/video-comments.ts index 698afdbd1..b22a4e3b7 100644 --- a/server/middlewares/validators/videos/video-comments.ts +++ b/server/middlewares/validators/videos/video-comments.ts | |||
@@ -10,7 +10,7 @@ import { Hooks } from '../../../lib/plugins/hooks' | |||
10 | import { MCommentOwnerVideoReply, MVideo, MVideoFullLight } from '../../../types/models/video' | 10 | import { MCommentOwnerVideoReply, MVideo, MVideoFullLight } from '../../../types/models/video' |
11 | import { | 11 | import { |
12 | areValidationErrors, | 12 | areValidationErrors, |
13 | checkCanSeeVideoIfPrivate, | 13 | checkCanSeeVideo, |
14 | doesVideoCommentExist, | 14 | doesVideoCommentExist, |
15 | doesVideoCommentThreadExist, | 15 | doesVideoCommentThreadExist, |
16 | doesVideoExist, | 16 | doesVideoExist, |
@@ -54,7 +54,7 @@ const listVideoCommentThreadsValidator = [ | |||
54 | if (areValidationErrors(req, res)) return | 54 | if (areValidationErrors(req, res)) return |
55 | if (!await doesVideoExist(req.params.videoId, res, 'only-video')) return | 55 | if (!await doesVideoExist(req.params.videoId, res, 'only-video')) return |
56 | 56 | ||
57 | if (!await checkCanSeeVideoIfPrivate(req, res, res.locals.onlyVideo)) return | 57 | if (!await checkCanSeeVideo({ req, res, paramId: req.params.videoId, video: res.locals.onlyVideo })) return |
58 | 58 | ||
59 | return next() | 59 | return next() |
60 | } | 60 | } |
@@ -73,7 +73,7 @@ const listVideoThreadCommentsValidator = [ | |||
73 | if (!await doesVideoExist(req.params.videoId, res, 'only-video')) return | 73 | if (!await doesVideoExist(req.params.videoId, res, 'only-video')) return |
74 | if (!await doesVideoCommentThreadExist(req.params.threadId, res.locals.onlyVideo, res)) return | 74 | if (!await doesVideoCommentThreadExist(req.params.threadId, res.locals.onlyVideo, res)) return |
75 | 75 | ||
76 | if (!await checkCanSeeVideoIfPrivate(req, res, res.locals.onlyVideo)) return | 76 | if (!await checkCanSeeVideo({ req, res, paramId: req.params.videoId, video: res.locals.onlyVideo })) return |
77 | 77 | ||
78 | return next() | 78 | return next() |
79 | } | 79 | } |
@@ -91,7 +91,7 @@ const addVideoCommentThreadValidator = [ | |||
91 | if (areValidationErrors(req, res)) return | 91 | if (areValidationErrors(req, res)) return |
92 | if (!await doesVideoExist(req.params.videoId, res)) return | 92 | if (!await doesVideoExist(req.params.videoId, res)) return |
93 | 93 | ||
94 | if (!await checkCanSeeVideoIfPrivate(req, res, res.locals.videoAll)) return | 94 | if (!await checkCanSeeVideo({ req, res, paramId: req.params.videoId, video: res.locals.videoAll })) return |
95 | 95 | ||
96 | if (!isVideoCommentsEnabled(res.locals.videoAll, res)) return | 96 | if (!isVideoCommentsEnabled(res.locals.videoAll, res)) return |
97 | if (!await isVideoCommentAccepted(req, res, res.locals.videoAll, false)) return | 97 | if (!await isVideoCommentAccepted(req, res, res.locals.videoAll, false)) return |
@@ -113,7 +113,7 @@ const addVideoCommentReplyValidator = [ | |||
113 | if (areValidationErrors(req, res)) return | 113 | if (areValidationErrors(req, res)) return |
114 | if (!await doesVideoExist(req.params.videoId, res)) return | 114 | if (!await doesVideoExist(req.params.videoId, res)) return |
115 | 115 | ||
116 | if (!await checkCanSeeVideoIfPrivate(req, res, res.locals.videoAll)) return | 116 | if (!await checkCanSeeVideo({ req, res, paramId: req.params.videoId, video: res.locals.videoAll })) return |
117 | 117 | ||
118 | if (!isVideoCommentsEnabled(res.locals.videoAll, res)) return | 118 | if (!isVideoCommentsEnabled(res.locals.videoAll, res)) return |
119 | if (!await doesVideoCommentExist(req.params.commentId, res.locals.videoAll, res)) return | 119 | if (!await doesVideoCommentExist(req.params.commentId, res.locals.videoAll, res)) return |
diff --git a/server/middlewares/validators/videos/video-rates.ts b/server/middlewares/validators/videos/video-rates.ts index 1a9736034..8b8eeedb6 100644 --- a/server/middlewares/validators/videos/video-rates.ts +++ b/server/middlewares/validators/videos/video-rates.ts | |||
@@ -8,7 +8,7 @@ import { isRatingValid } from '../../../helpers/custom-validators/video-rates' | |||
8 | import { isVideoRatingTypeValid } from '../../../helpers/custom-validators/videos' | 8 | import { isVideoRatingTypeValid } from '../../../helpers/custom-validators/videos' |
9 | import { logger } from '../../../helpers/logger' | 9 | import { logger } from '../../../helpers/logger' |
10 | import { AccountVideoRateModel } from '../../../models/account/account-video-rate' | 10 | import { AccountVideoRateModel } from '../../../models/account/account-video-rate' |
11 | import { areValidationErrors, checkCanSeeVideoIfPrivate, doesVideoExist, isValidVideoIdParam } from '../shared' | 11 | import { areValidationErrors, checkCanSeeVideo, doesVideoExist, isValidVideoIdParam } from '../shared' |
12 | 12 | ||
13 | const videoUpdateRateValidator = [ | 13 | const videoUpdateRateValidator = [ |
14 | isValidVideoIdParam('id'), | 14 | isValidVideoIdParam('id'), |
@@ -21,7 +21,7 @@ const videoUpdateRateValidator = [ | |||
21 | if (areValidationErrors(req, res)) return | 21 | if (areValidationErrors(req, res)) return |
22 | if (!await doesVideoExist(req.params.id, res)) return | 22 | if (!await doesVideoExist(req.params.id, res)) return |
23 | 23 | ||
24 | if (!await checkCanSeeVideoIfPrivate(req, res, res.locals.videoAll)) return | 24 | if (!await checkCanSeeVideo({ req, res, paramId: req.params.id, video: res.locals.videoAll })) return |
25 | 25 | ||
26 | return next() | 26 | return next() |
27 | } | 27 | } |
diff --git a/server/middlewares/validators/videos/videos.ts b/server/middlewares/validators/videos/videos.ts index c75c3640b..c6d31f8f0 100644 --- a/server/middlewares/validators/videos/videos.ts +++ b/server/middlewares/validators/videos/videos.ts | |||
@@ -7,14 +7,13 @@ import { getServerActor } from '@server/models/application/application' | |||
7 | import { ExpressPromiseHandler } from '@server/types/express-handler' | 7 | import { ExpressPromiseHandler } from '@server/types/express-handler' |
8 | import { MUserAccountId, MVideoFullLight } from '@server/types/models' | 8 | import { MUserAccountId, MVideoFullLight } from '@server/types/models' |
9 | import { getAllPrivacies } from '@shared/core-utils' | 9 | import { getAllPrivacies } from '@shared/core-utils' |
10 | import { HttpStatusCode, ServerErrorCode, UserRight, VideoInclude, VideoPrivacy } from '@shared/models' | 10 | import { HttpStatusCode, ServerErrorCode, UserRight, VideoInclude } from '@shared/models' |
11 | import { | 11 | import { |
12 | exists, | 12 | exists, |
13 | isBooleanValid, | 13 | isBooleanValid, |
14 | isDateValid, | 14 | isDateValid, |
15 | isFileValid, | 15 | isFileValid, |
16 | isIdValid, | 16 | isIdValid, |
17 | isUUIDValid, | ||
18 | toArray, | 17 | toArray, |
19 | toBooleanOrNull, | 18 | toBooleanOrNull, |
20 | toIntOrNull, | 19 | toIntOrNull, |
@@ -50,7 +49,7 @@ import { Hooks } from '../../../lib/plugins/hooks' | |||
50 | import { VideoModel } from '../../../models/video/video' | 49 | import { VideoModel } from '../../../models/video/video' |
51 | import { | 50 | import { |
52 | areValidationErrors, | 51 | areValidationErrors, |
53 | checkCanSeePrivateVideo, | 52 | checkCanSeeVideo, |
54 | checkUserCanManageVideo, | 53 | checkUserCanManageVideo, |
55 | checkUserQuota, | 54 | checkUserQuota, |
56 | doesVideoChannelOfAccountExist, | 55 | doesVideoChannelOfAccountExist, |
@@ -297,28 +296,9 @@ const videosCustomGetValidator = ( | |||
297 | 296 | ||
298 | const video = getVideoWithAttributes(res) as MVideoFullLight | 297 | const video = getVideoWithAttributes(res) as MVideoFullLight |
299 | 298 | ||
300 | // Video private or blacklisted | 299 | if (!await checkCanSeeVideo({ req, res, video, paramId: req.params.id, authenticateInQuery })) return |
301 | if (video.requiresAuth()) { | ||
302 | if (await checkCanSeePrivateVideo(req, res, video, authenticateInQuery)) { | ||
303 | return next() | ||
304 | } | ||
305 | 300 | ||
306 | return | 301 | return next() |
307 | } | ||
308 | |||
309 | // Video is public, anyone can access it | ||
310 | if (video.privacy === VideoPrivacy.PUBLIC) return next() | ||
311 | |||
312 | // Video is unlisted, check we used the uuid to fetch it | ||
313 | if (video.privacy === VideoPrivacy.UNLISTED) { | ||
314 | if (isUUIDValid(req.params.id)) return next() | ||
315 | |||
316 | // Don't leak this unlisted video | ||
317 | return res.fail({ | ||
318 | status: HttpStatusCode.NOT_FOUND_404, | ||
319 | message: 'Video not found' | ||
320 | }) | ||
321 | } | ||
322 | } | 302 | } |
323 | ] | 303 | ] |
324 | } | 304 | } |