Merge branch 'develop' into cli-wrapper

author: Chocobozzz <me@florianbigard.com> 2018-09-20 16:24:31 +0200
committer: GitHub <noreply@github.com> 2018-09-20 16:24:31 +0200
commit: 0491173a61aed66205c017e0d7e0503ea316c144 (patch)
tree: ce6621597505f9518cfdf0981977d097c63f9fad /server/middlewares/validators
parent: 8704acf49efc770d73bf07c10468ed8c74d28a83 (diff)
parent: 6247b2057b792cea155a1abd9788c363ae7d2cc2 (diff)
download: PeerTube-0491173a61aed66205c017e0d7e0503ea316c144.tar.gz
PeerTube-0491173a61aed66205c017e0d7e0503ea316c144.tar.zst
PeerTube-0491173a61aed66205c017e0d7e0503ea316c144.zip
4 files changed, 40 insertions, 36 deletions
diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts
index d13c50c84..d3ba1ae23 100644
--- a/server/middlewares/validators/users.ts
+++ b/server/middlewares/validators/users.ts
@@ -172,7 +172,7 @@ const usersVideoRatingValidator = [
    logger.debug('Checking usersVideoRating parameters', { parameters: req.params })
    if (areValidationErrors(req, res)) return
-    if (!await isVideoExist(req.params.videoId, res)) return
+    if (!await isVideoExist(req.params.videoId, res, 'id')) return
    return next()
  }
diff --git a/server/middlewares/validators/video-captions.ts b/server/middlewares/validators/video-captions.ts
index 4f393ea84..51ffd7f3c 100644
--- a/server/middlewares/validators/video-captions.ts
+++ b/server/middlewares/validators/video-captions.ts
@@ -58,7 +58,7 @@ const listVideoCaptionsValidator = [
    logger.debug('Checking listVideoCaptions parameters', { parameters: req.params })
    if (areValidationErrors(req, res)) return
-    if (!await isVideoExist(req.params.videoId, res)) return
+    if (!await isVideoExist(req.params.videoId, res, 'id')) return
    return next()
  }
diff --git a/server/middlewares/validators/video-comments.ts b/server/middlewares/validators/video-comments.ts
index 227bc1fca..693852499 100644
--- a/server/middlewares/validators/video-comments.ts
+++ b/server/middlewares/validators/video-comments.ts
@@ -17,7 +17,7 @@ const listVideoCommentThreadsValidator = [
    logger.debug('Checking listVideoCommentThreads parameters.', { parameters: req.params })
    if (areValidationErrors(req, res)) return
-    if (!await isVideoExist(req.params.videoId, res)) return
+    if (!await isVideoExist(req.params.videoId, res, 'only-video')) return
    return next()
  }
@@ -31,7 +31,7 @@ const listVideoThreadCommentsValidator = [
    logger.debug('Checking listVideoThreadComments parameters.', { parameters: req.params })
    if (areValidationErrors(req, res)) return
-    if (!await isVideoExist(req.params.videoId, res)) return
+    if (!await isVideoExist(req.params.videoId, res, 'only-video')) return
    if (!await isVideoCommentThreadExist(req.params.threadId, res.locals.video, res)) return
    return next()
@@ -78,7 +78,7 @@ const videoCommentGetValidator = [
    logger.debug('Checking videoCommentGetValidator parameters.', { parameters: req.params })
    if (areValidationErrors(req, res)) return
-    if (!await isVideoExist(req.params.videoId, res)) return
+    if (!await isVideoExist(req.params.videoId, res, 'id')) return
    if (!await isVideoCommentExist(req.params.commentId, res.locals.video, res)) return
    return next()
diff --git a/server/middlewares/validators/videos.ts b/server/middlewares/validators/videos.ts
index 9befbc9ee..67eabe468 100644
--- a/server/middlewares/validators/videos.ts
+++ b/server/middlewares/validators/videos.ts
@@ -41,6 +41,7 @@ import { checkUserCanTerminateOwnershipChange, doesChangeVideoOwnershipExist } f
 import { VideoChangeOwnershipAccept } from '../../../shared/models/videos/video-change-ownership-accept.model'
 import { VideoChangeOwnershipModel } from '../../models/video/video-change-ownership'
 import { AccountModel } from '../../models/account/account'
+import { VideoFetchType } from '../../helpers/video'
 const videosAddValidator = getCommonVideoAttributes().concat([
  body('videofile')
@@ -128,47 +129,49 @@ const videosUpdateValidator = getCommonVideoAttributes().concat([
  }
 ])
-const videosGetValidator = [
+const videosCustomGetValidator = (fetchType: VideoFetchType) => {
-  param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
+  return [
+    param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
-  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
-    logger.debug('Checking videosGet parameters', { parameters: req.params })
-    if (areValidationErrors(req, res)) return
+    async (req: express.Request, res: express.Response, next: express.NextFunction) => {
-    if (!await isVideoExist(req.params.id, res)) return
+      logger.debug('Checking videosGet parameters', { parameters: req.params })
-    const video: VideoModel = res.locals.video
+      if (areValidationErrors(req, res)) return
+      if (!await isVideoExist(req.params.id, res, fetchType)) return
-    // Video private or blacklisted
+      const video: VideoModel = res.locals.video
-    if (video.privacy === VideoPrivacy.PRIVATE || video.VideoBlacklist) {
-      return authenticate(req, res, () => {
-        const user: UserModel = res.locals.oauth.token.User
-        // Only the owner or a user that have blacklist rights can see the video
+      // Video private or blacklisted
-        if (video.VideoChannel.Account.userId !== user.id && !user.hasRight(UserRight.MANAGE_VIDEO_BLACKLIST)) {
+      if (video.privacy === VideoPrivacy.PRIVATE || video.VideoBlacklist) {
-          return res.status(403)
+        return authenticate(req, res, () => {
-                    .json({ error: 'Cannot get this private or blacklisted video.' })
+          const user: UserModel = res.locals.oauth.token.User
-                    .end()
-        }
-        return next()
+          // Only the owner or a user that have blacklist rights can see the video
-      })
+          if (video.VideoChannel.Account.userId !== user.id && !user.hasRight(UserRight.MANAGE_VIDEO_BLACKLIST)) {
+            return res.status(403)
+                      .json({ error: 'Cannot get this private or blacklisted video.' })
+                      .end()
+          }
-      return
+          return next()
-    }
+        })
+      }
-    // Video is public, anyone can access it
+      // Video is public, anyone can access it
-    if (video.privacy === VideoPrivacy.PUBLIC) return next()
+      if (video.privacy === VideoPrivacy.PUBLIC) return next()
-    // Video is unlisted, check we used the uuid to fetch it
+      // Video is unlisted, check we used the uuid to fetch it
-    if (video.privacy === VideoPrivacy.UNLISTED) {
+      if (video.privacy === VideoPrivacy.UNLISTED) {
-      if (isUUIDValid(req.params.id)) return next()
+        if (isUUIDValid(req.params.id)) return next()
-      // Don't leak this unlisted video
+        // Don't leak this unlisted video
-      return res.status(404).end()
+        return res.status(404).end()
+      }
    }
-  }
+  ]
-]
+}
+const videosGetValidator = videosCustomGetValidator('all')
 const videosRemoveValidator = [
  param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
@@ -366,6 +369,7 @@ export {
  videosAddValidator,
  videosUpdateValidator,
  videosGetValidator,
+  videosCustomGetValidator,
  videosRemoveValidator,
  videosShareValidator,
author	Chocobozzz <me@florianbigard.com>	2018-09-20 16:24:31 +0200
committer	GitHub <noreply@github.com>	2018-09-20 16:24:31 +0200
commit	0491173a61aed66205c017e0d7e0503ea316c144 (patch)
tree	ce6621597505f9518cfdf0981977d097c63f9fad /server/middlewares/validators
parent	8704acf49efc770d73bf07c10468ed8c74d28a83 (diff)
parent	6247b2057b792cea155a1abd9788c363ae7d2cc2 (diff)
download	PeerTube-0491173a61aed66205c017e0d7e0503ea316c144.tar.gz PeerTube-0491173a61aed66205c017e0d7e0503ea316c144.tar.zst PeerTube-0491173a61aed66205c017e0d7e0503ea316c144.zip

diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts index d13c50c84..d3ba1ae23 100644 --- a/server/middlewares/validators/users.ts +++ b/server/middlewares/validators/users.ts
@@ -172,7 +172,7 @@ const usersVideoRatingValidator = [
172	logger.debug('Checking usersVideoRating parameters', { parameters: req.params })	172	logger.debug('Checking usersVideoRating parameters', { parameters: req.params })
173		173
174	if (areValidationErrors(req, res)) return	174	if (areValidationErrors(req, res)) return
175	if (!await isVideoExist(req.params.videoId, res)) return	175	if (!await isVideoExist(req.params.videoId, res, 'id')) return
176		176
177	return next()	177	return next()
178	}	178	}


diff --git a/server/middlewares/validators/video-captions.ts b/server/middlewares/validators/video-captions.ts index 4f393ea84..51ffd7f3c 100644 --- a/server/middlewares/validators/video-captions.ts +++ b/server/middlewares/validators/video-captions.ts
@@ -58,7 +58,7 @@ const listVideoCaptionsValidator = [
58	logger.debug('Checking listVideoCaptions parameters', { parameters: req.params })	58	logger.debug('Checking listVideoCaptions parameters', { parameters: req.params })
59		59
60	if (areValidationErrors(req, res)) return	60	if (areValidationErrors(req, res)) return
61	if (!await isVideoExist(req.params.videoId, res)) return	61	if (!await isVideoExist(req.params.videoId, res, 'id')) return
62		62
63	return next()	63	return next()
64	}	64	}


diff --git a/server/middlewares/validators/video-comments.ts b/server/middlewares/validators/video-comments.ts index 227bc1fca..693852499 100644 --- a/server/middlewares/validators/video-comments.ts +++ b/server/middlewares/validators/video-comments.ts
@@ -17,7 +17,7 @@ const listVideoCommentThreadsValidator = [
17	logger.debug('Checking listVideoCommentThreads parameters.', { parameters: req.params })	17	logger.debug('Checking listVideoCommentThreads parameters.', { parameters: req.params })
18		18
19	if (areValidationErrors(req, res)) return	19	if (areValidationErrors(req, res)) return
20	if (!await isVideoExist(req.params.videoId, res)) return	20	if (!await isVideoExist(req.params.videoId, res, 'only-video')) return
21		21
22	return next()	22	return next()
23	}	23	}
@@ -31,7 +31,7 @@ const listVideoThreadCommentsValidator = [
31	logger.debug('Checking listVideoThreadComments parameters.', { parameters: req.params })	31	logger.debug('Checking listVideoThreadComments parameters.', { parameters: req.params })
32		32
33	if (areValidationErrors(req, res)) return	33	if (areValidationErrors(req, res)) return
34	if (!await isVideoExist(req.params.videoId, res)) return	34	if (!await isVideoExist(req.params.videoId, res, 'only-video')) return
35	if (!await isVideoCommentThreadExist(req.params.threadId, res.locals.video, res)) return	35	if (!await isVideoCommentThreadExist(req.params.threadId, res.locals.video, res)) return
36		36
37	return next()	37	return next()
@@ -78,7 +78,7 @@ const videoCommentGetValidator = [
78	logger.debug('Checking videoCommentGetValidator parameters.', { parameters: req.params })	78	logger.debug('Checking videoCommentGetValidator parameters.', { parameters: req.params })
79		79
80	if (areValidationErrors(req, res)) return	80	if (areValidationErrors(req, res)) return
81	if (!await isVideoExist(req.params.videoId, res)) return	81	if (!await isVideoExist(req.params.videoId, res, 'id')) return
82	if (!await isVideoCommentExist(req.params.commentId, res.locals.video, res)) return	82	if (!await isVideoCommentExist(req.params.commentId, res.locals.video, res)) return
83		83
84	return next()	84	return next()


diff --git a/server/middlewares/validators/videos.ts b/server/middlewares/validators/videos.ts index 9befbc9ee..67eabe468 100644 --- a/server/middlewares/validators/videos.ts +++ b/server/middlewares/validators/videos.ts
@@ -41,6 +41,7 @@ import { checkUserCanTerminateOwnershipChange, doesChangeVideoOwnershipExist } f
41	import { VideoChangeOwnershipAccept } from '../../../shared/models/videos/video-change-ownership-accept.model'	41	import { VideoChangeOwnershipAccept } from '../../../shared/models/videos/video-change-ownership-accept.model'
42	import { VideoChangeOwnershipModel } from '../../models/video/video-change-ownership'	42	import { VideoChangeOwnershipModel } from '../../models/video/video-change-ownership'
43	import { AccountModel } from '../../models/account/account'	43	import { AccountModel } from '../../models/account/account'
		44	import { VideoFetchType } from '../../helpers/video'
44		45
45	const videosAddValidator = getCommonVideoAttributes().concat([	46	const videosAddValidator = getCommonVideoAttributes().concat([
46	body('videofile')	47	body('videofile')
@@ -128,47 +129,49 @@ const videosUpdateValidator = getCommonVideoAttributes().concat([
128	}	129	}
129	])	130	])
130		131
131	const videosGetValidator = [	132	const videosCustomGetValidator = (fetchType: VideoFetchType) => {
132	param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),	133	return [
133		134	param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
134	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
135	logger.debug('Checking videosGet parameters', { parameters: req.params })
136		135
137	if (areValidationErrors(req, res)) return	136	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
138	if (!await isVideoExist(req.params.id, res)) return	137	logger.debug('Checking videosGet parameters', { parameters: req.params })
139		138
140	const video: VideoModel = res.locals.video	139	if (areValidationErrors(req, res)) return
		140	if (!await isVideoExist(req.params.id, res, fetchType)) return
141		141
142	// Video private or blacklisted	142	const video: VideoModel = res.locals.video
143	if (video.privacy === VideoPrivacy.PRIVATE \|\| video.VideoBlacklist) {
144	return authenticate(req, res, () => {
145	const user: UserModel = res.locals.oauth.token.User
146		143
147	// Only the owner or a user that have blacklist rights can see the video	144	// Video private or blacklisted
148	if (video.VideoChannel.Account.userId !== user.id && !user.hasRight(UserRight.MANAGE_VIDEO_BLACKLIST)) {	145	if (video.privacy === VideoPrivacy.PRIVATE \|\| video.VideoBlacklist) {
149	return res.status(403)	146	return authenticate(req, res, () => {
150	.json({ error: 'Cannot get this private or blacklisted video.' })	147	const user: UserModel = res.locals.oauth.token.User
151	.end()
152	}
153		148
154	return next()	149	// Only the owner or a user that have blacklist rights can see the video
155	})	150	if (video.VideoChannel.Account.userId !== user.id && !user.hasRight(UserRight.MANAGE_VIDEO_BLACKLIST)) {
		151	return res.status(403)
		152	.json({ error: 'Cannot get this private or blacklisted video.' })
		153	.end()
		154	}
156		155
157	return	156	return next()
158	}	157	})
		158	}
159		159
160	// Video is public, anyone can access it	160	// Video is public, anyone can access it
161	if (video.privacy === VideoPrivacy.PUBLIC) return next()	161	if (video.privacy === VideoPrivacy.PUBLIC) return next()
162		162
163	// Video is unlisted, check we used the uuid to fetch it	163	// Video is unlisted, check we used the uuid to fetch it
164	if (video.privacy === VideoPrivacy.UNLISTED) {	164	if (video.privacy === VideoPrivacy.UNLISTED) {
165	if (isUUIDValid(req.params.id)) return next()	165	if (isUUIDValid(req.params.id)) return next()
166		166
167	// Don't leak this unlisted video	167	// Don't leak this unlisted video
168	return res.status(404).end()	168	return res.status(404).end()
		169	}
169	}	170	}
170	}	171	]
171	]	172	}
		173
		174	const videosGetValidator = videosCustomGetValidator('all')
172		175
173	const videosRemoveValidator = [	176	const videosRemoveValidator = [
174	param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),	177	param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
@@ -366,6 +369,7 @@ export {
366	videosAddValidator,	369	videosAddValidator,
367	videosUpdateValidator,	370	videosUpdateValidator,
368	videosGetValidator,	371	videosGetValidator,
		372	videosCustomGetValidator,
369	videosRemoveValidator,	373	videosRemoveValidator,
370	videosShareValidator,	374	videosShareValidator,
371		375