Upgrade express validator to v4

author: Chocobozzz <florian.bigard@gmail.com> 2017-09-15 12:17:08 +0200
committer: Chocobozzz <florian.bigard@gmail.com> 2017-09-15 12:17:08 +0200
commit: b60e5f38daf77e720a27aa86d3b482c58906a03a (patch)
tree: a70909860ab9705d348b3c082f8af440e0a5e4d2 /server/middlewares
parent: 315cc0cc1871ab2a6d6c1bb61cf7b9f10511c3a9 (diff)
download: PeerTube-b60e5f38daf77e720a27aa86d3b482c58906a03a.tar.gz
PeerTube-b60e5f38daf77e720a27aa86d3b482c58906a03a.tar.zst
PeerTube-b60e5f38daf77e720a27aa86d3b482c58906a03a.zip
8 files changed, 427 insertions, 359 deletions
diff --git a/server/middlewares/validators/pagination.ts b/server/middlewares/validators/pagination.ts
index cca8295ff..a5a542cdf 100644
--- a/server/middlewares/validators/pagination.ts
+++ b/server/middlewares/validators/pagination.ts
@@ -1,17 +1,19 @@
-import 'express-validator'
+import { query } from 'express-validator/check'
 import * as express from 'express'
 import { checkErrors } from './utils'
 import { logger } from '../../helpers'
-function paginationValidator (req: express.Request, res: express.Response, next: express.NextFunction) {
+const paginationValidator = [
-  req.checkQuery('start', 'Should have a number start').optional().isInt()
+  query('start').optional().isInt().withMessage('Should have a number start'),
-  req.checkQuery('count', 'Should have a number count').optional().isInt()
+  query('count').optional().isInt().withMessage('Should have a number count'),
-  logger.debug('Checking pagination parameters', { parameters: req.query })
+  (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    logger.debug('Checking pagination parameters', { parameters: req.query })
-  checkErrors(req, res, next)
+    checkErrors(req, res, next)
-}
+  }
+]
 // ---------------------------------------------------------------------------
diff --git a/server/middlewares/validators/pods.ts b/server/middlewares/validators/pods.ts
index 3a0f56f6a..ab7702e78 100644
--- a/server/middlewares/validators/pods.ts
+++ b/server/middlewares/validators/pods.ts
@@ -1,89 +1,96 @@
-import 'express-validator'
+import { body, param } from 'express-validator/check'
 import * as express from 'express'
 import { database as db } from '../../initializers/database'
 import { checkErrors } from './utils'
-import { logger } from '../../helpers'
+import { logger, isEachUniqueHostValid, isHostValid } from '../../helpers'
 import { CONFIG } from '../../initializers'
 import { hasFriends } from '../../lib'
 import { isTestInstance } from '../../helpers'
-function makeFriendsValidator (req: express.Request, res: express.Response, next: express.NextFunction) {
+const makeFriendsValidator = [
-  // Force https if the administrator wants to make friends
+  body('hosts').custom(isEachUniqueHostValid).withMessage('Should have an array of unique hosts'),
-  if (isTestInstance() === false && CONFIG.WEBSERVER.SCHEME === 'http') {
-    return res.status(400)
+  (req: express.Request, res: express.Response, next: express.NextFunction) => {
-              .json({
+    // Force https if the administrator wants to make friends
-                error: 'Cannot make friends with a non HTTPS web server.'
+    if (isTestInstance() === false && CONFIG.WEBSERVER.SCHEME === 'http') {
-              })
+      return res.status(400)
-              .end()
+                .json({
+                  error: 'Cannot make friends with a non HTTPS web server.'
+                })
+                .end()
+    }
+    logger.debug('Checking makeFriends parameters', { parameters: req.body })
+    checkErrors(req, res, () => {
+      hasFriends()
+        .then(heHasFriends => {
+          if (heHasFriends === true) {
+            // We need to quit our friends before make new ones
+            return res.sendStatus(409)
+          }
+          return next()
+        })
+        .catch(err => {
+          logger.error('Cannot know if we have friends.', err)
+          res.sendStatus(500)
+        })
+    })
  }
+]
-  req.checkBody('hosts', 'Should have an array of unique hosts').isEachUniqueHostValid()
+const podsAddValidator = [
+  body('host').custom(isHostValid).withMessage('Should have a host'),
-  logger.debug('Checking makeFriends parameters', { parameters: req.body })
+  body('email').isEmail().withMessage('Should have an email'),
+  body('publicKey').not().isEmpty().withMessage('Should have a public key'),
-  checkErrors(req, res, () => {
-    hasFriends()
-      .then(heHasFriends => {
-        if (heHasFriends === true) {
-          // We need to quit our friends before make new ones
-          return res.sendStatus(409)
-        }
-        return next()
-      })
-      .catch(err => {
-        logger.error('Cannot know if we have friends.', err)
-        res.sendStatus(500)
-      })
-  })
-}
-function podsAddValidator (req: express.Request, res: express.Response, next: express.NextFunction) {
+  (req: express.Request, res: express.Response, next: express.NextFunction) => {
-  req.checkBody('host', 'Should have a host').isHostValid()
+    logger.debug('Checking podsAdd parameters', { parameters: req.body })
-  req.checkBody('email', 'Should have an email').isEmail()
-  req.checkBody('publicKey', 'Should have a public key').notEmpty()
-  logger.debug('Checking podsAdd parameters', { parameters: req.body })
-  checkErrors(req, res, () => {
-    db.Pod.loadByHost(req.body.host)
-      .then(pod => {
-        // Pod with this host already exists
-        if (pod) {
-          return res.sendStatus(409)
-        }
-        return next()
-      })
-      .catch(err => {
-        logger.error('Cannot load pod by host.', err)
-        res.sendStatus(500)
-      })
-  })
-}
-function podRemoveValidator (req: express.Request, res: express.Response, next: express.NextFunction) {
+    checkErrors(req, res, () => {
-  req.checkParams('id', 'Should have a valid id').notEmpty().isNumeric()
+      db.Pod.loadByHost(req.body.host)
+        .then(pod => {
-  logger.debug('Checking podRemoveValidator parameters', { parameters: req.params })
+          // Pod with this host already exists
+          if (pod) {
-  checkErrors(req, res, function () {
+            return res.sendStatus(409)
-    db.Pod.load(req.params.id)
+          }
-      .then(pod => {
-        if (!pod) {
+          return next()
-          logger.error('Cannot find pod %d.', req.params.id)
+        })
-          return res.sendStatus(404)
+        .catch(err => {
-        }
+          logger.error('Cannot load pod by host.', err)
+          res.sendStatus(500)
-        res.locals.pod = pod
+        })
-        return next()
+    })
-      })
+  }
-      .catch(err => {
+]
-        logger.error('Cannot load pod %d.', req.params.id, err)
-        res.sendStatus(500)
+const podRemoveValidator = [
-      })
+  param('id').isNumeric().not().isEmpty().withMessage('Should have a valid id'),
-  })
-}
+  (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    logger.debug('Checking podRemoveValidator parameters', { parameters: req.params })
+    checkErrors(req, res, () => {
+      db.Pod.load(req.params.id)
+        .then(pod => {
+          if (!pod) {
+            logger.error('Cannot find pod %d.', req.params.id)
+            return res.sendStatus(404)
+          }
+          res.locals.pod = pod
+          return next()
+        })
+        .catch(err => {
+          logger.error('Cannot load pod %d.', req.params.id, err)
+          res.sendStatus(500)
+        })
+    })
+  }
+]
 // ---------------------------------------------------------------------------
diff --git a/server/middlewares/validators/remote/signature.ts b/server/middlewares/validators/remote/signature.ts
index eb5c196eb..d3937b515 100644
--- a/server/middlewares/validators/remote/signature.ts
+++ b/server/middlewares/validators/remote/signature.ts
@@ -1,17 +1,19 @@
-import 'express-validator'
+import { body } from 'express-validator/check'
 import * as express from 'express'
-import { logger } from '../../../helpers'
+import { logger, isHostValid } from '../../../helpers'
 import { checkErrors } from '../utils'
-function signatureValidator (req: express.Request, res: express.Response, next: express.NextFunction) {
+const signatureValidator = [
-  req.checkBody('signature.host', 'Should have a signature host').isURL()
+  body('signature.host').custom(isHostValid).withMessage('Should have a signature host'),
-  req.checkBody('signature.signature', 'Should have a signature').notEmpty()
+  body('signature.signature').not().isEmpty().withMessage('Should have a signature'),
-  logger.debug('Checking signature parameters', { parameters: { signature: req.body.signature } })
+  (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    logger.debug('Checking signature parameters', { parameters: { signature: req.body.signature } })
-  checkErrors(req, res, next)
+    checkErrors(req, res, next)
-}
+  }
+]
 // ---------------------------------------------------------------------------
diff --git a/server/middlewares/validators/remote/videos.ts b/server/middlewares/validators/remote/videos.ts
index 2037c0085..e4682a60b 100644
--- a/server/middlewares/validators/remote/videos.ts
+++ b/server/middlewares/validators/remote/videos.ts
@@ -1,32 +1,43 @@
-import 'express-validator'
+import { body } from 'express-validator/check'
 import * as express from 'express'
-import { logger } from '../../../helpers'
+import {
+  logger,
+  isEachRemoteRequestVideosValid,
+  isEachRemoteRequestVideosQaduValid,
+  isEachRemoteRequestVideosEventsValid
+} from '../../../helpers'
 import { checkErrors } from '../utils'
-function remoteVideosValidator (req: express.Request, res: express.Response, next: express.NextFunction) {
+const remoteVideosValidator = [
-  req.checkBody('data').isEachRemoteRequestVideosValid()
+  body('data').custom(isEachRemoteRequestVideosValid),
-  logger.debug('Checking remoteVideos parameters', { parameters: req.body })
+  (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    logger.debug('Checking remoteVideos parameters', { parameters: req.body })
-  checkErrors(req, res, next)
+    checkErrors(req, res, next)
-}
+  }
+]
-function remoteQaduVideosValidator (req: express.Request, res: express.Response, next: express.NextFunction) {
+const remoteQaduVideosValidator = [
-  req.checkBody('data').isEachRemoteRequestVideosQaduValid()
+  body('data').custom(isEachRemoteRequestVideosQaduValid),
-  logger.debug('Checking remoteQaduVideos parameters', { parameters: req.body })
+  (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    logger.debug('Checking remoteQaduVideos parameters', { parameters: req.body })
-  checkErrors(req, res, next)
+    checkErrors(req, res, next)
-}
+  }
+]
-function remoteEventsVideosValidator (req: express.Request, res: express.Response, next: express.NextFunction) {
+const remoteEventsVideosValidator = [
-  req.checkBody('data').isEachRemoteRequestVideosEventsValid()
+  body('data').custom(isEachRemoteRequestVideosEventsValid),
-  logger.debug('Checking remoteEventsVideos parameters', { parameters: req.body })
+  (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    logger.debug('Checking remoteEventsVideos parameters', { parameters: req.body })
-  checkErrors(req, res, next)
+    checkErrors(req, res, next)
-}
+  }
+]
 // ---------------------------------------------------------------------------
diff --git a/server/middlewares/validators/sort.ts b/server/middlewares/validators/sort.ts
index 3baee9fb3..71b18acb0 100644
--- a/server/middlewares/validators/sort.ts
+++ b/server/middlewares/validators/sort.ts
@@ -1,4 +1,4 @@
-import 'express-validator'
+import { query } from 'express-validator/check'
 import * as express from 'express'
 import { checkErrors } from './utils'
@@ -10,17 +10,9 @@ const SORTABLE_USERS_COLUMNS = createSortableColumns(SORTABLE_COLUMNS.USERS)
 const SORTABLE_VIDEO_ABUSES_COLUMNS = createSortableColumns(SORTABLE_COLUMNS.VIDEO_ABUSES)
 const SORTABLE_VIDEOS_COLUMNS = createSortableColumns(SORTABLE_COLUMNS.VIDEOS)
-function usersSortValidator (req: express.Request, res: express.Response, next: express.NextFunction) {
+const usersSortValidator = checkSort(SORTABLE_USERS_COLUMNS)
-  checkSort(req, res, next, SORTABLE_USERS_COLUMNS)
+const videoAbusesSortValidator = checkSort(SORTABLE_VIDEO_ABUSES_COLUMNS)
-}
+const videosSortValidator = checkSort(SORTABLE_VIDEOS_COLUMNS)
-function videoAbusesSortValidator (req: express.Request, res: express.Response, next: express.NextFunction) {
-  checkSort(req, res, next, SORTABLE_VIDEO_ABUSES_COLUMNS)
-}
-function videosSortValidator (req: express.Request, res: express.Response, next: express.NextFunction) {
-  checkSort(req, res, next, SORTABLE_VIDEOS_COLUMNS)
-}
 // ---------------------------------------------------------------------------
@@ -32,12 +24,16 @@ export {
 // ---------------------------------------------------------------------------
-function checkSort (req: express.Request, res: express.Response, next: express.NextFunction, sortableColumns: string[]) {
+function checkSort (sortableColumns: string[]) {
-  req.checkQuery('sort', 'Should have correct sortable column').optional().isIn(sortableColumns)
+  return [
+    query('sort').optional().isIn(sortableColumns).withMessage('Should have correct sortable column'),
-  logger.debug('Checking sort parameters', { parameters: req.query })
+    (req: express.Request, res: express.Response, next: express.NextFunction) => {
+      logger.debug('Checking sort parameters', { parameters: req.query })
-  checkErrors(req, res, next)
+      checkErrors(req, res, next)
+    }
+  ]
 }
 function createSortableColumns (sortableColumns: string[]) {
diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts
index 15c07c693..ab9d0938c 100644
--- a/server/middlewares/validators/users.ts
+++ b/server/middlewares/validators/users.ts
@@ -1,3 +1,4 @@
+import { body, param } from 'express-validator/check'
 import 'express-validator'
 import * as express from 'express'
 import * as Promise from 'bluebird'
@@ -5,130 +6,154 @@ import * as validator from 'validator'
 import { database as db } from '../../initializers/database'
 import { checkErrors } from './utils'
-import { isSignupAllowed, logger } from '../../helpers'
+import {
+  isSignupAllowed,
+  logger,
+  isUserUsernameValid,
+  isUserPasswordValid,
+  isUserVideoQuotaValid,
+  isUserDisplayNSFWValid,
+  isVideoIdOrUUIDValid
+} from '../../helpers'
 import { UserInstance, VideoInstance } from '../../models'
-function usersAddValidator (req: express.Request, res: express.Response, next: express.NextFunction) {
+const usersAddValidator = [
-  req.checkBody('username', 'Should have a valid username').isUserUsernameValid()
+  body('username').custom(isUserUsernameValid).withMessage('Should have a valid username'),
-  req.checkBody('password', 'Should have a valid password').isUserPasswordValid()
+  body('password').custom(isUserPasswordValid).withMessage('Should have a valid password'),
-  req.checkBody('email', 'Should have a valid email').isEmail()
+  body('email').isEmail().withMessage('Should have a valid email'),
-  req.checkBody('videoQuota', 'Should have a valid user quota').isUserVideoQuotaValid()
+  body('videoQuota').custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'),
-  logger.debug('Checking usersAdd parameters', { parameters: req.body })
+  (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    logger.debug('Checking usersAdd parameters', { parameters: req.body })
-  checkErrors(req, res, () => {
+    checkErrors(req, res, () => {
-    checkUserDoesNotAlreadyExist(req.body.username, req.body.email, res, next)
+      checkUserDoesNotAlreadyExist(req.body.username, req.body.email, res, next)
-  })
+    })
-}
+  }
+]
-function usersRegisterValidator (req: express.Request, res: express.Response, next: express.NextFunction) {
+const usersRegisterValidator = [
-  req.checkBody('username', 'Should have a valid username').isUserUsernameValid()
+  body('username').custom(isUserUsernameValid).withMessage('Should have a valid username'),
-  req.checkBody('password', 'Should have a valid password').isUserPasswordValid()
+  body('password').custom(isUserPasswordValid).withMessage('Should have a valid password'),
-  req.checkBody('email', 'Should have a valid email').isEmail()
+  body('email').isEmail().withMessage('Should have a valid email'),
-  logger.debug('Checking usersRegister parameters', { parameters: req.body })
+  (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    logger.debug('Checking usersRegister parameters', { parameters: req.body })
-  checkErrors(req, res, () => {
+    checkErrors(req, res, () => {
-    checkUserDoesNotAlreadyExist(req.body.username, req.body.email, res, next)
+      checkUserDoesNotAlreadyExist(req.body.username, req.body.email, res, next)
-  })
+    })
-}
+  }
+]
-function usersRemoveValidator (req: express.Request, res: express.Response, next: express.NextFunction) {
+const usersRemoveValidator = [
-  req.checkParams('id', 'Should have a valid id').notEmpty().isInt()
+  param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
-  logger.debug('Checking usersRemove parameters', { parameters: req.params })
+  (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    logger.debug('Checking usersRemove parameters', { parameters: req.params })
-  checkErrors(req, res, () => {
+    checkErrors(req, res, () => {
-    checkUserExists(req.params.id, res, (err, user) => {
+      checkUserExists(req.params.id, res, (err, user) => {
-      if (err) {
+        if (err) {
-        logger.error('Error in usersRemoveValidator.', err)
+          logger.error('Error in usersRemoveValidator.', err)
-        return res.sendStatus(500)
+          return res.sendStatus(500)
-      }
+        }
-      if (user.username === 'root') {
+        if (user.username === 'root') {
-        return res.status(400)
+          return res.status(400)
-                  .send({ error: 'Cannot remove the root user' })
+                    .send({ error: 'Cannot remove the root user' })
-                  .end()
+                    .end()
-      }
+        }
-      return next()
+        return next()
+      })
    })
-  })
+  }
-}
+]
-function usersUpdateValidator (req: express.Request, res: express.Response, next: express.NextFunction) {
+const usersUpdateValidator = [
-  req.checkParams('id', 'Should have a valid id').notEmpty().isInt()
+  param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
-  req.checkBody('email', 'Should have a valid email attribute').optional().isEmail()
+  body('email').optional().isEmail().withMessage('Should have a valid email attribute'),
-  req.checkBody('videoQuota', 'Should have a valid user quota').optional().isUserVideoQuotaValid()
+  body('videoQuota').optional().custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'),
-  logger.debug('Checking usersUpdate parameters', { parameters: req.body })
+  (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    logger.debug('Checking usersUpdate parameters', { parameters: req.body })
-  checkErrors(req, res, () => {
+    checkErrors(req, res, () => {
-    checkUserExists(req.params.id, res, next)
+      checkUserExists(req.params.id, res, next)
-  })
+    })
-}
+  }
+]
-function usersUpdateMeValidator (req: express.Request, res: express.Response, next: express.NextFunction) {
+const usersUpdateMeValidator = [
-  // Add old password verification
+  body('password').optional().custom(isUserPasswordValid).withMessage('Should have a valid password'),
-  req.checkBody('password', 'Should have a valid password').optional().isUserPasswordValid()
+  body('email').optional().isEmail().withMessage('Should have a valid email attribute'),
-  req.checkBody('email', 'Should have a valid email attribute').optional().isEmail()
+  body('displayNSFW').optional().custom(isUserDisplayNSFWValid).withMessage('Should have a valid display Not Safe For Work attribute'),
-  req.checkBody('displayNSFW', 'Should have a valid display Not Safe For Work attribute').optional().isUserDisplayNSFWValid()
-  logger.debug('Checking usersUpdateMe parameters', { parameters: req.body })
+  (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    // TODO: Add old password verification
+    logger.debug('Checking usersUpdateMe parameters', { parameters: req.body })
-  checkErrors(req, res, next)
+    checkErrors(req, res, next)
-}
+  }
+]
-function usersGetValidator (req: express.Request, res: express.Response, next: express.NextFunction) {
+const usersGetValidator = [
-  req.checkParams('id', 'Should have a valid id').notEmpty().isInt()
+  param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
-  checkErrors(req, res, () => {
+  (req: express.Request, res: express.Response, next: express.NextFunction) => {
-    checkUserExists(req.params.id, res, next)
+    checkErrors(req, res, () => {
-  })
+      checkUserExists(req.params.id, res, next)
-}
+    })
+  }
-function usersVideoRatingValidator (req: express.Request, res: express.Response, next: express.NextFunction) {
+]
-  req.checkParams('videoId', 'Should have a valid video id').notEmpty().isVideoIdOrUUIDValid()
-  logger.debug('Checking usersVideoRating parameters', { parameters: req.params })
-  checkErrors(req, res, () => {
+const usersVideoRatingValidator = [
-    let videoPromise: Promise<VideoInstance>
+  param('videoId').custom(isVideoIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid video id'),
-    if (validator.isUUID(req.params.videoId)) {
+  (req: express.Request, res: express.Response, next: express.NextFunction) => {
-      videoPromise = db.Video.loadByUUID(req.params.videoId)
+    logger.debug('Checking usersVideoRating parameters', { parameters: req.params })
-    } else {
-      videoPromise = db.Video.load(req.params.videoId)
-    }
-    videoPromise
+    checkErrors(req, res, () => {
-      .then(video => {
+      let videoPromise: Promise<VideoInstance>
-        if (!video) {
-          return res.status(404)
-                    .json({ error: 'Video not found' })
-                    .end()
-        }
-        return next()
+      if (validator.isUUID(req.params.videoId)) {
-      })
+        videoPromise = db.Video.loadByUUID(req.params.videoId)
-      .catch(err => {
+      } else {
-        logger.error('Error in user request validator.', err)
+        videoPromise = db.Video.load(req.params.videoId)
-        return res.sendStatus(500)
+      }
-      })
-  })
-}
-function ensureUserRegistrationAllowed (req: express.Request, res: express.Response, next: express.NextFunction) {
+      videoPromise
-  isSignupAllowed().then(allowed => {
+        .then(video => {
-    if (allowed === false) {
+          if (!video) {
-      return res.status(403)
+            return res.status(404)
-                .send({ error: 'User registration is not enabled or user limit is reached.' })
+                      .json({ error: 'Video not found' })
-                .end()
+                      .end()
-    }
+          }
+          return next()
+        })
+        .catch(err => {
+          logger.error('Error in user request validator.', err)
+          return res.sendStatus(500)
+        })
+    })
+  }
+]
+const ensureUserRegistrationAllowed = [
+  (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    isSignupAllowed().then(allowed => {
+      if (allowed === false) {
+        return res.status(403)
+                  .send({ error: 'User registration is not enabled or user limit is reached.' })
+                  .end()
+      }
-    return next()
+      return next()
-  })
+    })
-}
+  }
+]
 // ---------------------------------------------------------------------------
diff --git a/server/middlewares/validators/utils.ts b/server/middlewares/validators/utils.ts
index 0424d5942..8845f8399 100644
--- a/server/middlewares/validators/utils.ts
+++ b/server/middlewares/validators/utils.ts
@@ -1,15 +1,14 @@
-import 'express-validator'
+import { validationResult } from 'express-validator/check'
 import * as express from 'express'
-import { inspect } from 'util'
 import { logger } from '../../helpers'
 function checkErrors (req: express.Request, res: express.Response, next: express.NextFunction, statusCode = 400) {
-  const errors = req.validationErrors()
+  const errors = validationResult(req)
-  if (errors) {
+  if (!errors.isEmpty()) {
-    logger.warn('Incorrect request parameters', { path: req.originalUrl, err: errors })
+    logger.warn('Incorrect request parameters', { path: req.originalUrl, err: errors.mapped() })
-    return res.status(statusCode).send('There have been validation errors: ' + inspect(errors))
+    return res.status(statusCode).json({ errors: errors.mapped() })
  }
  return next()
diff --git a/server/middlewares/validators/videos.ts b/server/middlewares/validators/videos.ts
index 213b4c46b..bc8b7e541 100644
--- a/server/middlewares/validators/videos.ts
+++ b/server/middlewares/validators/videos.ts
@@ -1,4 +1,4 @@
-import 'express-validator'
+import { body, param, query } from 'express-validator/check'
 import * as express from 'express'
 import * as Promise from 'bluebird'
 import * as validator from 'validator'
@@ -6,172 +6,198 @@ import * as validator from 'validator'
 import { database as db } from '../../initializers/database'
 import { checkErrors } from './utils'
 import { CONSTRAINTS_FIELDS, SEARCHABLE_COLUMNS } from '../../initializers'
-import { logger, isVideoDurationValid } from '../../helpers'
+import {
+  logger,
+  isVideoDurationValid,
+  isVideoFile,
+  isVideoNameValid,
+  isVideoCategoryValid,
+  isVideoLicenceValid,
+  isVideoDescriptionValid,
+  isVideoLanguageValid,
+  isVideoTagsValid,
+  isVideoNSFWValid,
+  isVideoIdOrUUIDValid,
+  isVideoAbuseReasonValid,
+  isVideoRatingTypeValid
+} from '../../helpers'
 import { VideoInstance } from '../../models'
-function videosAddValidator (req: express.Request, res: express.Response, next: express.NextFunction) {
+const videosAddValidator = [
-  // FIXME: Don't write an error message, it seems there is a bug with express-validator
+  body('videofile').custom((value, { req }) => isVideoFile(req.files)).withMessage('Should have a valid file'),
-  // 'Should have a valid file'
+  body('name').custom(isVideoNameValid).withMessage('Should have a valid name'),
-  req.checkBody('videofile').isVideoFile(req.files)
+  body('category').custom(isVideoCategoryValid).withMessage('Should have a valid category'),
-  req.checkBody('name', 'Should have a valid name').isVideoNameValid()
+  body('licence').custom(isVideoLicenceValid).withMessage('Should have a valid licence'),
-  req.checkBody('category', 'Should have a valid category').isVideoCategoryValid()
+  body('language').optional().custom(isVideoLanguageValid).withMessage('Should have a valid language'),
-  req.checkBody('licence', 'Should have a valid licence').isVideoLicenceValid()
+  body('nsfw').custom(isVideoNSFWValid).withMessage('Should have a valid NSFW attribute'),
-  req.checkBody('language', 'Should have a valid language').optional().isVideoLanguageValid()
+  body('description').custom(isVideoDescriptionValid).withMessage('Should have a valid description'),
-  req.checkBody('nsfw', 'Should have a valid NSFW attribute').isVideoNSFWValid()
+  body('tags').optional().custom(isVideoTagsValid).withMessage('Should have correct tags'),
-  req.checkBody('description', 'Should have a valid description').isVideoDescriptionValid()
-  req.checkBody('tags', 'Should have correct tags').optional().isVideoTagsValid()
+  (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    logger.debug('Checking videosAdd parameters', { parameters: req.body, files: req.files })
-  logger.debug('Checking videosAdd parameters', { parameters: req.body, files: req.files })
+    checkErrors(req, res, () => {
-  checkErrors(req, res, () => {
+      const videoFile: Express.Multer.File = req.files['videofile'][0]
-    const videoFile: Express.Multer.File = req.files['videofile'][0]
+      const user = res.locals.oauth.token.User
-    const user = res.locals.oauth.token.User
+      user.isAbleToUploadVideo(videoFile)
-    user.isAbleToUploadVideo(videoFile)
+        .then(isAble => {
-      .then(isAble => {
+          if (isAble === false) {
-        if (isAble === false) {
+            res.status(403)
-          res.status(403)
+               .json({ error: 'The user video quota is exceeded with this video.' })
-             .json({ error: 'The user video quota is exceeded with this video.' })
+               .end()
-             .end()
+            return undefined
+          }
+          return db.Video.getDurationFromFile(videoFile.path)
+            .catch(err => {
+              logger.error('Invalid input file in videosAddValidator.', err)
+              res.status(400)
+                 .json({ error: 'Invalid input file.' })
+                 .end()
+              return undefined
+            })
+        })
+        .then(duration => {
+          // Previous test failed, abort
+          if (duration === undefined) return
+          if (!isVideoDurationValid('' + duration)) {
+            return res.status(400)
+                      .json({
+                        error: 'Duration of the video file is too big (max: ' + CONSTRAINTS_FIELDS.VIDEOS.DURATION.max + 's).'
+                      })
+                      .end()
+          }
+          videoFile['duration'] = duration
+          next()
+        })
+        .catch(err => {
+          logger.error('Error in video add validator', err)
+          res.sendStatus(500)
          return undefined
+        })
+    })
+  }
+]
+const videosUpdateValidator = [
+  param('id').custom(isVideoIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
+  body('name').optional().custom(isVideoNameValid).withMessage('Should have a valid name'),
+  body('category').optional().custom(isVideoCategoryValid).withMessage('Should have a valid category'),
+  body('licence').optional().custom(isVideoLicenceValid).withMessage('Should have a valid licence'),
+  body('language').optional().custom(isVideoLanguageValid).withMessage('Should have a valid language'),
+  body('nsfw').optional().custom(isVideoNSFWValid).withMessage('Should have a valid NSFW attribute'),
+  body('description').optional().custom(isVideoDescriptionValid).withMessage('Should have a valid description'),
+  body('tags').optional().custom(isVideoTagsValid).withMessage('Should have correct tags'),
+  (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    logger.debug('Checking videosUpdate parameters', { parameters: req.body })
+    checkErrors(req, res, () => {
+      checkVideoExists(req.params.id, res, () => {
+        // We need to make additional checks
+        if (res.locals.video.isOwned() === false) {
+          return res.status(403)
+                    .json({ error: 'Cannot update video of another pod' })
+                    .end()
        }
-        return db.Video.getDurationFromFile(videoFile.path)
+        if (res.locals.video.Author.userId !== res.locals.oauth.token.User.id) {
-          .catch(err => {
+          return res.status(403)
-            logger.error('Invalid input file in videosAddValidator.', err)
+                    .json({ error: 'Cannot update video of another user' })
-            res.status(400)
-               .json({ error: 'Invalid input file.' })
-               .end()
-            return undefined
-          })
-      })
-      .then(duration => {
-        // Previous test failed, abort
-        if (duration === undefined) return
-        if (!isVideoDurationValid('' + duration)) {
-          return res.status(400)
-                    .json({
-                      error: 'Duration of the video file is too big (max: ' + CONSTRAINTS_FIELDS.VIDEOS.DURATION.max + 's).'
-                    })
                    .end()
        }
-        videoFile['duration'] = duration
        next()
      })
-      .catch(err => {
-        logger.error('Error in video add validator', err)
-        res.sendStatus(500)
-        return undefined
-      })
-  })
-}
-function videosUpdateValidator (req: express.Request, res: express.Response, next: express.NextFunction) {
-  req.checkParams('id', 'Should have a valid id').notEmpty().isVideoIdOrUUIDValid()
-  req.checkBody('name', 'Should have a valid name').optional().isVideoNameValid()
-  req.checkBody('category', 'Should have a valid category').optional().isVideoCategoryValid()
-  req.checkBody('licence', 'Should have a valid licence').optional().isVideoLicenceValid()
-  req.checkBody('language', 'Should have a valid language').optional().isVideoLanguageValid()
-  req.checkBody('nsfw', 'Should have a valid NSFW attribute').optional().isVideoNSFWValid()
-  req.checkBody('description', 'Should have a valid description').optional().isVideoDescriptionValid()
-  req.checkBody('tags', 'Should have correct tags').optional().isVideoTagsValid()
-  logger.debug('Checking videosUpdate parameters', { parameters: req.body })
-  checkErrors(req, res, () => {
-    checkVideoExists(req.params.id, res, () => {
-      // We need to make additional checks
-      if (res.locals.video.isOwned() === false) {
-        return res.status(403)
-                  .json({ error: 'Cannot update video of another pod' })
-                  .end()
-      }
-      if (res.locals.video.Author.userId !== res.locals.oauth.token.User.id) {
-        return res.status(403)
-                  .json({ error: 'Cannot update video of another user' })
-                  .end()
-      }
-      next()
    })
-  })
+  }
-}
+]
-function videosGetValidator (req: express.Request, res: express.Response, next: express.NextFunction) {
+const videosGetValidator = [
-  req.checkParams('id', 'Should have a valid id').notEmpty().isVideoIdOrUUIDValid()
+  param('id').custom(isVideoIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
-  logger.debug('Checking videosGet parameters', { parameters: req.params })
+  (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    logger.debug('Checking videosGet parameters', { parameters: req.params })
-  checkErrors(req, res, () => {
+    checkErrors(req, res, () => {
-    checkVideoExists(req.params.id, res, next)
+      checkVideoExists(req.params.id, res, next)
-  })
+    })
-}
+  }
+]
-function videosRemoveValidator (req: express.Request, res: express.Response, next: express.NextFunction) {
+const videosRemoveValidator = [
-  req.checkParams('id', 'Should have a valid id').notEmpty().isVideoIdOrUUIDValid()
+  param('id').custom(isVideoIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
-  logger.debug('Checking videosRemove parameters', { parameters: req.params })
+  (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    logger.debug('Checking videosRemove parameters', { parameters: req.params })
-  checkErrors(req, res, () => {
+    checkErrors(req, res, () => {
-    checkVideoExists(req.params.id, res, () => {
+      checkVideoExists(req.params.id, res, () => {
-      // Check if the user who did the request is able to delete the video
+        // Check if the user who did the request is able to delete the video
-      checkUserCanDeleteVideo(res.locals.oauth.token.User.id, res, () => {
+        checkUserCanDeleteVideo(res.locals.oauth.token.User.id, res, () => {
-        next()
+          next()
+        })
      })
    })
-  })
+  }
-}
+]
-function videosSearchValidator (req: express.Request, res: express.Response, next: express.NextFunction) {
+const videosSearchValidator = [
-  const searchableColumns = SEARCHABLE_COLUMNS.VIDEOS
+  param('value').not().isEmpty().withMessage('Should have a valid search'),
-  req.checkParams('value', 'Should have a valid search').notEmpty()
+  query('field').optional().isIn(SEARCHABLE_COLUMNS.VIDEOS).withMessage('Should have correct searchable column'),
-  req.checkQuery('field', 'Should have correct searchable column').optional().isIn(searchableColumns)
-  logger.debug('Checking videosSearch parameters', { parameters: req.params })
+  (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    logger.debug('Checking videosSearch parameters', { parameters: req.params })
-  checkErrors(req, res, next)
+    checkErrors(req, res, next)
-}
+  }
+]
-function videoAbuseReportValidator (req: express.Request, res: express.Response, next: express.NextFunction) {
+const videoAbuseReportValidator = [
-  req.checkParams('id', 'Should have a valid id').notEmpty().isVideoIdOrUUIDValid()
+  param('id').custom(isVideoIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
-  req.checkBody('reason', 'Should have a valid reason').isVideoAbuseReasonValid()
+  body('reason').custom(isVideoAbuseReasonValid).withMessage('Should have a valid reason'),
-  logger.debug('Checking videoAbuseReport parameters', { parameters: req.body })
+  (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    logger.debug('Checking videoAbuseReport parameters', { parameters: req.body })
-  checkErrors(req, res, () => {
+    checkErrors(req, res, () => {
-    checkVideoExists(req.params.id, res, next)
+      checkVideoExists(req.params.id, res, next)
-  })
+    })
-}
+  }
+]
-function videoRateValidator (req: express.Request, res: express.Response, next: express.NextFunction) {
+const videoRateValidator = [
-  req.checkParams('id', 'Should have a valid id').notEmpty().isVideoIdOrUUIDValid()
+  param('id').custom(isVideoIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
-  req.checkBody('rating', 'Should have a valid rate type').isVideoRatingTypeValid()
+  body('rating').custom(isVideoRatingTypeValid).withMessage('Should have a valid rate type'),
-  logger.debug('Checking videoRate parameters', { parameters: req.body })
+  (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    logger.debug('Checking videoRate parameters', { parameters: req.body })
-  checkErrors(req, res, () => {
+    checkErrors(req, res, () => {
-    checkVideoExists(req.params.id, res, next)
+      checkVideoExists(req.params.id, res, next)
-  })
+    })
-}
+  }
+]
-function videosBlacklistValidator (req: express.Request, res: express.Response, next: express.NextFunction) {
+const videosBlacklistValidator = [
-  req.checkParams('id', 'Should have a valid id').notEmpty().isVideoIdOrUUIDValid()
+  param('id').custom(isVideoIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
-  logger.debug('Checking videosBlacklist parameters', { parameters: req.params })
+  (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    logger.debug('Checking videosBlacklist parameters', { parameters: req.params })
-  checkErrors(req, res, () => {
+    checkErrors(req, res, () => {
-    checkVideoExists(req.params.id, res, () => {
+      checkVideoExists(req.params.id, res, () => {
-      checkVideoIsBlacklistable(req, res, next)
+        checkVideoIsBlacklistable(req, res, next)
+      })
    })
-  })
+  }
-}
+]
 // ---------------------------------------------------------------------------
author	Chocobozzz <florian.bigard@gmail.com>	2017-09-15 12:17:08 +0200
committer	Chocobozzz <florian.bigard@gmail.com>	2017-09-15 12:17:08 +0200
commit	b60e5f38daf77e720a27aa86d3b482c58906a03a (patch)
tree	a70909860ab9705d348b3c082f8af440e0a5e4d2 /server/middlewares
parent	315cc0cc1871ab2a6d6c1bb61cf7b9f10511c3a9 (diff)
download	PeerTube-b60e5f38daf77e720a27aa86d3b482c58906a03a.tar.gz PeerTube-b60e5f38daf77e720a27aa86d3b482c58906a03a.tar.zst PeerTube-b60e5f38daf77e720a27aa86d3b482c58906a03a.zip