aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/middlewares
diff options
context:
space:
mode:
authorChocobozzz <me@florianbigard.com>2021-06-28 17:30:59 +0200
committerChocobozzz <chocobozzz@cpy.re>2021-06-29 14:56:35 +0200
commitd4a8e7a65f97bb3257facc13e1ae8ffdbad61ddb (patch)
treea4cb07318100031951c3dffc61f4f2cb95d2cbd0 /server/middlewares
parent62ddc31a9e4b92d7d27898ccfc363f68ab044139 (diff)
downloadPeerTube-d4a8e7a65f97bb3257facc13e1ae8ffdbad61ddb.tar.gz
PeerTube-d4a8e7a65f97bb3257facc13e1ae8ffdbad61ddb.tar.zst
PeerTube-d4a8e7a65f97bb3257facc13e1ae8ffdbad61ddb.zip
Support short uuid for GET video/playlist
Diffstat (limited to 'server/middlewares')
-rw-r--r--server/middlewares/validators/abuse.ts3
-rw-r--r--server/middlewares/validators/feeds.ts8
-rw-r--r--server/middlewares/validators/index.ts2
-rw-r--r--server/middlewares/validators/oembed.ts4
-rw-r--r--server/middlewares/validators/redundancy.ts23
-rw-r--r--server/middlewares/validators/shared/utils.ts19
-rw-r--r--server/middlewares/validators/users.ts6
-rw-r--r--server/middlewares/validators/videos/video-blacklist.ts14
-rw-r--r--server/middlewares/validators/videos/video-captions.ts18
-rw-r--r--server/middlewares/validators/videos/video-comments.ts31
-rw-r--r--server/middlewares/validators/videos/video-live.ts14
-rw-r--r--server/middlewares/validators/videos/video-ownership-changes.ts10
-rw-r--r--server/middlewares/validators/videos/video-playlists.ts41
-rw-r--r--server/middlewares/validators/videos/video-rates.ts7
-rw-r--r--server/middlewares/validators/videos/video-shares.ts10
-rw-r--r--server/middlewares/validators/videos/video-watch.ts9
-rw-r--r--server/middlewares/validators/videos/videos.ts17
17 files changed, 151 insertions, 85 deletions
diff --git a/server/middlewares/validators/abuse.ts b/server/middlewares/validators/abuse.ts
index 56c97747c..c048bc6af 100644
--- a/server/middlewares/validators/abuse.ts
+++ b/server/middlewares/validators/abuse.ts
@@ -12,7 +12,7 @@ import {
12 isAbuseTimestampValid, 12 isAbuseTimestampValid,
13 isAbuseVideoIsValid 13 isAbuseVideoIsValid
14} from '@server/helpers/custom-validators/abuses' 14} from '@server/helpers/custom-validators/abuses'
15import { exists, isIdOrUUIDValid, isIdValid, toIntOrNull } from '@server/helpers/custom-validators/misc' 15import { exists, isIdOrUUIDValid, isIdValid, toCompleteUUID, toIntOrNull } from '@server/helpers/custom-validators/misc'
16import { logger } from '@server/helpers/logger' 16import { logger } from '@server/helpers/logger'
17import { AbuseMessageModel } from '@server/models/abuse/abuse-message' 17import { AbuseMessageModel } from '@server/models/abuse/abuse-message'
18import { AbuseCreate, UserRight } from '@shared/models' 18import { AbuseCreate, UserRight } from '@shared/models'
@@ -27,6 +27,7 @@ const abuseReportValidator = [
27 27
28 body('video.id') 28 body('video.id')
29 .optional() 29 .optional()
30 .customSanitizer(toCompleteUUID)
30 .custom(isIdOrUUIDValid) 31 .custom(isIdOrUUIDValid)
31 .withMessage('Should have a valid videoId'), 32 .withMessage('Should have a valid videoId'),
32 body('video.startAt') 33 body('video.startAt')
diff --git a/server/middlewares/validators/feeds.ts b/server/middlewares/validators/feeds.ts
index 51e6d6fff..51b8fdd19 100644
--- a/server/middlewares/validators/feeds.ts
+++ b/server/middlewares/validators/feeds.ts
@@ -1,8 +1,9 @@
1import * as express from 'express' 1import * as express from 'express'
2import { param, query } from 'express-validator' 2import { param, query } from 'express-validator'
3
3import { HttpStatusCode } from '../../../shared/core-utils/miscs/http-error-codes' 4import { HttpStatusCode } from '../../../shared/core-utils/miscs/http-error-codes'
4import { isValidRSSFeed } from '../../helpers/custom-validators/feeds' 5import { isValidRSSFeed } from '../../helpers/custom-validators/feeds'
5import { exists, isIdOrUUIDValid, isIdValid } from '../../helpers/custom-validators/misc' 6import { exists, isIdOrUUIDValid, isIdValid, toCompleteUUID } from '../../helpers/custom-validators/misc'
6import { logger } from '../../helpers/logger' 7import { logger } from '../../helpers/logger'
7import { 8import {
8 areValidationErrors, 9 areValidationErrors,
@@ -98,7 +99,10 @@ const videoSubscriptionFeedsValidator = [
98] 99]
99 100
100const videoCommentsFeedsValidator = [ 101const videoCommentsFeedsValidator = [
101 query('videoId').optional().custom(isIdOrUUIDValid), 102 query('videoId')
103 .customSanitizer(toCompleteUUID)
104 .optional()
105 .custom(isIdOrUUIDValid),
102 106
103 async (req: express.Request, res: express.Response, next: express.NextFunction) => { 107 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
104 logger.debug('Checking feeds parameters', { parameters: req.query }) 108 logger.debug('Checking feeds parameters', { parameters: req.query })
diff --git a/server/middlewares/validators/index.ts b/server/middlewares/validators/index.ts
index 24faeea3e..94a3c2dea 100644
--- a/server/middlewares/validators/index.ts
+++ b/server/middlewares/validators/index.ts
@@ -11,7 +11,7 @@ export * from './sort'
11export * from './users' 11export * from './users'
12export * from './user-subscriptions' 12export * from './user-subscriptions'
13export * from './videos' 13export * from './videos'
14export * from './webfinger'
15export * from './search' 14export * from './search'
16export * from './server' 15export * from './server'
17export * from './user-history' 16export * from './user-history'
17export * from './webfinger'
diff --git a/server/middlewares/validators/oembed.ts b/server/middlewares/validators/oembed.ts
index e1015d7fd..0a82e6932 100644
--- a/server/middlewares/validators/oembed.ts
+++ b/server/middlewares/validators/oembed.ts
@@ -6,7 +6,7 @@ import { VideoPlaylistModel } from '@server/models/video/video-playlist'
6import { VideoPlaylistPrivacy, VideoPrivacy } from '@shared/models' 6import { VideoPlaylistPrivacy, VideoPrivacy } from '@shared/models'
7import { HttpStatusCode } from '../../../shared/core-utils/miscs/http-error-codes' 7import { HttpStatusCode } from '../../../shared/core-utils/miscs/http-error-codes'
8import { isTestInstance } from '../../helpers/core-utils' 8import { isTestInstance } from '../../helpers/core-utils'
9import { isIdOrUUIDValid } from '../../helpers/custom-validators/misc' 9import { isIdOrUUIDValid, toCompleteUUID } from '../../helpers/custom-validators/misc'
10import { logger } from '../../helpers/logger' 10import { logger } from '../../helpers/logger'
11import { WEBSERVER } from '../../initializers/constants' 11import { WEBSERVER } from '../../initializers/constants'
12import { areValidationErrors } from './shared' 12import { areValidationErrors } from './shared'
@@ -79,7 +79,7 @@ const oembedValidator = [
79 }) 79 })
80 } 80 }
81 81
82 const elementId = matches[1] 82 const elementId = toCompleteUUID(matches[1])
83 if (isIdOrUUIDValid(elementId) === false) { 83 if (isIdOrUUIDValid(elementId) === false) {
84 return res.fail({ message: 'Invalid video or playlist id.' }) 84 return res.fail({ message: 'Invalid video or playlist id.' })
85 } 85 }
diff --git a/server/middlewares/validators/redundancy.ts b/server/middlewares/validators/redundancy.ts
index da24f4c9b..116c8c611 100644
--- a/server/middlewares/validators/redundancy.ts
+++ b/server/middlewares/validators/redundancy.ts
@@ -2,15 +2,24 @@ import * as express from 'express'
2import { body, param, query } from 'express-validator' 2import { body, param, query } from 'express-validator'
3import { isVideoRedundancyTarget } from '@server/helpers/custom-validators/video-redundancies' 3import { isVideoRedundancyTarget } from '@server/helpers/custom-validators/video-redundancies'
4import { HttpStatusCode } from '../../../shared/core-utils/miscs/http-error-codes' 4import { HttpStatusCode } from '../../../shared/core-utils/miscs/http-error-codes'
5import { exists, isBooleanValid, isIdOrUUIDValid, isIdValid, toBooleanOrNull, toIntOrNull } from '../../helpers/custom-validators/misc' 5import {
6 exists,
7 isBooleanValid,
8 isIdOrUUIDValid,
9 isIdValid,
10 toBooleanOrNull,
11 toCompleteUUID,
12 toIntOrNull
13} from '../../helpers/custom-validators/misc'
6import { isHostValid } from '../../helpers/custom-validators/servers' 14import { isHostValid } from '../../helpers/custom-validators/servers'
7import { logger } from '../../helpers/logger' 15import { logger } from '../../helpers/logger'
8import { VideoRedundancyModel } from '../../models/redundancy/video-redundancy' 16import { VideoRedundancyModel } from '../../models/redundancy/video-redundancy'
9import { ServerModel } from '../../models/server/server' 17import { ServerModel } from '../../models/server/server'
10import { areValidationErrors, doesVideoExist } from './shared' 18import { areValidationErrors, doesVideoExist, isValidVideoIdParam } from './shared'
11 19
12const videoFileRedundancyGetValidator = [ 20const videoFileRedundancyGetValidator = [
13 param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid video id'), 21 isValidVideoIdParam('videoId'),
22
14 param('resolution') 23 param('resolution')
15 .customSanitizer(toIntOrNull) 24 .customSanitizer(toIntOrNull)
16 .custom(exists).withMessage('Should have a valid resolution'), 25 .custom(exists).withMessage('Should have a valid resolution'),
@@ -56,9 +65,8 @@ const videoFileRedundancyGetValidator = [
56] 65]
57 66
58const videoPlaylistRedundancyGetValidator = [ 67const videoPlaylistRedundancyGetValidator = [
59 param('videoId') 68 isValidVideoIdParam('videoId'),
60 .custom(isIdOrUUIDValid) 69
61 .not().isEmpty().withMessage('Should have a valid video id'),
62 param('streamingPlaylistType') 70 param('streamingPlaylistType')
63 .customSanitizer(toIntOrNull) 71 .customSanitizer(toIntOrNull)
64 .custom(exists).withMessage('Should have a valid streaming playlist type'), 72 .custom(exists).withMessage('Should have a valid streaming playlist type'),
@@ -135,7 +143,8 @@ const listVideoRedundanciesValidator = [
135 143
136const addVideoRedundancyValidator = [ 144const addVideoRedundancyValidator = [
137 body('videoId') 145 body('videoId')
138 .custom(isIdValid) 146 .customSanitizer(toCompleteUUID)
147 .custom(isIdOrUUIDValid)
139 .withMessage('Should have a valid video id'), 148 .withMessage('Should have a valid video id'),
140 149
141 async (req: express.Request, res: express.Response, next: express.NextFunction) => { 150 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
diff --git a/server/middlewares/validators/shared/utils.ts b/server/middlewares/validators/shared/utils.ts
index d3e4870a9..4f08560af 100644
--- a/server/middlewares/validators/shared/utils.ts
+++ b/server/middlewares/validators/shared/utils.ts
@@ -1,5 +1,6 @@
1import * as express from 'express' 1import * as express from 'express'
2import { query, validationResult } from 'express-validator' 2import { param, query, validationResult } from 'express-validator'
3import { isIdOrUUIDValid, toCompleteUUID } from '@server/helpers/custom-validators/misc'
3import { logger } from '../../../helpers/logger' 4import { logger } from '../../../helpers/logger'
4 5
5function areValidationErrors (req: express.Request, res: express.Response) { 6function areValidationErrors (req: express.Request, res: express.Response) {
@@ -41,10 +42,24 @@ function createSortableColumns (sortableColumns: string[]) {
41 return sortableColumns.concat(sortableColumnDesc) 42 return sortableColumns.concat(sortableColumnDesc)
42} 43}
43 44
45function isValidVideoIdParam (paramName: string) {
46 return param(paramName)
47 .customSanitizer(toCompleteUUID)
48 .custom(isIdOrUUIDValid).withMessage('Should have a valid video id')
49}
50
51function isValidPlaylistIdParam (paramName: string) {
52 return param(paramName)
53 .customSanitizer(toCompleteUUID)
54 .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id')
55}
56
44// --------------------------------------------------------------------------- 57// ---------------------------------------------------------------------------
45 58
46export { 59export {
47 areValidationErrors, 60 areValidationErrors,
48 checkSort, 61 checkSort,
49 createSortableColumns 62 createSortableColumns,
63 isValidVideoIdParam,
64 isValidPlaylistIdParam
50} 65}
diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts
index 218633b8d..698d7d814 100644
--- a/server/middlewares/validators/users.ts
+++ b/server/middlewares/validators/users.ts
@@ -7,7 +7,7 @@ import { HttpStatusCode } from '../../../shared/core-utils/miscs/http-error-code
7import { UserRole } from '../../../shared/models/users' 7import { UserRole } from '../../../shared/models/users'
8import { UserRegister } from '../../../shared/models/users/user-register.model' 8import { UserRegister } from '../../../shared/models/users/user-register.model'
9import { isActorPreferredUsernameValid } from '../../helpers/custom-validators/activitypub/actor' 9import { isActorPreferredUsernameValid } from '../../helpers/custom-validators/activitypub/actor'
10import { isIdOrUUIDValid, toBooleanOrNull, toIntOrNull } from '../../helpers/custom-validators/misc' 10import { toBooleanOrNull, toIntOrNull } from '../../helpers/custom-validators/misc'
11import { isThemeNameValid } from '../../helpers/custom-validators/plugins' 11import { isThemeNameValid } from '../../helpers/custom-validators/plugins'
12import { 12import {
13 isNoInstanceConfigWarningModal, 13 isNoInstanceConfigWarningModal,
@@ -35,7 +35,7 @@ import { Redis } from '../../lib/redis'
35import { isSignupAllowed, isSignupAllowedForCurrentIP } from '../../lib/signup' 35import { isSignupAllowed, isSignupAllowedForCurrentIP } from '../../lib/signup'
36import { ActorModel } from '../../models/actor/actor' 36import { ActorModel } from '../../models/actor/actor'
37import { UserModel } from '../../models/user/user' 37import { UserModel } from '../../models/user/user'
38import { areValidationErrors, doesVideoExist } from './shared' 38import { areValidationErrors, doesVideoExist, isValidVideoIdParam } from './shared'
39 39
40const usersListValidator = [ 40const usersListValidator = [
41 query('blocked') 41 query('blocked')
@@ -302,7 +302,7 @@ const usersGetValidator = [
302] 302]
303 303
304const usersVideoRatingValidator = [ 304const usersVideoRatingValidator = [
305 param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid video id'), 305 isValidVideoIdParam('videoId'),
306 306
307 async (req: express.Request, res: express.Response, next: express.NextFunction) => { 307 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
308 logger.debug('Checking usersVideoRating parameters', { parameters: req.params }) 308 logger.debug('Checking usersVideoRating parameters', { parameters: req.params })
diff --git a/server/middlewares/validators/videos/video-blacklist.ts b/server/middlewares/validators/videos/video-blacklist.ts
index 7374ba774..21141d84d 100644
--- a/server/middlewares/validators/videos/video-blacklist.ts
+++ b/server/middlewares/validators/videos/video-blacklist.ts
@@ -1,13 +1,13 @@
1import * as express from 'express' 1import * as express from 'express'
2import { body, param, query } from 'express-validator' 2import { body, query } from 'express-validator'
3import { HttpStatusCode } from '../../../../shared/core-utils/miscs/http-error-codes' 3import { HttpStatusCode } from '../../../../shared/core-utils/miscs/http-error-codes'
4import { isBooleanValid, isIdOrUUIDValid, toBooleanOrNull, toIntOrNull } from '../../../helpers/custom-validators/misc' 4import { isBooleanValid, toBooleanOrNull, toIntOrNull } from '../../../helpers/custom-validators/misc'
5import { isVideoBlacklistReasonValid, isVideoBlacklistTypeValid } from '../../../helpers/custom-validators/video-blacklist' 5import { isVideoBlacklistReasonValid, isVideoBlacklistTypeValid } from '../../../helpers/custom-validators/video-blacklist'
6import { logger } from '../../../helpers/logger' 6import { logger } from '../../../helpers/logger'
7import { areValidationErrors, doesVideoBlacklistExist, doesVideoExist } from '../shared' 7import { areValidationErrors, doesVideoBlacklistExist, doesVideoExist, isValidVideoIdParam } from '../shared'
8 8
9const videosBlacklistRemoveValidator = [ 9const videosBlacklistRemoveValidator = [
10 param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'), 10 isValidVideoIdParam('videoId'),
11 11
12 async (req: express.Request, res: express.Response, next: express.NextFunction) => { 12 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
13 logger.debug('Checking blacklistRemove parameters.', { parameters: req.params }) 13 logger.debug('Checking blacklistRemove parameters.', { parameters: req.params })
@@ -21,7 +21,8 @@ const videosBlacklistRemoveValidator = [
21] 21]
22 22
23const videosBlacklistAddValidator = [ 23const videosBlacklistAddValidator = [
24 param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'), 24 isValidVideoIdParam('videoId'),
25
25 body('unfederate') 26 body('unfederate')
26 .optional() 27 .optional()
27 .customSanitizer(toBooleanOrNull) 28 .customSanitizer(toBooleanOrNull)
@@ -49,7 +50,8 @@ const videosBlacklistAddValidator = [
49] 50]
50 51
51const videosBlacklistUpdateValidator = [ 52const videosBlacklistUpdateValidator = [
52 param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'), 53 isValidVideoIdParam('videoId'),
54
53 body('reason') 55 body('reason')
54 .optional() 56 .optional()
55 .custom(isVideoBlacklistReasonValid).withMessage('Should have a valid reason'), 57 .custom(isVideoBlacklistReasonValid).withMessage('Should have a valid reason'),
diff --git a/server/middlewares/validators/videos/video-captions.ts b/server/middlewares/validators/videos/video-captions.ts
index 2295e049a..2946f3e15 100644
--- a/server/middlewares/validators/videos/video-captions.ts
+++ b/server/middlewares/validators/videos/video-captions.ts
@@ -1,16 +1,18 @@
1import * as express from 'express' 1import * as express from 'express'
2import { body, param } from 'express-validator' 2import { body, param } from 'express-validator'
3import { UserRight } from '../../../../shared' 3import { UserRight } from '../../../../shared'
4import { isIdOrUUIDValid } from '../../../helpers/custom-validators/misc'
5import { isVideoCaptionFile, isVideoCaptionLanguageValid } from '../../../helpers/custom-validators/video-captions' 4import { isVideoCaptionFile, isVideoCaptionLanguageValid } from '../../../helpers/custom-validators/video-captions'
6import { cleanUpReqFiles } from '../../../helpers/express-utils' 5import { cleanUpReqFiles } from '../../../helpers/express-utils'
7import { logger } from '../../../helpers/logger' 6import { logger } from '../../../helpers/logger'
8import { CONSTRAINTS_FIELDS, MIMETYPES } from '../../../initializers/constants' 7import { CONSTRAINTS_FIELDS, MIMETYPES } from '../../../initializers/constants'
9import { areValidationErrors, checkUserCanManageVideo, doesVideoCaptionExist, doesVideoExist } from '../shared' 8import { areValidationErrors, checkUserCanManageVideo, doesVideoCaptionExist, doesVideoExist, isValidVideoIdParam } from '../shared'
10 9
11const addVideoCaptionValidator = [ 10const addVideoCaptionValidator = [
12 param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid video id'), 11 isValidVideoIdParam('videoId'),
13 param('captionLanguage').custom(isVideoCaptionLanguageValid).not().isEmpty().withMessage('Should have a valid caption language'), 12
13 param('captionLanguage')
14 .custom(isVideoCaptionLanguageValid).not().isEmpty().withMessage('Should have a valid caption language'),
15
14 body('captionfile') 16 body('captionfile')
15 .custom((_, { req }) => isVideoCaptionFile(req.files, 'captionfile')) 17 .custom((_, { req }) => isVideoCaptionFile(req.files, 'captionfile'))
16 .withMessage( 18 .withMessage(
@@ -34,8 +36,10 @@ const addVideoCaptionValidator = [
34] 36]
35 37
36const deleteVideoCaptionValidator = [ 38const deleteVideoCaptionValidator = [
37 param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid video id'), 39 isValidVideoIdParam('videoId'),
38 param('captionLanguage').custom(isVideoCaptionLanguageValid).not().isEmpty().withMessage('Should have a valid caption language'), 40
41 param('captionLanguage')
42 .custom(isVideoCaptionLanguageValid).not().isEmpty().withMessage('Should have a valid caption language'),
39 43
40 async (req: express.Request, res: express.Response, next: express.NextFunction) => { 44 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
41 logger.debug('Checking deleteVideoCaption parameters', { parameters: req.params }) 45 logger.debug('Checking deleteVideoCaption parameters', { parameters: req.params })
@@ -53,7 +57,7 @@ const deleteVideoCaptionValidator = [
53] 57]
54 58
55const listVideoCaptionsValidator = [ 59const listVideoCaptionsValidator = [
56 param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid video id'), 60 isValidVideoIdParam('videoId'),
57 61
58 async (req: express.Request, res: express.Response, next: express.NextFunction) => { 62 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
59 logger.debug('Checking listVideoCaptions parameters', { parameters: req.params }) 63 logger.debug('Checking listVideoCaptions parameters', { parameters: req.params })
diff --git a/server/middlewares/validators/videos/video-comments.ts b/server/middlewares/validators/videos/video-comments.ts
index 1451ab988..885506ebe 100644
--- a/server/middlewares/validators/videos/video-comments.ts
+++ b/server/middlewares/validators/videos/video-comments.ts
@@ -3,13 +3,13 @@ import { body, param, query } from 'express-validator'
3import { MUserAccountUrl } from '@server/types/models' 3import { MUserAccountUrl } from '@server/types/models'
4import { UserRight } from '../../../../shared' 4import { UserRight } from '../../../../shared'
5import { HttpStatusCode } from '../../../../shared/core-utils/miscs/http-error-codes' 5import { HttpStatusCode } from '../../../../shared/core-utils/miscs/http-error-codes'
6import { exists, isBooleanValid, isIdOrUUIDValid, isIdValid, toBooleanOrNull } from '../../../helpers/custom-validators/misc' 6import { exists, isBooleanValid, isIdValid, toBooleanOrNull } from '../../../helpers/custom-validators/misc'
7import { isValidVideoCommentText } from '../../../helpers/custom-validators/video-comments' 7import { isValidVideoCommentText } from '../../../helpers/custom-validators/video-comments'
8import { logger } from '../../../helpers/logger' 8import { logger } from '../../../helpers/logger'
9import { AcceptResult, isLocalVideoCommentReplyAccepted, isLocalVideoThreadAccepted } from '../../../lib/moderation' 9import { AcceptResult, isLocalVideoCommentReplyAccepted, isLocalVideoThreadAccepted } from '../../../lib/moderation'
10import { Hooks } from '../../../lib/plugins/hooks' 10import { Hooks } from '../../../lib/plugins/hooks'
11import { MCommentOwnerVideoReply, MVideo, MVideoFullLight } from '../../../types/models/video' 11import { MCommentOwnerVideoReply, MVideo, MVideoFullLight } from '../../../types/models/video'
12import { areValidationErrors, doesVideoCommentExist, doesVideoCommentThreadExist, doesVideoExist } from '../shared' 12import { areValidationErrors, doesVideoCommentExist, doesVideoCommentThreadExist, doesVideoExist, isValidVideoIdParam } from '../shared'
13 13
14const listVideoCommentsValidator = [ 14const listVideoCommentsValidator = [
15 query('isLocal') 15 query('isLocal')
@@ -40,7 +40,7 @@ const listVideoCommentsValidator = [
40] 40]
41 41
42const listVideoCommentThreadsValidator = [ 42const listVideoCommentThreadsValidator = [
43 param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'), 43 isValidVideoIdParam('videoId'),
44 44
45 async (req: express.Request, res: express.Response, next: express.NextFunction) => { 45 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
46 logger.debug('Checking listVideoCommentThreads parameters.', { parameters: req.params }) 46 logger.debug('Checking listVideoCommentThreads parameters.', { parameters: req.params })
@@ -53,8 +53,10 @@ const listVideoCommentThreadsValidator = [
53] 53]
54 54
55const listVideoThreadCommentsValidator = [ 55const listVideoThreadCommentsValidator = [
56 param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'), 56 isValidVideoIdParam('videoId'),
57 param('threadId').custom(isIdValid).not().isEmpty().withMessage('Should have a valid threadId'), 57
58 param('threadId')
59 .custom(isIdValid).not().isEmpty().withMessage('Should have a valid threadId'),
58 60
59 async (req: express.Request, res: express.Response, next: express.NextFunction) => { 61 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
60 logger.debug('Checking listVideoThreadComments parameters.', { parameters: req.params }) 62 logger.debug('Checking listVideoThreadComments parameters.', { parameters: req.params })
@@ -68,8 +70,10 @@ const listVideoThreadCommentsValidator = [
68] 70]
69 71
70const addVideoCommentThreadValidator = [ 72const addVideoCommentThreadValidator = [
71 param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'), 73 isValidVideoIdParam('videoId'),
72 body('text').custom(isValidVideoCommentText).not().isEmpty().withMessage('Should have a valid comment text'), 74
75 body('text')
76 .custom(isValidVideoCommentText).not().isEmpty().withMessage('Should have a valid comment text'),
73 77
74 async (req: express.Request, res: express.Response, next: express.NextFunction) => { 78 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
75 logger.debug('Checking addVideoCommentThread parameters.', { parameters: req.params, body: req.body }) 79 logger.debug('Checking addVideoCommentThread parameters.', { parameters: req.params, body: req.body })
@@ -84,8 +88,10 @@ const addVideoCommentThreadValidator = [
84] 88]
85 89
86const addVideoCommentReplyValidator = [ 90const addVideoCommentReplyValidator = [
87 param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'), 91 isValidVideoIdParam('videoId'),
92
88 param('commentId').custom(isIdValid).not().isEmpty().withMessage('Should have a valid commentId'), 93 param('commentId').custom(isIdValid).not().isEmpty().withMessage('Should have a valid commentId'),
94
89 body('text').custom(isValidVideoCommentText).not().isEmpty().withMessage('Should have a valid comment text'), 95 body('text').custom(isValidVideoCommentText).not().isEmpty().withMessage('Should have a valid comment text'),
90 96
91 async (req: express.Request, res: express.Response, next: express.NextFunction) => { 97 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
@@ -102,8 +108,10 @@ const addVideoCommentReplyValidator = [
102] 108]
103 109
104const videoCommentGetValidator = [ 110const videoCommentGetValidator = [
105 param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'), 111 isValidVideoIdParam('videoId'),
106 param('commentId').custom(isIdValid).not().isEmpty().withMessage('Should have a valid commentId'), 112
113 param('commentId')
114 .custom(isIdValid).not().isEmpty().withMessage('Should have a valid commentId'),
107 115
108 async (req: express.Request, res: express.Response, next: express.NextFunction) => { 116 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
109 logger.debug('Checking videoCommentGetValidator parameters.', { parameters: req.params }) 117 logger.debug('Checking videoCommentGetValidator parameters.', { parameters: req.params })
@@ -117,7 +125,8 @@ const videoCommentGetValidator = [
117] 125]
118 126
119const removeVideoCommentValidator = [ 127const removeVideoCommentValidator = [
120 param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'), 128 isValidVideoIdParam('videoId'),
129
121 param('commentId').custom(isIdValid).not().isEmpty().withMessage('Should have a valid commentId'), 130 param('commentId').custom(isIdValid).not().isEmpty().withMessage('Should have a valid commentId'),
122 131
123 async (req: express.Request, res: express.Response, next: express.NextFunction) => { 132 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
diff --git a/server/middlewares/validators/videos/video-live.ts b/server/middlewares/validators/videos/video-live.ts
index b058ff5c1..7cfb935e3 100644
--- a/server/middlewares/validators/videos/video-live.ts
+++ b/server/middlewares/validators/videos/video-live.ts
@@ -1,5 +1,5 @@
1import * as express from 'express' 1import * as express from 'express'
2import { body, param } from 'express-validator' 2import { body } from 'express-validator'
3import { CONSTRAINTS_FIELDS } from '@server/initializers/constants' 3import { CONSTRAINTS_FIELDS } from '@server/initializers/constants'
4import { isLocalLiveVideoAccepted } from '@server/lib/moderation' 4import { isLocalLiveVideoAccepted } from '@server/lib/moderation'
5import { Hooks } from '@server/lib/plugins/hooks' 5import { Hooks } from '@server/lib/plugins/hooks'
@@ -7,16 +7,22 @@ import { VideoModel } from '@server/models/video/video'
7import { VideoLiveModel } from '@server/models/video/video-live' 7import { VideoLiveModel } from '@server/models/video/video-live'
8import { HttpStatusCode } from '@shared/core-utils/miscs/http-error-codes' 8import { HttpStatusCode } from '@shared/core-utils/miscs/http-error-codes'
9import { ServerErrorCode, UserRight, VideoState } from '@shared/models' 9import { ServerErrorCode, UserRight, VideoState } from '@shared/models'
10import { isBooleanValid, isIdOrUUIDValid, isIdValid, toBooleanOrNull, toIntOrNull } from '../../../helpers/custom-validators/misc' 10import { isBooleanValid, isIdValid, toBooleanOrNull, toIntOrNull } from '../../../helpers/custom-validators/misc'
11import { isVideoNameValid } from '../../../helpers/custom-validators/videos' 11import { isVideoNameValid } from '../../../helpers/custom-validators/videos'
12import { cleanUpReqFiles } from '../../../helpers/express-utils' 12import { cleanUpReqFiles } from '../../../helpers/express-utils'
13import { logger } from '../../../helpers/logger' 13import { logger } from '../../../helpers/logger'
14import { CONFIG } from '../../../initializers/config' 14import { CONFIG } from '../../../initializers/config'
15import { areValidationErrors, checkUserCanManageVideo, doesVideoChannelOfAccountExist, doesVideoExist } from '../shared' 15import {
16 areValidationErrors,
17 checkUserCanManageVideo,
18 doesVideoChannelOfAccountExist,
19 doesVideoExist,
20 isValidVideoIdParam
21} from '../shared'
16import { getCommonVideoEditAttributes } from './videos' 22import { getCommonVideoEditAttributes } from './videos'
17 23
18const videoLiveGetValidator = [ 24const videoLiveGetValidator = [
19 param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'), 25 isValidVideoIdParam('videoId'),
20 26
21 async (req: express.Request, res: express.Response, next: express.NextFunction) => { 27 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
22 logger.debug('Checking videoLiveGetValidator parameters', { parameters: req.params, user: res.locals.oauth.token.User.username }) 28 logger.debug('Checking videoLiveGetValidator parameters', { parameters: req.params, user: res.locals.oauth.token.User.username })
diff --git a/server/middlewares/validators/videos/video-ownership-changes.ts b/server/middlewares/validators/videos/video-ownership-changes.ts
index 120b0469c..54ac46c99 100644
--- a/server/middlewares/validators/videos/video-ownership-changes.ts
+++ b/server/middlewares/validators/videos/video-ownership-changes.ts
@@ -1,6 +1,6 @@
1import * as express from 'express' 1import * as express from 'express'
2import { param } from 'express-validator' 2import { param } from 'express-validator'
3import { isIdOrUUIDValid } from '@server/helpers/custom-validators/misc' 3import { isIdValid } from '@server/helpers/custom-validators/misc'
4import { checkUserCanTerminateOwnershipChange } from '@server/helpers/custom-validators/video-ownership' 4import { checkUserCanTerminateOwnershipChange } from '@server/helpers/custom-validators/video-ownership'
5import { logger } from '@server/helpers/logger' 5import { logger } from '@server/helpers/logger'
6import { isAbleToUploadVideo } from '@server/lib/user' 6import { isAbleToUploadVideo } from '@server/lib/user'
@@ -13,11 +13,12 @@ import {
13 checkUserCanManageVideo, 13 checkUserCanManageVideo,
14 doesChangeVideoOwnershipExist, 14 doesChangeVideoOwnershipExist,
15 doesVideoChannelOfAccountExist, 15 doesVideoChannelOfAccountExist,
16 doesVideoExist 16 doesVideoExist,
17 isValidVideoIdParam
17} from '../shared' 18} from '../shared'
18 19
19const videosChangeOwnershipValidator = [ 20const videosChangeOwnershipValidator = [
20 param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), 21 isValidVideoIdParam('videoId'),
21 22
22 async (req: express.Request, res: express.Response, next: express.NextFunction) => { 23 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
23 logger.debug('Checking changeOwnership parameters', { parameters: req.params }) 24 logger.debug('Checking changeOwnership parameters', { parameters: req.params })
@@ -40,7 +41,8 @@ const videosChangeOwnershipValidator = [
40] 41]
41 42
42const videosTerminateChangeOwnershipValidator = [ 43const videosTerminateChangeOwnershipValidator = [
43 param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), 44 param('id')
45 .custom(isIdValid).withMessage('Should have a valid id'),
44 46
45 async (req: express.Request, res: express.Response, next: express.NextFunction) => { 47 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
46 logger.debug('Checking changeOwnership parameters', { parameters: req.params }) 48 logger.debug('Checking changeOwnership parameters', { parameters: req.params })
diff --git a/server/middlewares/validators/videos/video-playlists.ts b/server/middlewares/validators/videos/video-playlists.ts
index 0d2e6e90c..5ee7ee0ce 100644
--- a/server/middlewares/validators/videos/video-playlists.ts
+++ b/server/middlewares/validators/videos/video-playlists.ts
@@ -11,6 +11,7 @@ import {
11 isIdOrUUIDValid, 11 isIdOrUUIDValid,
12 isIdValid, 12 isIdValid,
13 isUUIDValid, 13 isUUIDValid,
14 toCompleteUUID,
14 toIntArray, 15 toIntArray,
15 toIntOrNull, 16 toIntOrNull,
16 toValueOrNull 17 toValueOrNull
@@ -29,7 +30,14 @@ import { CONSTRAINTS_FIELDS } from '../../../initializers/constants'
29import { VideoPlaylistElementModel } from '../../../models/video/video-playlist-element' 30import { VideoPlaylistElementModel } from '../../../models/video/video-playlist-element'
30import { MVideoPlaylist } from '../../../types/models/video/video-playlist' 31import { MVideoPlaylist } from '../../../types/models/video/video-playlist'
31import { authenticatePromiseIfNeeded } from '../../auth' 32import { authenticatePromiseIfNeeded } from '../../auth'
32import { areValidationErrors, doesVideoChannelIdExist, doesVideoExist, doesVideoPlaylistExist, VideoPlaylistFetchType } from '../shared' 33import {
34 areValidationErrors,
35 doesVideoChannelIdExist,
36 doesVideoExist,
37 doesVideoPlaylistExist,
38 isValidPlaylistIdParam,
39 VideoPlaylistFetchType
40} from '../shared'
33 41
34const videoPlaylistsAddValidator = getCommonPlaylistEditAttributes().concat([ 42const videoPlaylistsAddValidator = getCommonPlaylistEditAttributes().concat([
35 body('displayName') 43 body('displayName')
@@ -43,10 +51,13 @@ const videoPlaylistsAddValidator = getCommonPlaylistEditAttributes().concat([
43 const body: VideoPlaylistCreate = req.body 51 const body: VideoPlaylistCreate = req.body
44 if (body.videoChannelId && !await doesVideoChannelIdExist(body.videoChannelId, res)) return cleanUpReqFiles(req) 52 if (body.videoChannelId && !await doesVideoChannelIdExist(body.videoChannelId, res)) return cleanUpReqFiles(req)
45 53
46 if (body.privacy === VideoPlaylistPrivacy.PUBLIC && !body.videoChannelId) { 54 if (
55 !body.videoChannelId &&
56 (body.privacy === VideoPlaylistPrivacy.PUBLIC || body.privacy === VideoPlaylistPrivacy.UNLISTED)
57 ) {
47 cleanUpReqFiles(req) 58 cleanUpReqFiles(req)
48 59
49 return res.fail({ message: 'Cannot set "public" a playlist that is not assigned to a channel.' }) 60 return res.fail({ message: 'Cannot set "public" or "unlisted" a playlist that is not assigned to a channel.' })
50 } 61 }
51 62
52 return next() 63 return next()
@@ -54,8 +65,7 @@ const videoPlaylistsAddValidator = getCommonPlaylistEditAttributes().concat([
54]) 65])
55 66
56const videoPlaylistsUpdateValidator = getCommonPlaylistEditAttributes().concat([ 67const videoPlaylistsUpdateValidator = getCommonPlaylistEditAttributes().concat([
57 param('playlistId') 68 isValidPlaylistIdParam('playlistId'),
58 .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
59 69
60 body('displayName') 70 body('displayName')
61 .optional() 71 .optional()
@@ -101,8 +111,7 @@ const videoPlaylistsUpdateValidator = getCommonPlaylistEditAttributes().concat([
101]) 111])
102 112
103const videoPlaylistsDeleteValidator = [ 113const videoPlaylistsDeleteValidator = [
104 param('playlistId') 114 isValidPlaylistIdParam('playlistId'),
105 .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
106 115
107 async (req: express.Request, res: express.Response, next: express.NextFunction) => { 116 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
108 logger.debug('Checking videoPlaylistsDeleteValidator parameters', { parameters: req.params }) 117 logger.debug('Checking videoPlaylistsDeleteValidator parameters', { parameters: req.params })
@@ -126,8 +135,7 @@ const videoPlaylistsDeleteValidator = [
126 135
127const videoPlaylistsGetValidator = (fetchType: VideoPlaylistFetchType) => { 136const videoPlaylistsGetValidator = (fetchType: VideoPlaylistFetchType) => {
128 return [ 137 return [
129 param('playlistId') 138 isValidPlaylistIdParam('playlistId'),
130 .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
131 139
132 async (req: express.Request, res: express.Response, next: express.NextFunction) => { 140 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
133 logger.debug('Checking videoPlaylistsGetValidator parameters', { parameters: req.params }) 141 logger.debug('Checking videoPlaylistsGetValidator parameters', { parameters: req.params })
@@ -184,9 +192,10 @@ const videoPlaylistsSearchValidator = [
184] 192]
185 193
186const videoPlaylistsAddVideoValidator = [ 194const videoPlaylistsAddVideoValidator = [
187 param('playlistId') 195 isValidPlaylistIdParam('playlistId'),
188 .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'), 196
189 body('videoId') 197 body('videoId')
198 .customSanitizer(toCompleteUUID)
190 .custom(isIdOrUUIDValid).withMessage('Should have a valid video id/uuid'), 199 .custom(isIdOrUUIDValid).withMessage('Should have a valid video id/uuid'),
191 body('startTimestamp') 200 body('startTimestamp')
192 .optional() 201 .optional()
@@ -214,9 +223,9 @@ const videoPlaylistsAddVideoValidator = [
214] 223]
215 224
216const videoPlaylistsUpdateOrRemoveVideoValidator = [ 225const videoPlaylistsUpdateOrRemoveVideoValidator = [
217 param('playlistId') 226 isValidPlaylistIdParam('playlistId'),
218 .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
219 param('playlistElementId') 227 param('playlistElementId')
228 .customSanitizer(toCompleteUUID)
220 .custom(isIdValid).withMessage('Should have an element id/uuid'), 229 .custom(isIdValid).withMessage('Should have an element id/uuid'),
221 body('startTimestamp') 230 body('startTimestamp')
222 .optional() 231 .optional()
@@ -251,8 +260,7 @@ const videoPlaylistsUpdateOrRemoveVideoValidator = [
251] 260]
252 261
253const videoPlaylistElementAPGetValidator = [ 262const videoPlaylistElementAPGetValidator = [
254 param('playlistId') 263 isValidPlaylistIdParam('playlistId'),
255 .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
256 param('playlistElementId') 264 param('playlistElementId')
257 .custom(isIdValid).withMessage('Should have an playlist element id'), 265 .custom(isIdValid).withMessage('Should have an playlist element id'),
258 266
@@ -287,8 +295,7 @@ const videoPlaylistElementAPGetValidator = [
287] 295]
288 296
289const videoPlaylistsReorderVideosValidator = [ 297const videoPlaylistsReorderVideosValidator = [
290 param('playlistId') 298 isValidPlaylistIdParam('playlistId'),
291 .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
292 body('startPosition') 299 body('startPosition')
293 .isInt({ min: 1 }).withMessage('Should have a valid start position'), 300 .isInt({ min: 1 }).withMessage('Should have a valid start position'),
294 body('insertAfterPosition') 301 body('insertAfterPosition')
diff --git a/server/middlewares/validators/videos/video-rates.ts b/server/middlewares/validators/videos/video-rates.ts
index 4a802e75e..5d5dfb222 100644
--- a/server/middlewares/validators/videos/video-rates.ts
+++ b/server/middlewares/validators/videos/video-rates.ts
@@ -3,15 +3,16 @@ import { body, param, query } from 'express-validator'
3import { HttpStatusCode } from '../../../../shared/core-utils/miscs/http-error-codes' 3import { HttpStatusCode } from '../../../../shared/core-utils/miscs/http-error-codes'
4import { VideoRateType } from '../../../../shared/models/videos' 4import { VideoRateType } from '../../../../shared/models/videos'
5import { isAccountNameValid } from '../../../helpers/custom-validators/accounts' 5import { isAccountNameValid } from '../../../helpers/custom-validators/accounts'
6import { isIdOrUUIDValid, isIdValid } from '../../../helpers/custom-validators/misc' 6import { isIdValid } from '../../../helpers/custom-validators/misc'
7import { isRatingValid } from '../../../helpers/custom-validators/video-rates' 7import { isRatingValid } from '../../../helpers/custom-validators/video-rates'
8import { isVideoRatingTypeValid } from '../../../helpers/custom-validators/videos' 8import { isVideoRatingTypeValid } from '../../../helpers/custom-validators/videos'
9import { logger } from '../../../helpers/logger' 9import { logger } from '../../../helpers/logger'
10import { AccountVideoRateModel } from '../../../models/account/account-video-rate' 10import { AccountVideoRateModel } from '../../../models/account/account-video-rate'
11import { areValidationErrors, doesVideoExist } from '../shared' 11import { areValidationErrors, doesVideoExist, isValidVideoIdParam } from '../shared'
12 12
13const videoUpdateRateValidator = [ 13const videoUpdateRateValidator = [
14 param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), 14 isValidVideoIdParam('id'),
15
15 body('rating').custom(isVideoRatingTypeValid).withMessage('Should have a valid rate type'), 16 body('rating').custom(isVideoRatingTypeValid).withMessage('Should have a valid rate type'),
16 17
17 async (req: express.Request, res: express.Response, next: express.NextFunction) => { 18 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
diff --git a/server/middlewares/validators/videos/video-shares.ts b/server/middlewares/validators/videos/video-shares.ts
index cc2f66e94..7e54b6fc0 100644
--- a/server/middlewares/validators/videos/video-shares.ts
+++ b/server/middlewares/validators/videos/video-shares.ts
@@ -1,14 +1,16 @@
1import * as express from 'express' 1import * as express from 'express'
2import { param } from 'express-validator' 2import { param } from 'express-validator'
3import { HttpStatusCode } from '../../../../shared/core-utils/miscs/http-error-codes' 3import { HttpStatusCode } from '../../../../shared/core-utils/miscs/http-error-codes'
4import { isIdOrUUIDValid, isIdValid } from '../../../helpers/custom-validators/misc' 4import { isIdValid } from '../../../helpers/custom-validators/misc'
5import { logger } from '../../../helpers/logger' 5import { logger } from '../../../helpers/logger'
6import { VideoShareModel } from '../../../models/video/video-share' 6import { VideoShareModel } from '../../../models/video/video-share'
7import { areValidationErrors, doesVideoExist } from '../shared' 7import { areValidationErrors, doesVideoExist, isValidVideoIdParam } from '../shared'
8 8
9const videosShareValidator = [ 9const videosShareValidator = [
10 param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), 10 isValidVideoIdParam('id'),
11 param('actorId').custom(isIdValid).not().isEmpty().withMessage('Should have a valid actor id'), 11
12 param('actorId')
13 .custom(isIdValid).not().isEmpty().withMessage('Should have a valid actor id'),
12 14
13 async (req: express.Request, res: express.Response, next: express.NextFunction) => { 15 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
14 logger.debug('Checking videoShare parameters', { parameters: req.params }) 16 logger.debug('Checking videoShare parameters', { parameters: req.params })
diff --git a/server/middlewares/validators/videos/video-watch.ts b/server/middlewares/validators/videos/video-watch.ts
index ef8b89ece..43306f7cd 100644
--- a/server/middlewares/validators/videos/video-watch.ts
+++ b/server/middlewares/validators/videos/video-watch.ts
@@ -1,12 +1,13 @@
1import * as express from 'express' 1import * as express from 'express'
2import { body, param } from 'express-validator' 2import { body } from 'express-validator'
3import { HttpStatusCode } from '../../../../shared/core-utils/miscs/http-error-codes' 3import { HttpStatusCode } from '../../../../shared/core-utils/miscs/http-error-codes'
4import { isIdOrUUIDValid, toIntOrNull } from '../../../helpers/custom-validators/misc' 4import { toIntOrNull } from '../../../helpers/custom-validators/misc'
5import { logger } from '../../../helpers/logger' 5import { logger } from '../../../helpers/logger'
6import { areValidationErrors, doesVideoExist } from '../shared' 6import { areValidationErrors, doesVideoExist, isValidVideoIdParam } from '../shared'
7 7
8const videoWatchingValidator = [ 8const videoWatchingValidator = [
9 param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), 9 isValidVideoIdParam('videoId'),
10
10 body('currentTime') 11 body('currentTime')
11 .customSanitizer(toIntOrNull) 12 .customSanitizer(toIntOrNull)
12 .isInt().withMessage('Should have correct current time'), 13 .isInt().withMessage('Should have correct current time'),
diff --git a/server/middlewares/validators/videos/videos.ts b/server/middlewares/validators/videos/videos.ts
index 8201e80c3..49e10e2b5 100644
--- a/server/middlewares/validators/videos/videos.ts
+++ b/server/middlewares/validators/videos/videos.ts
@@ -12,7 +12,6 @@ import {
12 isBooleanValid, 12 isBooleanValid,
13 isDateValid, 13 isDateValid,
14 isFileFieldValid, 14 isFileFieldValid,
15 isIdOrUUIDValid,
16 isIdValid, 15 isIdValid,
17 isUUIDValid, 16 isUUIDValid,
18 toArray, 17 toArray,
@@ -53,7 +52,8 @@ import {
53 checkUserCanManageVideo, 52 checkUserCanManageVideo,
54 doesVideoChannelOfAccountExist, 53 doesVideoChannelOfAccountExist,
55 doesVideoExist, 54 doesVideoExist,
56 doesVideoFileOfVideoExist 55 doesVideoFileOfVideoExist,
56 isValidVideoIdParam
57} from '../shared' 57} from '../shared'
58 58
59const videosAddLegacyValidator = getCommonVideoEditAttributes().concat([ 59const videosAddLegacyValidator = getCommonVideoEditAttributes().concat([
@@ -195,7 +195,8 @@ const videosAddResumableInitValidator = getCommonVideoEditAttributes().concat([
195]) 195])
196 196
197const videosUpdateValidator = getCommonVideoEditAttributes().concat([ 197const videosUpdateValidator = getCommonVideoEditAttributes().concat([
198 param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), 198 isValidVideoIdParam('id'),
199
199 body('name') 200 body('name')
200 .optional() 201 .optional()
201 .trim() 202 .trim()
@@ -258,7 +259,7 @@ const videosCustomGetValidator = (
258 authenticateInQuery = false 259 authenticateInQuery = false
259) => { 260) => {
260 return [ 261 return [
261 param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), 262 isValidVideoIdParam('id'),
262 263
263 async (req: express.Request, res: express.Response, next: express.NextFunction) => { 264 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
264 logger.debug('Checking videosGet parameters', { parameters: req.params }) 265 logger.debug('Checking videosGet parameters', { parameters: req.params })
@@ -309,8 +310,10 @@ const videosGetValidator = videosCustomGetValidator('all')
309const videosDownloadValidator = videosCustomGetValidator('all', true) 310const videosDownloadValidator = videosCustomGetValidator('all', true)
310 311
311const videoFileMetadataGetValidator = getCommonVideoEditAttributes().concat([ 312const videoFileMetadataGetValidator = getCommonVideoEditAttributes().concat([
312 param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), 313 isValidVideoIdParam('id'),
313 param('videoFileId').custom(isIdValid).not().isEmpty().withMessage('Should have a valid videoFileId'), 314
315 param('videoFileId')
316 .custom(isIdValid).not().isEmpty().withMessage('Should have a valid videoFileId'),
314 317
315 async (req: express.Request, res: express.Response, next: express.NextFunction) => { 318 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
316 logger.debug('Checking videoFileMetadataGet parameters', { parameters: req.params }) 319 logger.debug('Checking videoFileMetadataGet parameters', { parameters: req.params })
@@ -323,7 +326,7 @@ const videoFileMetadataGetValidator = getCommonVideoEditAttributes().concat([
323]) 326])
324 327
325const videosRemoveValidator = [ 328const videosRemoveValidator = [
326 param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), 329 isValidVideoIdParam('id'),
327 330
328 async (req: express.Request, res: express.Response, next: express.NextFunction) => { 331 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
329 logger.debug('Checking videosRemove parameters', { parameters: req.params }) 332 logger.debug('Checking videosRemove parameters', { parameters: req.params })