diff options
author | Chocobozzz <florian.bigard@gmail.com> | 2016-10-02 15:39:09 +0200 |
---|---|---|
committer | Chocobozzz <florian.bigard@gmail.com> | 2016-10-02 15:39:09 +0200 |
commit | a6375e69668ea42e19531c6bc68dcd37f3f7cbd7 (patch) | |
tree | 03204a408d56311692c3528bedcf95d2455e94f2 /server/middlewares | |
parent | 052937db8a8d282eccdbdf38d487ed8d85d3c0a7 (diff) | |
parent | c4403b29ad4db097af528a7f04eea07e0ed320d0 (diff) | |
download | PeerTube-a6375e69668ea42e19531c6bc68dcd37f3f7cbd7.tar.gz PeerTube-a6375e69668ea42e19531c6bc68dcd37f3f7cbd7.tar.zst PeerTube-a6375e69668ea42e19531c6bc68dcd37f3f7cbd7.zip |
Merge branch 'master' into webseed-merged
Diffstat (limited to 'server/middlewares')
-rw-r--r-- | server/middlewares/admin.js | 22 | ||||
-rw-r--r-- | server/middlewares/index.js | 24 | ||||
-rw-r--r-- | server/middlewares/oauth.js | 6 | ||||
-rw-r--r-- | server/middlewares/pagination.js | 2 | ||||
-rw-r--r-- | server/middlewares/pods.js | 62 | ||||
-rw-r--r-- | server/middlewares/search.js | 2 | ||||
-rw-r--r-- | server/middlewares/secure.js | 42 | ||||
-rw-r--r-- | server/middlewares/sort.js | 9 | ||||
-rw-r--r-- | server/middlewares/validators/index.js | 2 | ||||
-rw-r--r-- | server/middlewares/validators/pagination.js | 2 | ||||
-rw-r--r-- | server/middlewares/validators/pods.js | 34 | ||||
-rw-r--r-- | server/middlewares/validators/remote.js | 7 | ||||
-rw-r--r-- | server/middlewares/validators/sort.js | 13 | ||||
-rw-r--r-- | server/middlewares/validators/users.js | 67 | ||||
-rw-r--r-- | server/middlewares/validators/utils.js | 2 | ||||
-rw-r--r-- | server/middlewares/validators/videos.js | 16 |
16 files changed, 252 insertions, 60 deletions
diff --git a/server/middlewares/admin.js b/server/middlewares/admin.js new file mode 100644 index 000000000..e6d9dc887 --- /dev/null +++ b/server/middlewares/admin.js | |||
@@ -0,0 +1,22 @@ | |||
1 | 'use strict' | ||
2 | |||
3 | const constants = require('../initializers/constants') | ||
4 | const logger = require('../helpers/logger') | ||
5 | |||
6 | const adminMiddleware = { | ||
7 | ensureIsAdmin | ||
8 | } | ||
9 | |||
10 | function ensureIsAdmin (req, res, next) { | ||
11 | const user = res.locals.oauth.token.user | ||
12 | if (user.role !== constants.USER_ROLES.ADMIN) { | ||
13 | logger.info('A non admin user is trying to access to an admin content.') | ||
14 | return res.sendStatus(403) | ||
15 | } | ||
16 | |||
17 | return next() | ||
18 | } | ||
19 | |||
20 | // --------------------------------------------------------------------------- | ||
21 | |||
22 | module.exports = adminMiddleware | ||
diff --git a/server/middlewares/index.js b/server/middlewares/index.js index 0a233e701..3f253e31b 100644 --- a/server/middlewares/index.js +++ b/server/middlewares/index.js | |||
@@ -1,19 +1,23 @@ | |||
1 | 'use strict' | 1 | 'use strict' |
2 | 2 | ||
3 | const oauth = require('./oauth') | 3 | const adminMiddleware = require('./admin') |
4 | const pagination = require('./pagination') | 4 | const oauthMiddleware = require('./oauth') |
5 | const paginationMiddleware = require('./pagination') | ||
6 | const podsMiddleware = require('./pods') | ||
5 | const validatorsMiddleware = require('./validators') | 7 | const validatorsMiddleware = require('./validators') |
6 | const search = require('./search') | 8 | const searchMiddleware = require('./search') |
7 | const sort = require('./sort') | 9 | const sortMiddleware = require('./sort') |
8 | const secureMiddleware = require('./secure') | 10 | const secureMiddleware = require('./secure') |
9 | 11 | ||
10 | const middlewares = { | 12 | const middlewares = { |
11 | oauth: oauth, | 13 | admin: adminMiddleware, |
12 | pagination: pagination, | 14 | oauth: oauthMiddleware, |
13 | validators: validatorsMiddleware, | 15 | pagination: paginationMiddleware, |
14 | search: search, | 16 | pods: podsMiddleware, |
15 | sort: sort, | 17 | search: searchMiddleware, |
16 | secure: secureMiddleware | 18 | secure: secureMiddleware, |
19 | sort: sortMiddleware, | ||
20 | validators: validatorsMiddleware | ||
17 | } | 21 | } |
18 | 22 | ||
19 | // --------------------------------------------------------------------------- | 23 | // --------------------------------------------------------------------------- |
diff --git a/server/middlewares/oauth.js b/server/middlewares/oauth.js index 91a990509..3a02b9b48 100644 --- a/server/middlewares/oauth.js +++ b/server/middlewares/oauth.js | |||
@@ -12,8 +12,8 @@ const oAuthServer = new OAuthServer({ | |||
12 | }) | 12 | }) |
13 | 13 | ||
14 | const oAuth = { | 14 | const oAuth = { |
15 | authenticate: authenticate, | 15 | authenticate, |
16 | token: token | 16 | token |
17 | } | 17 | } |
18 | 18 | ||
19 | function authenticate (req, res, next) { | 19 | function authenticate (req, res, next) { |
@@ -23,7 +23,7 @@ function authenticate (req, res, next) { | |||
23 | return res.sendStatus(500) | 23 | return res.sendStatus(500) |
24 | } | 24 | } |
25 | 25 | ||
26 | if (res.statusCode === 401 || res.statusCode === 400) return res.end() | 26 | if (res.statusCode === 401 || res.statusCode === 400 || res.statusCode === 503) return res.end() |
27 | 27 | ||
28 | return next() | 28 | return next() |
29 | }) | 29 | }) |
diff --git a/server/middlewares/pagination.js b/server/middlewares/pagination.js index a571e51f6..a90f60aab 100644 --- a/server/middlewares/pagination.js +++ b/server/middlewares/pagination.js | |||
@@ -3,7 +3,7 @@ | |||
3 | const constants = require('../initializers/constants') | 3 | const constants = require('../initializers/constants') |
4 | 4 | ||
5 | const paginationMiddleware = { | 5 | const paginationMiddleware = { |
6 | setPagination: setPagination | 6 | setPagination |
7 | } | 7 | } |
8 | 8 | ||
9 | function setPagination (req, res, next) { | 9 | function setPagination (req, res, next) { |
diff --git a/server/middlewares/pods.js b/server/middlewares/pods.js new file mode 100644 index 000000000..6e0874a76 --- /dev/null +++ b/server/middlewares/pods.js | |||
@@ -0,0 +1,62 @@ | |||
1 | 'use strict' | ||
2 | |||
3 | const urlModule = require('url') | ||
4 | |||
5 | const logger = require('../helpers/logger') | ||
6 | |||
7 | const podsMiddleware = { | ||
8 | setBodyUrlsPort, | ||
9 | setBodyUrlPort | ||
10 | } | ||
11 | |||
12 | function setBodyUrlsPort (req, res, next) { | ||
13 | for (let i = 0; i < req.body.urls.length; i++) { | ||
14 | const urlWithPort = getUrlWithPort(req.body.urls[i]) | ||
15 | |||
16 | // Problem with the url parsing? | ||
17 | if (urlWithPort === null) { | ||
18 | return res.sendStatus(500) | ||
19 | } | ||
20 | |||
21 | req.body.urls[i] = urlWithPort | ||
22 | } | ||
23 | |||
24 | return next() | ||
25 | } | ||
26 | |||
27 | function setBodyUrlPort (req, res, next) { | ||
28 | const urlWithPort = getUrlWithPort(req.body.url) | ||
29 | |||
30 | // Problem with the url parsing? | ||
31 | if (urlWithPort === null) { | ||
32 | return res.sendStatus(500) | ||
33 | } | ||
34 | |||
35 | req.body.url = urlWithPort | ||
36 | |||
37 | return next() | ||
38 | } | ||
39 | |||
40 | // --------------------------------------------------------------------------- | ||
41 | |||
42 | module.exports = podsMiddleware | ||
43 | |||
44 | // --------------------------------------------------------------------------- | ||
45 | |||
46 | function getUrlWithPort (url) { | ||
47 | const urlObj = urlModule.parse(url) | ||
48 | |||
49 | // Add the port if it is not specified | ||
50 | if (urlObj.port === null) { | ||
51 | if (urlObj.protocol === 'http:') { | ||
52 | return url + ':80' | ||
53 | } else if (urlObj.protocol === 'https:') { | ||
54 | return url + ':443' | ||
55 | } else { | ||
56 | logger.error('Unknown url protocol: ' + urlObj.protocol) | ||
57 | return null | ||
58 | } | ||
59 | } | ||
60 | |||
61 | return url | ||
62 | } | ||
diff --git a/server/middlewares/search.js b/server/middlewares/search.js index 89302a564..bb88faf54 100644 --- a/server/middlewares/search.js +++ b/server/middlewares/search.js | |||
@@ -1,7 +1,7 @@ | |||
1 | 'use strict' | 1 | 'use strict' |
2 | 2 | ||
3 | const searchMiddleware = { | 3 | const searchMiddleware = { |
4 | setVideosSearch: setVideosSearch | 4 | setVideosSearch |
5 | } | 5 | } |
6 | 6 | ||
7 | function setVideosSearch (req, res, next) { | 7 | function setVideosSearch (req, res, next) { |
diff --git a/server/middlewares/secure.js b/server/middlewares/secure.js index 9779c14ac..58f824d14 100644 --- a/server/middlewares/secure.js +++ b/server/middlewares/secure.js | |||
@@ -7,10 +7,11 @@ const peertubeCrypto = require('../helpers/peertube-crypto') | |||
7 | const Pod = mongoose.model('Pod') | 7 | const Pod = mongoose.model('Pod') |
8 | 8 | ||
9 | const secureMiddleware = { | 9 | const secureMiddleware = { |
10 | decryptBody: decryptBody | 10 | checkSignature, |
11 | decryptBody | ||
11 | } | 12 | } |
12 | 13 | ||
13 | function decryptBody (req, res, next) { | 14 | function checkSignature (req, res, next) { |
14 | const url = req.body.signature.url | 15 | const url = req.body.signature.url |
15 | Pod.loadByUrl(url, function (err, pod) { | 16 | Pod.loadByUrl(url, function (err, pod) { |
16 | if (err) { | 17 | if (err) { |
@@ -28,21 +29,30 @@ function decryptBody (req, res, next) { | |||
28 | const signatureOk = peertubeCrypto.checkSignature(pod.publicKey, url, req.body.signature.signature) | 29 | const signatureOk = peertubeCrypto.checkSignature(pod.publicKey, url, req.body.signature.signature) |
29 | 30 | ||
30 | if (signatureOk === true) { | 31 | if (signatureOk === true) { |
31 | peertubeCrypto.decrypt(req.body.key, req.body.data, function (err, decrypted) { | 32 | return next() |
32 | if (err) { | 33 | } |
33 | logger.error('Cannot decrypt data.', { error: err }) | 34 | |
34 | return res.sendStatus(500) | 35 | logger.error('Signature is not okay in decryptBody for %s.', req.body.signature.url) |
35 | } | 36 | return res.sendStatus(403) |
36 | 37 | }) | |
37 | req.body.data = JSON.parse(decrypted) | 38 | } |
38 | delete req.body.key | 39 | |
39 | 40 | function decryptBody (req, res, next) { | |
40 | next() | 41 | peertubeCrypto.decrypt(req.body.key, req.body.data, function (err, decrypted) { |
41 | }) | 42 | if (err) { |
42 | } else { | 43 | logger.error('Cannot decrypt data.', { error: err }) |
43 | logger.error('Signature is not okay in decryptBody for %s.', req.body.signature.url) | 44 | return res.sendStatus(500) |
44 | return res.sendStatus(403) | ||
45 | } | 45 | } |
46 | |||
47 | try { | ||
48 | req.body.data = JSON.parse(decrypted) | ||
49 | delete req.body.key | ||
50 | } catch (err) { | ||
51 | logger.error('Error in JSON.parse', { error: err }) | ||
52 | return res.sendStatus(500) | ||
53 | } | ||
54 | |||
55 | next() | ||
46 | }) | 56 | }) |
47 | } | 57 | } |
48 | 58 | ||
diff --git a/server/middlewares/sort.js b/server/middlewares/sort.js index 9f52290a6..f0b7274eb 100644 --- a/server/middlewares/sort.js +++ b/server/middlewares/sort.js | |||
@@ -1,7 +1,14 @@ | |||
1 | 'use strict' | 1 | 'use strict' |
2 | 2 | ||
3 | const sortMiddleware = { | 3 | const sortMiddleware = { |
4 | setVideosSort: setVideosSort | 4 | setUsersSort, |
5 | setVideosSort | ||
6 | } | ||
7 | |||
8 | function setUsersSort (req, res, next) { | ||
9 | if (!req.query.sort) req.query.sort = '-createdDate' | ||
10 | |||
11 | return next() | ||
5 | } | 12 | } |
6 | 13 | ||
7 | function setVideosSort (req, res, next) { | 14 | function setVideosSort (req, res, next) { |
diff --git a/server/middlewares/validators/index.js b/server/middlewares/validators/index.js index 0471b3f92..6c3a9c2b4 100644 --- a/server/middlewares/validators/index.js +++ b/server/middlewares/validators/index.js | |||
@@ -4,6 +4,7 @@ const paginationValidators = require('./pagination') | |||
4 | const podsValidators = require('./pods') | 4 | const podsValidators = require('./pods') |
5 | const remoteValidators = require('./remote') | 5 | const remoteValidators = require('./remote') |
6 | const sortValidators = require('./sort') | 6 | const sortValidators = require('./sort') |
7 | const usersValidators = require('./users') | ||
7 | const videosValidators = require('./videos') | 8 | const videosValidators = require('./videos') |
8 | 9 | ||
9 | const validators = { | 10 | const validators = { |
@@ -11,6 +12,7 @@ const validators = { | |||
11 | pods: podsValidators, | 12 | pods: podsValidators, |
12 | remote: remoteValidators, | 13 | remote: remoteValidators, |
13 | sort: sortValidators, | 14 | sort: sortValidators, |
15 | users: usersValidators, | ||
14 | videos: videosValidators | 16 | videos: videosValidators |
15 | } | 17 | } |
16 | 18 | ||
diff --git a/server/middlewares/validators/pagination.js b/server/middlewares/validators/pagination.js index 8e9a01053..16682696e 100644 --- a/server/middlewares/validators/pagination.js +++ b/server/middlewares/validators/pagination.js | |||
@@ -4,7 +4,7 @@ const checkErrors = require('./utils').checkErrors | |||
4 | const logger = require('../../helpers/logger') | 4 | const logger = require('../../helpers/logger') |
5 | 5 | ||
6 | const validatorsPagination = { | 6 | const validatorsPagination = { |
7 | pagination: pagination | 7 | pagination |
8 | } | 8 | } |
9 | 9 | ||
10 | function pagination (req, res, next) { | 10 | function pagination (req, res, next) { |
diff --git a/server/middlewares/validators/pods.js b/server/middlewares/validators/pods.js index fda2e865f..fd3d1e2f2 100644 --- a/server/middlewares/validators/pods.js +++ b/server/middlewares/validators/pods.js | |||
@@ -5,23 +5,29 @@ const friends = require('../../lib/friends') | |||
5 | const logger = require('../../helpers/logger') | 5 | const logger = require('../../helpers/logger') |
6 | 6 | ||
7 | const validatorsPod = { | 7 | const validatorsPod = { |
8 | makeFriends: makeFriends, | 8 | makeFriends, |
9 | podsAdd: podsAdd | 9 | podsAdd |
10 | } | 10 | } |
11 | 11 | ||
12 | function makeFriends (req, res, next) { | 12 | function makeFriends (req, res, next) { |
13 | friends.hasFriends(function (err, hasFriends) { | 13 | req.checkBody('urls', 'Should have an array of unique urls').isEachUniqueUrlValid() |
14 | if (err) { | 14 | |
15 | logger.error('Cannot know if we have friends.', { error: err }) | 15 | logger.debug('Checking makeFriends parameters', { parameters: req.body }) |
16 | res.sendStatus(500) | 16 | |
17 | } | 17 | checkErrors(req, res, function () { |
18 | 18 | friends.hasFriends(function (err, hasFriends) { | |
19 | if (hasFriends === true) { | 19 | if (err) { |
20 | // We need to quit our friends before make new ones | 20 | logger.error('Cannot know if we have friends.', { error: err }) |
21 | res.sendStatus(409) | 21 | res.sendStatus(500) |
22 | } else { | 22 | } |
23 | return next() | 23 | |
24 | } | 24 | if (hasFriends === true) { |
25 | // We need to quit our friends before make new ones | ||
26 | res.sendStatus(409) | ||
27 | } else { | ||
28 | return next() | ||
29 | } | ||
30 | }) | ||
25 | }) | 31 | }) |
26 | } | 32 | } |
27 | 33 | ||
diff --git a/server/middlewares/validators/remote.js b/server/middlewares/validators/remote.js index 1be119458..8c29ef8ca 100644 --- a/server/middlewares/validators/remote.js +++ b/server/middlewares/validators/remote.js | |||
@@ -4,9 +4,9 @@ const checkErrors = require('./utils').checkErrors | |||
4 | const logger = require('../../helpers/logger') | 4 | const logger = require('../../helpers/logger') |
5 | 5 | ||
6 | const validatorsRemote = { | 6 | const validatorsRemote = { |
7 | dataToDecrypt: dataToDecrypt, | 7 | dataToDecrypt, |
8 | remoteVideos: remoteVideos, | 8 | remoteVideos, |
9 | signature: signature | 9 | signature |
10 | } | 10 | } |
11 | 11 | ||
12 | function dataToDecrypt (req, res, next) { | 12 | function dataToDecrypt (req, res, next) { |
@@ -19,7 +19,6 @@ function dataToDecrypt (req, res, next) { | |||
19 | } | 19 | } |
20 | 20 | ||
21 | function remoteVideos (req, res, next) { | 21 | function remoteVideos (req, res, next) { |
22 | req.checkBody('data').isArray() | ||
23 | req.checkBody('data').isEachRemoteVideosValid() | 22 | req.checkBody('data').isEachRemoteVideosValid() |
24 | 23 | ||
25 | logger.debug('Checking remoteVideos parameters', { parameters: req.body }) | 24 | logger.debug('Checking remoteVideos parameters', { parameters: req.body }) |
diff --git a/server/middlewares/validators/sort.js b/server/middlewares/validators/sort.js index 56b63cc8b..431d3fffd 100644 --- a/server/middlewares/validators/sort.js +++ b/server/middlewares/validators/sort.js | |||
@@ -5,7 +5,18 @@ const constants = require('../../initializers/constants') | |||
5 | const logger = require('../../helpers/logger') | 5 | const logger = require('../../helpers/logger') |
6 | 6 | ||
7 | const validatorsSort = { | 7 | const validatorsSort = { |
8 | videosSort: videosSort | 8 | usersSort, |
9 | videosSort | ||
10 | } | ||
11 | |||
12 | function usersSort (req, res, next) { | ||
13 | const sortableColumns = constants.SORTABLE_COLUMNS.USERS | ||
14 | |||
15 | req.checkQuery('sort', 'Should have correct sortable column').optional().isIn(sortableColumns) | ||
16 | |||
17 | logger.debug('Checking sort parameters', { parameters: req.query }) | ||
18 | |||
19 | checkErrors(req, res, next) | ||
9 | } | 20 | } |
10 | 21 | ||
11 | function videosSort (req, res, next) { | 22 | function videosSort (req, res, next) { |
diff --git a/server/middlewares/validators/users.js b/server/middlewares/validators/users.js new file mode 100644 index 000000000..d541e9124 --- /dev/null +++ b/server/middlewares/validators/users.js | |||
@@ -0,0 +1,67 @@ | |||
1 | 'use strict' | ||
2 | |||
3 | const mongoose = require('mongoose') | ||
4 | |||
5 | const checkErrors = require('./utils').checkErrors | ||
6 | const logger = require('../../helpers/logger') | ||
7 | |||
8 | const User = mongoose.model('User') | ||
9 | |||
10 | const validatorsUsers = { | ||
11 | usersAdd, | ||
12 | usersRemove, | ||
13 | usersUpdate | ||
14 | } | ||
15 | |||
16 | function usersAdd (req, res, next) { | ||
17 | req.checkBody('username', 'Should have a valid username').isUserUsernameValid() | ||
18 | req.checkBody('password', 'Should have a valid password').isUserPasswordValid() | ||
19 | |||
20 | logger.debug('Checking usersAdd parameters', { parameters: req.body }) | ||
21 | |||
22 | checkErrors(req, res, function () { | ||
23 | User.loadByUsername(req.body.username, function (err, user) { | ||
24 | if (err) { | ||
25 | logger.error('Error in usersAdd request validator.', { error: err }) | ||
26 | return res.sendStatus(500) | ||
27 | } | ||
28 | |||
29 | if (user) return res.status(409).send('User already exists.') | ||
30 | |||
31 | next() | ||
32 | }) | ||
33 | }) | ||
34 | } | ||
35 | |||
36 | function usersRemove (req, res, next) { | ||
37 | req.checkParams('id', 'Should have a valid id').notEmpty().isMongoId() | ||
38 | |||
39 | logger.debug('Checking usersRemove parameters', { parameters: req.params }) | ||
40 | |||
41 | checkErrors(req, res, function () { | ||
42 | User.loadById(req.params.id, function (err, user) { | ||
43 | if (err) { | ||
44 | logger.error('Error in usersRemove request validator.', { error: err }) | ||
45 | return res.sendStatus(500) | ||
46 | } | ||
47 | |||
48 | if (!user) return res.status(404).send('User not found') | ||
49 | |||
50 | next() | ||
51 | }) | ||
52 | }) | ||
53 | } | ||
54 | |||
55 | function usersUpdate (req, res, next) { | ||
56 | req.checkParams('id', 'Should have a valid id').notEmpty().isMongoId() | ||
57 | // Add old password verification | ||
58 | req.checkBody('password', 'Should have a valid password').isUserPasswordValid() | ||
59 | |||
60 | logger.debug('Checking usersUpdate parameters', { parameters: req.body }) | ||
61 | |||
62 | checkErrors(req, res, next) | ||
63 | } | ||
64 | |||
65 | // --------------------------------------------------------------------------- | ||
66 | |||
67 | module.exports = validatorsUsers | ||
diff --git a/server/middlewares/validators/utils.js b/server/middlewares/validators/utils.js index f6e5b2b38..3741b84c6 100644 --- a/server/middlewares/validators/utils.js +++ b/server/middlewares/validators/utils.js | |||
@@ -5,7 +5,7 @@ const util = require('util') | |||
5 | const logger = require('../../helpers/logger') | 5 | const logger = require('../../helpers/logger') |
6 | 6 | ||
7 | const validatorsUtils = { | 7 | const validatorsUtils = { |
8 | checkErrors: checkErrors | 8 | checkErrors |
9 | } | 9 | } |
10 | 10 | ||
11 | function checkErrors (req, res, next, statusCode) { | 11 | function checkErrors (req, res, next, statusCode) { |
diff --git a/server/middlewares/validators/videos.js b/server/middlewares/validators/videos.js index 3e2af06fb..76e943e77 100644 --- a/server/middlewares/validators/videos.js +++ b/server/middlewares/validators/videos.js | |||
@@ -4,20 +4,21 @@ const mongoose = require('mongoose') | |||
4 | 4 | ||
5 | const checkErrors = require('./utils').checkErrors | 5 | const checkErrors = require('./utils').checkErrors |
6 | const constants = require('../../initializers/constants') | 6 | const constants = require('../../initializers/constants') |
7 | const customValidators = require('../../helpers/custom-validators') | 7 | const customVideosValidators = require('../../helpers/custom-validators').videos |
8 | const logger = require('../../helpers/logger') | 8 | const logger = require('../../helpers/logger') |
9 | 9 | ||
10 | const Video = mongoose.model('Video') | 10 | const Video = mongoose.model('Video') |
11 | 11 | ||
12 | const validatorsVideos = { | 12 | const validatorsVideos = { |
13 | videosAdd: videosAdd, | 13 | videosAdd, |
14 | videosGet: videosGet, | 14 | videosGet, |
15 | videosRemove: videosRemove, | 15 | videosRemove, |
16 | videosSearch: videosSearch | 16 | videosSearch |
17 | } | 17 | } |
18 | 18 | ||
19 | function videosAdd (req, res, next) { | 19 | function videosAdd (req, res, next) { |
20 | req.checkFiles('videofile[0].originalname', 'Should have an input video').notEmpty() | 20 | req.checkFiles('videofile[0].originalname', 'Should have an input video').notEmpty() |
21 | // TODO: move to constants and function | ||
21 | req.checkFiles('videofile[0].mimetype', 'Should have a correct mime type').matches(/video\/(webm)|(mp4)|(ogg)/i) | 22 | req.checkFiles('videofile[0].mimetype', 'Should have a correct mime type').matches(/video\/(webm)|(mp4)|(ogg)/i) |
22 | req.checkBody('name', 'Should have a valid name').isVideoNameValid() | 23 | req.checkBody('name', 'Should have a valid name').isVideoNameValid() |
23 | req.checkBody('description', 'Should have a valid description').isVideoDescriptionValid() | 24 | req.checkBody('description', 'Should have a valid description').isVideoDescriptionValid() |
@@ -33,8 +34,8 @@ function videosAdd (req, res, next) { | |||
33 | return res.status(400).send('Cannot retrieve metadata of the file.') | 34 | return res.status(400).send('Cannot retrieve metadata of the file.') |
34 | } | 35 | } |
35 | 36 | ||
36 | if (!customValidators.isVideoDurationValid(duration)) { | 37 | if (!customVideosValidators.isVideoDurationValid(duration)) { |
37 | return res.status(400).send('Duration of the video file is too big (max: ' + constants.VIDEOS_CONSTRAINTS_FIELDS.DURATION.max + 's).') | 38 | return res.status(400).send('Duration of the video file is too big (max: ' + constants.CONSTRAINTS_FIELDS.VIDEOS.DURATION.max + 's).') |
38 | } | 39 | } |
39 | 40 | ||
40 | videoFile.duration = duration | 41 | videoFile.duration = duration |
@@ -76,6 +77,7 @@ function videosRemove (req, res, next) { | |||
76 | 77 | ||
77 | if (!video) return res.status(404).send('Video not found') | 78 | if (!video) return res.status(404).send('Video not found') |
78 | else if (video.isOwned() === false) return res.status(403).send('Cannot remove video of another pod') | 79 | else if (video.isOwned() === false) return res.status(403).send('Cannot remove video of another pod') |
80 | else if (video.author !== res.locals.oauth.token.user.username) return res.status(403).send('Cannot remove video of another user') | ||
79 | 81 | ||
80 | next() | 82 | next() |
81 | }) | 83 | }) |