aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/middlewares/validators/shared
diff options
context:
space:
mode:
Diffstat (limited to 'server/middlewares/validators/shared')
-rw-r--r--server/middlewares/validators/shared/videos.ts33
1 files changed, 30 insertions, 3 deletions
diff --git a/server/middlewares/validators/shared/videos.ts b/server/middlewares/validators/shared/videos.ts
index 71b81654f..fc978b63a 100644
--- a/server/middlewares/validators/shared/videos.ts
+++ b/server/middlewares/validators/shared/videos.ts
@@ -1,16 +1,20 @@
1import { Response } from 'express' 1import { Request, Response } from 'express'
2import { loadVideo, VideoLoadType } from '@server/lib/model-loaders' 2import { loadVideo, VideoLoadType } from '@server/lib/model-loaders'
3import { authenticatePromiseIfNeeded } from '@server/middlewares/auth'
4import { VideoModel } from '@server/models/video/video'
3import { VideoChannelModel } from '@server/models/video/video-channel' 5import { VideoChannelModel } from '@server/models/video/video-channel'
4import { VideoFileModel } from '@server/models/video/video-file' 6import { VideoFileModel } from '@server/models/video/video-file'
5import { 7import {
6 MUser, 8 MUser,
7 MUserAccountId, 9 MUserAccountId,
10 MVideo,
8 MVideoAccountLight, 11 MVideoAccountLight,
9 MVideoFormattableDetails, 12 MVideoFormattableDetails,
10 MVideoFullLight, 13 MVideoFullLight,
11 MVideoId, 14 MVideoId,
12 MVideoImmutable, 15 MVideoImmutable,
13 MVideoThumbnail 16 MVideoThumbnail,
17 MVideoWithRights
14} from '@server/types/models' 18} from '@server/types/models'
15import { HttpStatusCode, UserRight } from '@shared/models' 19import { HttpStatusCode, UserRight } from '@shared/models'
16 20
@@ -89,6 +93,27 @@ async function doesVideoChannelOfAccountExist (channelId: number, user: MUserAcc
89 return true 93 return true
90} 94}
91 95
96async function checkCanSeeVideoIfPrivate (req: Request, res: Response, video: MVideo, authenticateInQuery = false) {
97 if (!video.requiresAuth()) return true
98
99 const videoWithRights = await VideoModel.loadAndPopulateAccountAndServerAndTags(video.id)
100
101 return checkCanSeePrivateVideo(req, res, videoWithRights, authenticateInQuery)
102}
103
104async function checkCanSeePrivateVideo (req: Request, res: Response, video: MVideoWithRights, authenticateInQuery = false) {
105 await authenticatePromiseIfNeeded(req, res, authenticateInQuery)
106
107 const user = res.locals.oauth ? res.locals.oauth.token.User : null
108
109 // Only the owner or a user that have blocklist rights can see the video
110 if (!user || !user.canGetVideo(video)) {
111 return false
112 }
113
114 return true
115}
116
92function checkUserCanManageVideo (user: MUser, video: MVideoAccountLight, right: UserRight, res: Response, onlyOwned = true) { 117function checkUserCanManageVideo (user: MUser, video: MVideoAccountLight, right: UserRight, res: Response, onlyOwned = true) {
93 // Retrieve the user who did the request 118 // Retrieve the user who did the request
94 if (onlyOwned && video.isOwned() === false) { 119 if (onlyOwned && video.isOwned() === false) {
@@ -120,5 +145,7 @@ export {
120 doesVideoChannelOfAccountExist, 145 doesVideoChannelOfAccountExist,
121 doesVideoExist, 146 doesVideoExist,
122 doesVideoFileOfVideoExist, 147 doesVideoFileOfVideoExist,
123 checkUserCanManageVideo 148 checkUserCanManageVideo,
149 checkCanSeeVideoIfPrivate,
150 checkCanSeePrivateVideo
124} 151}