diff options
Diffstat (limited to 'server/middlewares/validators/shared')
-rw-r--r-- | server/middlewares/validators/shared/utils.ts | 1 | ||||
-rw-r--r-- | server/middlewares/validators/shared/videos.ts | 26 |
2 files changed, 25 insertions, 2 deletions
diff --git a/server/middlewares/validators/shared/utils.ts b/server/middlewares/validators/shared/utils.ts index 104eace91..410de4d80 100644 --- a/server/middlewares/validators/shared/utils.ts +++ b/server/middlewares/validators/shared/utils.ts | |||
@@ -8,6 +8,7 @@ function areValidationErrors (req: express.Request, res: express.Response) { | |||
8 | 8 | ||
9 | if (!errors.isEmpty()) { | 9 | if (!errors.isEmpty()) { |
10 | logger.warn('Incorrect request parameters', { path: req.originalUrl, err: errors.mapped() }) | 10 | logger.warn('Incorrect request parameters', { path: req.originalUrl, err: errors.mapped() }) |
11 | |||
11 | res.fail({ | 12 | res.fail({ |
12 | message: 'Incorrect request parameters: ' + Object.keys(errors.mapped()).join(', '), | 13 | message: 'Incorrect request parameters: ' + Object.keys(errors.mapped()).join(', '), |
13 | instance: req.originalUrl, | 14 | instance: req.originalUrl, |
diff --git a/server/middlewares/validators/shared/videos.ts b/server/middlewares/validators/shared/videos.ts index fc978b63a..8807435f6 100644 --- a/server/middlewares/validators/shared/videos.ts +++ b/server/middlewares/validators/shared/videos.ts | |||
@@ -1,5 +1,6 @@ | |||
1 | import { Request, Response } from 'express' | 1 | import { Request, Response } from 'express' |
2 | import { loadVideo, VideoLoadType } from '@server/lib/model-loaders' | 2 | import { loadVideo, VideoLoadType } from '@server/lib/model-loaders' |
3 | import { isAbleToUploadVideo } from '@server/lib/user' | ||
3 | import { authenticatePromiseIfNeeded } from '@server/middlewares/auth' | 4 | import { authenticatePromiseIfNeeded } from '@server/middlewares/auth' |
4 | import { VideoModel } from '@server/models/video/video' | 5 | import { VideoModel } from '@server/models/video/video' |
5 | import { VideoChannelModel } from '@server/models/video/video-channel' | 6 | import { VideoChannelModel } from '@server/models/video/video-channel' |
@@ -7,6 +8,7 @@ import { VideoFileModel } from '@server/models/video/video-file' | |||
7 | import { | 8 | import { |
8 | MUser, | 9 | MUser, |
9 | MUserAccountId, | 10 | MUserAccountId, |
11 | MUserId, | ||
10 | MVideo, | 12 | MVideo, |
11 | MVideoAccountLight, | 13 | MVideoAccountLight, |
12 | MVideoFormattableDetails, | 14 | MVideoFormattableDetails, |
@@ -16,7 +18,7 @@ import { | |||
16 | MVideoThumbnail, | 18 | MVideoThumbnail, |
17 | MVideoWithRights | 19 | MVideoWithRights |
18 | } from '@server/types/models' | 20 | } from '@server/types/models' |
19 | import { HttpStatusCode, UserRight } from '@shared/models' | 21 | import { HttpStatusCode, ServerErrorCode, UserRight } from '@shared/models' |
20 | 22 | ||
21 | async function doesVideoExist (id: number | string, res: Response, fetchType: VideoLoadType = 'all') { | 23 | async function doesVideoExist (id: number | string, res: Response, fetchType: VideoLoadType = 'all') { |
22 | const userId = res.locals.oauth ? res.locals.oauth.token.User.id : undefined | 24 | const userId = res.locals.oauth ? res.locals.oauth.token.User.id : undefined |
@@ -108,6 +110,11 @@ async function checkCanSeePrivateVideo (req: Request, res: Response, video: MVid | |||
108 | 110 | ||
109 | // Only the owner or a user that have blocklist rights can see the video | 111 | // Only the owner or a user that have blocklist rights can see the video |
110 | if (!user || !user.canGetVideo(video)) { | 112 | if (!user || !user.canGetVideo(video)) { |
113 | res.fail({ | ||
114 | status: HttpStatusCode.FORBIDDEN_403, | ||
115 | message: 'Cannot fetch information of private/internal/blocklisted video' | ||
116 | }) | ||
117 | |||
111 | return false | 118 | return false |
112 | } | 119 | } |
113 | 120 | ||
@@ -139,13 +146,28 @@ function checkUserCanManageVideo (user: MUser, video: MVideoAccountLight, right: | |||
139 | return true | 146 | return true |
140 | } | 147 | } |
141 | 148 | ||
149 | async function checkUserQuota (user: MUserId, videoFileSize: number, res: Response) { | ||
150 | if (await isAbleToUploadVideo(user.id, videoFileSize) === false) { | ||
151 | res.fail({ | ||
152 | status: HttpStatusCode.PAYLOAD_TOO_LARGE_413, | ||
153 | message: 'The user video quota is exceeded with this video.', | ||
154 | type: ServerErrorCode.QUOTA_REACHED | ||
155 | }) | ||
156 | return false | ||
157 | } | ||
158 | |||
159 | return true | ||
160 | } | ||
161 | |||
142 | // --------------------------------------------------------------------------- | 162 | // --------------------------------------------------------------------------- |
143 | 163 | ||
144 | export { | 164 | export { |
145 | doesVideoChannelOfAccountExist, | 165 | doesVideoChannelOfAccountExist, |
146 | doesVideoExist, | 166 | doesVideoExist, |
147 | doesVideoFileOfVideoExist, | 167 | doesVideoFileOfVideoExist, |
168 | |||
148 | checkUserCanManageVideo, | 169 | checkUserCanManageVideo, |
149 | checkCanSeeVideoIfPrivate, | 170 | checkCanSeeVideoIfPrivate, |
150 | checkCanSeePrivateVideo | 171 | checkCanSeePrivateVideo, |
172 | checkUserQuota | ||
151 | } | 173 | } |