3 files changed, 67 insertions, 9 deletions
diff --git a/server/middlewares/validators/shared/user-registrations.ts b/server/middlewares/validators/shared/user-registrations.ts
new file mode 100644
index 000000000..dbc7dda06
--- /dev/null
+++ b/server/middlewares/validators/shared/user-registrations.ts
@@ -0,0 +1,60 @@
+import express from 'express'
+import { UserRegistrationModel } from '@server/models/user/user-registration'
+import { MRegistration } from '@server/types/models'
+import { forceNumber, pick } from '@shared/core-utils'
+import { HttpStatusCode } from '@shared/models'
+function checkRegistrationIdExist (idArg: number | string, res: express.Response) {
+  const id = forceNumber(idArg)
+  return checkRegistrationExist(() => UserRegistrationModel.load(id), res)
+}
+function checkRegistrationEmailExist (email: string, res: express.Response, abortResponse = true) {
+  return checkRegistrationExist(() => UserRegistrationModel.loadByEmail(email), res, abortResponse)
+}
+async function checkRegistrationHandlesDoNotAlreadyExist (options: {
+  username: string
+  channelHandle: string
+  email: string
+  res: express.Response
+}) {
+  const { res } = options
+  const registration = await UserRegistrationModel.loadByEmailOrHandle(pick(options, [ 'username', 'email', 'channelHandle' ]))
+  if (registration) {
+    res.fail({
+      status: HttpStatusCode.CONFLICT_409,
+      message: 'Registration with this username, channel name or email already exists.'
+    })
+    return false
+  }
+  return true
+}
+async function checkRegistrationExist (finder: () => Promise<MRegistration>, res: express.Response, abortResponse = true) {
+  const registration = await finder()
+  if (!registration) {
+    if (abortResponse === true) {
+      res.fail({
+        status: HttpStatusCode.NOT_FOUND_404,
+        message: 'User not found'
+      })
+    }
+    return false
+  }
+  res.locals.userRegistration = registration
+  return true
+}
+export {
+  checkRegistrationIdExist,
+  checkRegistrationEmailExist,
+  checkRegistrationHandlesDoNotAlreadyExist,
+  checkRegistrationExist
+}
diff --git a/server/middlewares/validators/shared/users.ts b/server/middlewares/validators/shared/users.ts
index b8f1436d3..030adc9f7 100644
--- a/server/middlewares/validators/shared/users.ts
+++ b/server/middlewares/validators/shared/users.ts
@@ -14,7 +14,7 @@ function checkUserEmailExist (email: string, res: express.Response, abortRespons
  return checkUserExist(() => UserModel.loadByEmail(email), res, abortResponse)
 }
-async function checkUserNameOrEmailDoesNotAlreadyExist (username: string, email: string, res: express.Response) {
+async function checkUserNameOrEmailDoNotAlreadyExist (username: string, email: string, res: express.Response) {
  const user = await UserModel.loadByUsernameOrEmail(username, email)
  if (user) {
@@ -58,6 +58,6 @@ async function checkUserExist (finder: () => Promise<MUserDefault>, res: express
 export {
  checkUserIdExist,
  checkUserEmailExist,
-  checkUserNameOrEmailDoesNotAlreadyExist,
+  checkUserNameOrEmailDoNotAlreadyExist,
  checkUserExist
 }
diff --git a/server/middlewares/validators/shared/videos.ts b/server/middlewares/validators/shared/videos.ts
index ebbfc0a0a..0033a32ff 100644
--- a/server/middlewares/validators/shared/videos.ts
+++ b/server/middlewares/validators/shared/videos.ts
@@ -180,18 +180,16 @@ async function checkCanAccessVideoStaticFiles (options: {
    return checkCanSeeVideo(options)
  }
-  if (!video.hasPrivateStaticPath()) return true
  const videoFileToken = req.query.videoFileToken
-  if (!videoFileToken) {
+  if (videoFileToken && VideoTokensManager.Instance.hasToken({ token: videoFileToken, videoUUID: video.uuid })) {
-    res.sendStatus(HttpStatusCode.FORBIDDEN_403)
+    const user = VideoTokensManager.Instance.getUserFromToken({ token: videoFileToken })
-    return false
-  }
-  if (VideoTokensManager.Instance.hasToken({ token: videoFileToken, videoUUID: video.uuid })) {
+    res.locals.videoFileToken = { user }
    return true
  }
+  if (!video.hasPrivateStaticPath()) return true
  res.sendStatus(HttpStatusCode.FORBIDDEN_403)
  return false
 }

diff --git a/server/middlewares/validators/shared/user-registrations.ts b/server/middlewares/validators/shared/user-registrations.ts new file mode 100644 index 000000000..dbc7dda06 --- /dev/null +++ b/server/middlewares/validators/shared/user-registrations.ts
@@ -0,0 +1,60 @@
		1	import express from 'express'
		2	import { UserRegistrationModel } from '@server/models/user/user-registration'
		3	import { MRegistration } from '@server/types/models'
		4	import { forceNumber, pick } from '@shared/core-utils'
		5	import { HttpStatusCode } from '@shared/models'
		6
		7	function checkRegistrationIdExist (idArg: number \| string, res: express.Response) {
		8	const id = forceNumber(idArg)
		9	return checkRegistrationExist(() => UserRegistrationModel.load(id), res)
		10	}
		11
		12	function checkRegistrationEmailExist (email: string, res: express.Response, abortResponse = true) {
		13	return checkRegistrationExist(() => UserRegistrationModel.loadByEmail(email), res, abortResponse)
		14	}
		15
		16	async function checkRegistrationHandlesDoNotAlreadyExist (options: {
		17	username: string
		18	channelHandle: string
		19	email: string
		20	res: express.Response
		21	}) {
		22	const { res } = options
		23
		24	const registration = await UserRegistrationModel.loadByEmailOrHandle(pick(options, [ 'username', 'email', 'channelHandle' ]))
		25
		26	if (registration) {
		27	res.fail({
		28	status: HttpStatusCode.CONFLICT_409,
		29	message: 'Registration with this username, channel name or email already exists.'
		30	})
		31	return false
		32	}
		33
		34	return true
		35	}
		36
		37	async function checkRegistrationExist (finder: () => Promise<MRegistration>, res: express.Response, abortResponse = true) {
		38	const registration = await finder()
		39
		40	if (!registration) {
		41	if (abortResponse === true) {
		42	res.fail({
		43	status: HttpStatusCode.NOT_FOUND_404,
		44	message: 'User not found'
		45	})
		46	}
		47
		48	return false
		49	}
		50
		51	res.locals.userRegistration = registration
		52	return true
		53	}
		54
		55	export {
		56	checkRegistrationIdExist,
		57	checkRegistrationEmailExist,
		58	checkRegistrationHandlesDoNotAlreadyExist,
		59	checkRegistrationExist
		60	}


diff --git a/server/middlewares/validators/shared/users.ts b/server/middlewares/validators/shared/users.ts index b8f1436d3..030adc9f7 100644 --- a/server/middlewares/validators/shared/users.ts +++ b/server/middlewares/validators/shared/users.ts
@@ -14,7 +14,7 @@ function checkUserEmailExist (email: string, res: express.Response, abortRespons
14	return checkUserExist(() => UserModel.loadByEmail(email), res, abortResponse)	14	return checkUserExist(() => UserModel.loadByEmail(email), res, abortResponse)
15	}	15	}
16		16
17	async function checkUserNameOrEmailDoesNotAlreadyExist (username: string, email: string, res: express.Response) {	17	async function checkUserNameOrEmailDoNotAlreadyExist (username: string, email: string, res: express.Response) {
18	const user = await UserModel.loadByUsernameOrEmail(username, email)	18	const user = await UserModel.loadByUsernameOrEmail(username, email)
19		19
20	if (user) {	20	if (user) {
@@ -58,6 +58,6 @@ async function checkUserExist (finder: () => Promise<MUserDefault>, res: express
58	export {	58	export {
59	checkUserIdExist,	59	checkUserIdExist,
60	checkUserEmailExist,	60	checkUserEmailExist,
61	checkUserNameOrEmailDoesNotAlreadyExist,	61	checkUserNameOrEmailDoNotAlreadyExist,
62	checkUserExist	62	checkUserExist
63	}	63	}


diff --git a/server/middlewares/validators/shared/videos.ts b/server/middlewares/validators/shared/videos.ts index ebbfc0a0a..0033a32ff 100644 --- a/server/middlewares/validators/shared/videos.ts +++ b/server/middlewares/validators/shared/videos.ts
@@ -180,18 +180,16 @@ async function checkCanAccessVideoStaticFiles (options: {
180	return checkCanSeeVideo(options)	180	return checkCanSeeVideo(options)
181	}	181	}
182		182
183	if (!video.hasPrivateStaticPath()) return true
184
185	const videoFileToken = req.query.videoFileToken	183	const videoFileToken = req.query.videoFileToken
186	if (!videoFileToken) {	184	if (videoFileToken && VideoTokensManager.Instance.hasToken({ token: videoFileToken, videoUUID: video.uuid })) {
187	res.sendStatus(HttpStatusCode.FORBIDDEN_403)	185	const user = VideoTokensManager.Instance.getUserFromToken({ token: videoFileToken })
188	return false
189	}
190		186
191	if (VideoTokensManager.Instance.hasToken({ token: videoFileToken, videoUUID: video.uuid })) {	187	res.locals.videoFileToken = { user }
192	return true	188	return true
193	}	189	}
194		190
		191	if (!video.hasPrivateStaticPath()) return true
		192
195	res.sendStatus(HttpStatusCode.FORBIDDEN_403)	193	res.sendStatus(HttpStatusCode.FORBIDDEN_403)
196	return false	194	return false
197	}	195	}