diff options
Diffstat (limited to 'server/middlewares/validators/video-channels.ts')
-rw-r--r-- | server/middlewares/validators/video-channels.ts | 142 |
1 files changed, 142 insertions, 0 deletions
diff --git a/server/middlewares/validators/video-channels.ts b/server/middlewares/validators/video-channels.ts new file mode 100644 index 000000000..979fbd34a --- /dev/null +++ b/server/middlewares/validators/video-channels.ts | |||
@@ -0,0 +1,142 @@ | |||
1 | import { body, param } from 'express-validator/check' | ||
2 | import * as express from 'express' | ||
3 | |||
4 | import { checkErrors } from './utils' | ||
5 | import { database as db } from '../../initializers' | ||
6 | import { | ||
7 | logger, | ||
8 | isIdOrUUIDValid, | ||
9 | isVideoChannelDescriptionValid, | ||
10 | isVideoChannelNameValid, | ||
11 | checkVideoChannelExists, | ||
12 | checkVideoAuthorExists | ||
13 | } from '../../helpers' | ||
14 | |||
15 | const listVideoAuthorChannelsValidator = [ | ||
16 | param('authorId').custom(isIdOrUUIDValid).withMessage('Should have a valid author id'), | ||
17 | |||
18 | (req: express.Request, res: express.Response, next: express.NextFunction) => { | ||
19 | logger.debug('Checking listVideoAuthorChannelsValidator parameters', { parameters: req.body }) | ||
20 | |||
21 | checkErrors(req, res, () => { | ||
22 | checkVideoAuthorExists(req.params.authorId, res, next) | ||
23 | }) | ||
24 | } | ||
25 | ] | ||
26 | |||
27 | const videoChannelsAddValidator = [ | ||
28 | body('name').custom(isVideoChannelNameValid).withMessage('Should have a valid name'), | ||
29 | body('description').custom(isVideoChannelDescriptionValid).withMessage('Should have a valid description'), | ||
30 | |||
31 | (req: express.Request, res: express.Response, next: express.NextFunction) => { | ||
32 | logger.debug('Checking videoChannelsAdd parameters', { parameters: req.body }) | ||
33 | |||
34 | checkErrors(req, res, next) | ||
35 | } | ||
36 | ] | ||
37 | |||
38 | const videoChannelsUpdateValidator = [ | ||
39 | param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), | ||
40 | body('name').optional().custom(isVideoChannelNameValid).withMessage('Should have a valid name'), | ||
41 | body('description').optional().custom(isVideoChannelDescriptionValid).withMessage('Should have a valid description'), | ||
42 | |||
43 | (req: express.Request, res: express.Response, next: express.NextFunction) => { | ||
44 | logger.debug('Checking videoChannelsUpdate parameters', { parameters: req.body }) | ||
45 | |||
46 | checkErrors(req, res, () => { | ||
47 | checkVideoChannelExists(req.params.id, res, () => { | ||
48 | // We need to make additional checks | ||
49 | if (res.locals.videoChannel.isOwned() === false) { | ||
50 | return res.status(403) | ||
51 | .json({ error: 'Cannot update video channel of another pod' }) | ||
52 | .end() | ||
53 | } | ||
54 | |||
55 | if (res.locals.videoChannel.Author.userId !== res.locals.oauth.token.User.id) { | ||
56 | return res.status(403) | ||
57 | .json({ error: 'Cannot update video channel of another user' }) | ||
58 | .end() | ||
59 | } | ||
60 | |||
61 | next() | ||
62 | }) | ||
63 | }) | ||
64 | } | ||
65 | ] | ||
66 | |||
67 | const videoChannelsRemoveValidator = [ | ||
68 | param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), | ||
69 | |||
70 | (req: express.Request, res: express.Response, next: express.NextFunction) => { | ||
71 | logger.debug('Checking videoChannelsRemove parameters', { parameters: req.params }) | ||
72 | |||
73 | checkErrors(req, res, () => { | ||
74 | checkVideoChannelExists(req.params.id, res, () => { | ||
75 | // Check if the user who did the request is able to delete the video | ||
76 | checkUserCanDeleteVideoChannel(res, () => { | ||
77 | checkVideoChannelIsNotTheLastOne(res, next) | ||
78 | }) | ||
79 | }) | ||
80 | }) | ||
81 | } | ||
82 | ] | ||
83 | |||
84 | const videoChannelGetValidator = [ | ||
85 | param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), | ||
86 | |||
87 | (req: express.Request, res: express.Response, next: express.NextFunction) => { | ||
88 | logger.debug('Checking videoChannelsGet parameters', { parameters: req.params }) | ||
89 | |||
90 | checkErrors(req, res, () => { | ||
91 | checkVideoChannelExists(req.params.id, res, next) | ||
92 | }) | ||
93 | } | ||
94 | ] | ||
95 | |||
96 | // --------------------------------------------------------------------------- | ||
97 | |||
98 | export { | ||
99 | listVideoAuthorChannelsValidator, | ||
100 | videoChannelsAddValidator, | ||
101 | videoChannelsUpdateValidator, | ||
102 | videoChannelsRemoveValidator, | ||
103 | videoChannelGetValidator | ||
104 | } | ||
105 | |||
106 | // --------------------------------------------------------------------------- | ||
107 | |||
108 | function checkUserCanDeleteVideoChannel (res: express.Response, callback: () => void) { | ||
109 | const user = res.locals.oauth.token.User | ||
110 | |||
111 | // Retrieve the user who did the request | ||
112 | if (res.locals.videoChannel.isOwned() === false) { | ||
113 | return res.status(403) | ||
114 | .json({ error: 'Cannot remove video channel of another pod.' }) | ||
115 | .end() | ||
116 | } | ||
117 | |||
118 | // Check if the user can delete the video channel | ||
119 | // The user can delete it if s/he is an admin | ||
120 | // Or if s/he is the video channel's author | ||
121 | if (user.isAdmin() === false && res.locals.videoChannel.Author.userId !== user.id) { | ||
122 | return res.status(403) | ||
123 | .json({ error: 'Cannot remove video channel of another user' }) | ||
124 | .end() | ||
125 | } | ||
126 | |||
127 | // If we reach this comment, we can delete the video | ||
128 | callback() | ||
129 | } | ||
130 | |||
131 | function checkVideoChannelIsNotTheLastOne (res: express.Response, callback: () => void) { | ||
132 | db.VideoChannel.countByAuthor(res.locals.oauth.token.User.Author.id) | ||
133 | .then(count => { | ||
134 | if (count <= 1) { | ||
135 | return res.status(409) | ||
136 | .json({ error: 'Cannot remove the last channel of this user' }) | ||
137 | .end() | ||
138 | } | ||
139 | |||
140 | callback() | ||
141 | }) | ||
142 | } | ||