aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/middlewares/validators/video-channels.ts
diff options
context:
space:
mode:
Diffstat (limited to 'server/middlewares/validators/video-channels.ts')
-rw-r--r--server/middlewares/validators/video-channels.ts142
1 files changed, 142 insertions, 0 deletions
diff --git a/server/middlewares/validators/video-channels.ts b/server/middlewares/validators/video-channels.ts
new file mode 100644
index 000000000..979fbd34a
--- /dev/null
+++ b/server/middlewares/validators/video-channels.ts
@@ -0,0 +1,142 @@
1import { body, param } from 'express-validator/check'
2import * as express from 'express'
3
4import { checkErrors } from './utils'
5import { database as db } from '../../initializers'
6import {
7 logger,
8 isIdOrUUIDValid,
9 isVideoChannelDescriptionValid,
10 isVideoChannelNameValid,
11 checkVideoChannelExists,
12 checkVideoAuthorExists
13} from '../../helpers'
14
15const listVideoAuthorChannelsValidator = [
16 param('authorId').custom(isIdOrUUIDValid).withMessage('Should have a valid author id'),
17
18 (req: express.Request, res: express.Response, next: express.NextFunction) => {
19 logger.debug('Checking listVideoAuthorChannelsValidator parameters', { parameters: req.body })
20
21 checkErrors(req, res, () => {
22 checkVideoAuthorExists(req.params.authorId, res, next)
23 })
24 }
25]
26
27const videoChannelsAddValidator = [
28 body('name').custom(isVideoChannelNameValid).withMessage('Should have a valid name'),
29 body('description').custom(isVideoChannelDescriptionValid).withMessage('Should have a valid description'),
30
31 (req: express.Request, res: express.Response, next: express.NextFunction) => {
32 logger.debug('Checking videoChannelsAdd parameters', { parameters: req.body })
33
34 checkErrors(req, res, next)
35 }
36]
37
38const videoChannelsUpdateValidator = [
39 param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
40 body('name').optional().custom(isVideoChannelNameValid).withMessage('Should have a valid name'),
41 body('description').optional().custom(isVideoChannelDescriptionValid).withMessage('Should have a valid description'),
42
43 (req: express.Request, res: express.Response, next: express.NextFunction) => {
44 logger.debug('Checking videoChannelsUpdate parameters', { parameters: req.body })
45
46 checkErrors(req, res, () => {
47 checkVideoChannelExists(req.params.id, res, () => {
48 // We need to make additional checks
49 if (res.locals.videoChannel.isOwned() === false) {
50 return res.status(403)
51 .json({ error: 'Cannot update video channel of another pod' })
52 .end()
53 }
54
55 if (res.locals.videoChannel.Author.userId !== res.locals.oauth.token.User.id) {
56 return res.status(403)
57 .json({ error: 'Cannot update video channel of another user' })
58 .end()
59 }
60
61 next()
62 })
63 })
64 }
65]
66
67const videoChannelsRemoveValidator = [
68 param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
69
70 (req: express.Request, res: express.Response, next: express.NextFunction) => {
71 logger.debug('Checking videoChannelsRemove parameters', { parameters: req.params })
72
73 checkErrors(req, res, () => {
74 checkVideoChannelExists(req.params.id, res, () => {
75 // Check if the user who did the request is able to delete the video
76 checkUserCanDeleteVideoChannel(res, () => {
77 checkVideoChannelIsNotTheLastOne(res, next)
78 })
79 })
80 })
81 }
82]
83
84const videoChannelGetValidator = [
85 param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
86
87 (req: express.Request, res: express.Response, next: express.NextFunction) => {
88 logger.debug('Checking videoChannelsGet parameters', { parameters: req.params })
89
90 checkErrors(req, res, () => {
91 checkVideoChannelExists(req.params.id, res, next)
92 })
93 }
94]
95
96// ---------------------------------------------------------------------------
97
98export {
99 listVideoAuthorChannelsValidator,
100 videoChannelsAddValidator,
101 videoChannelsUpdateValidator,
102 videoChannelsRemoveValidator,
103 videoChannelGetValidator
104}
105
106// ---------------------------------------------------------------------------
107
108function checkUserCanDeleteVideoChannel (res: express.Response, callback: () => void) {
109 const user = res.locals.oauth.token.User
110
111 // Retrieve the user who did the request
112 if (res.locals.videoChannel.isOwned() === false) {
113 return res.status(403)
114 .json({ error: 'Cannot remove video channel of another pod.' })
115 .end()
116 }
117
118 // Check if the user can delete the video channel
119 // The user can delete it if s/he is an admin
120 // Or if s/he is the video channel's author
121 if (user.isAdmin() === false && res.locals.videoChannel.Author.userId !== user.id) {
122 return res.status(403)
123 .json({ error: 'Cannot remove video channel of another user' })
124 .end()
125 }
126
127 // If we reach this comment, we can delete the video
128 callback()
129}
130
131function checkVideoChannelIsNotTheLastOne (res: express.Response, callback: () => void) {
132 db.VideoChannel.countByAuthor(res.locals.oauth.token.User.Author.id)
133 .then(count => {
134 if (count <= 1) {
135 return res.status(409)
136 .json({ error: 'Cannot remove the last channel of this user' })
137 .end()
138 }
139
140 callback()
141 })
142}