aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/middlewares/validators/videos.ts
diff options
context:
space:
mode:
Diffstat (limited to 'server/middlewares/validators/videos.ts')
-rw-r--r--server/middlewares/validators/videos.ts75
1 files changed, 37 insertions, 38 deletions
diff --git a/server/middlewares/validators/videos.ts b/server/middlewares/validators/videos.ts
index 03742a522..ec452cade 100644
--- a/server/middlewares/validators/videos.ts
+++ b/server/middlewares/validators/videos.ts
@@ -1,5 +1,4 @@
1import 'express-validator' 1import 'express-validator'
2import * as multer from 'multer'
3import * as express from 'express' 2import * as express from 'express'
4 3
5import { database as db } from '../../initializers/database' 4import { database as db } from '../../initializers/database'
@@ -24,18 +23,19 @@ function videosAddValidator (req: express.Request, res: express.Response, next:
24 checkErrors(req, res, function () { 23 checkErrors(req, res, function () {
25 const videoFile = req.files.videofile[0] 24 const videoFile = req.files.videofile[0]
26 25
27 db.Video.getDurationFromFile(videoFile.path, function (err, duration) { 26 db.Video.getDurationFromFile(videoFile.path)
28 if (err) { 27 .then(duration => {
29 return res.status(400).send('Cannot retrieve metadata of the file.') 28 if (!isVideoDurationValid('' + duration)) {
30 } 29 return res.status(400).send('Duration of the video file is too big (max: ' + CONSTRAINTS_FIELDS.VIDEOS.DURATION.max + 's).')
31 30 }
32 if (!isVideoDurationValid(duration)) {
33 return res.status(400).send('Duration of the video file is too big (max: ' + CONSTRAINTS_FIELDS.VIDEOS.DURATION.max + 's).')
34 }
35 31
36 videoFile['duration'] = duration 32 videoFile['duration'] = duration
37 next() 33 next()
38 }) 34 })
35 .catch(err => {
36 logger.error('Error in getting duration from file.', { error: err })
37 res.status(400).send('Cannot retrieve metadata of the file.')
38 })
39 }) 39 })
40} 40}
41 41
@@ -157,43 +157,42 @@ export {
157// --------------------------------------------------------------------------- 157// ---------------------------------------------------------------------------
158 158
159function checkVideoExists (id: string, res: express.Response, callback: () => void) { 159function checkVideoExists (id: string, res: express.Response, callback: () => void) {
160 db.Video.loadAndPopulateAuthorAndPodAndTags(id, function (err, video) { 160 db.Video.loadAndPopulateAuthorAndPodAndTags(id).then(video => {
161 if (err) {
162 logger.error('Error in video request validator.', { error: err })
163 return res.sendStatus(500)
164 }
165
166 if (!video) return res.status(404).send('Video not found') 161 if (!video) return res.status(404).send('Video not found')
167 162
168 res.locals.video = video 163 res.locals.video = video
169 callback() 164 callback()
170 }) 165 })
166 .catch(err => {
167 logger.error('Error in video request validator.', { error: err })
168 return res.sendStatus(500)
169 })
171} 170}
172 171
173function checkUserCanDeleteVideo (userId: number, res: express.Response, callback: () => void) { 172function checkUserCanDeleteVideo (userId: number, res: express.Response, callback: () => void) {
174 // Retrieve the user who did the request 173 // Retrieve the user who did the request
175 db.User.loadById(userId, function (err, user) { 174 db.User.loadById(userId)
176 if (err) { 175 .then(user => {
177 logger.error('Error in video request validator.', { error: err }) 176 // Check if the user can delete the video
178 return res.sendStatus(500) 177 // The user can delete it if s/he is an admin
179 } 178 // Or if s/he is the video's author
180 179 if (user.isAdmin() === false) {
181 // Check if the user can delete the video 180 if (res.locals.video.isOwned() === false) {
182 // The user can delete it if s/he is an admin 181 return res.status(403).send('Cannot remove video of another pod')
183 // Or if s/he is the video's author 182 }
184 if (user.isAdmin() === false) { 183
185 if (res.locals.video.isOwned() === false) { 184 if (res.locals.video.Author.userId !== res.locals.oauth.token.User.id) {
186 return res.status(403).send('Cannot remove video of another pod') 185 return res.status(403).send('Cannot remove video of another user')
187 } 186 }
188
189 if (res.locals.video.Author.userId !== res.locals.oauth.token.User.id) {
190 return res.status(403).send('Cannot remove video of another user')
191 } 187 }
192 }
193 188
194 // If we reach this comment, we can delete the video 189 // If we reach this comment, we can delete the video
195 callback() 190 callback()
196 }) 191 })
192 .catch(err => {
193 logger.error('Error in video request validator.', { error: err })
194 return res.sendStatus(500)
195 })
197} 196}
198 197
199function checkVideoIsBlacklistable (req: express.Request, res: express.Response, callback: () => void) { 198function checkVideoIsBlacklistable (req: express.Request, res: express.Response, callback: () => void) {