diff options
Diffstat (limited to 'server/middlewares/validators/videos.ts')
-rw-r--r-- | server/middlewares/validators/videos.ts | 75 |
1 files changed, 37 insertions, 38 deletions
diff --git a/server/middlewares/validators/videos.ts b/server/middlewares/validators/videos.ts index 03742a522..ec452cade 100644 --- a/server/middlewares/validators/videos.ts +++ b/server/middlewares/validators/videos.ts | |||
@@ -1,5 +1,4 @@ | |||
1 | import 'express-validator' | 1 | import 'express-validator' |
2 | import * as multer from 'multer' | ||
3 | import * as express from 'express' | 2 | import * as express from 'express' |
4 | 3 | ||
5 | import { database as db } from '../../initializers/database' | 4 | import { database as db } from '../../initializers/database' |
@@ -24,18 +23,19 @@ function videosAddValidator (req: express.Request, res: express.Response, next: | |||
24 | checkErrors(req, res, function () { | 23 | checkErrors(req, res, function () { |
25 | const videoFile = req.files.videofile[0] | 24 | const videoFile = req.files.videofile[0] |
26 | 25 | ||
27 | db.Video.getDurationFromFile(videoFile.path, function (err, duration) { | 26 | db.Video.getDurationFromFile(videoFile.path) |
28 | if (err) { | 27 | .then(duration => { |
29 | return res.status(400).send('Cannot retrieve metadata of the file.') | 28 | if (!isVideoDurationValid('' + duration)) { |
30 | } | 29 | return res.status(400).send('Duration of the video file is too big (max: ' + CONSTRAINTS_FIELDS.VIDEOS.DURATION.max + 's).') |
31 | 30 | } | |
32 | if (!isVideoDurationValid(duration)) { | ||
33 | return res.status(400).send('Duration of the video file is too big (max: ' + CONSTRAINTS_FIELDS.VIDEOS.DURATION.max + 's).') | ||
34 | } | ||
35 | 31 | ||
36 | videoFile['duration'] = duration | 32 | videoFile['duration'] = duration |
37 | next() | 33 | next() |
38 | }) | 34 | }) |
35 | .catch(err => { | ||
36 | logger.error('Error in getting duration from file.', { error: err }) | ||
37 | res.status(400).send('Cannot retrieve metadata of the file.') | ||
38 | }) | ||
39 | }) | 39 | }) |
40 | } | 40 | } |
41 | 41 | ||
@@ -157,43 +157,42 @@ export { | |||
157 | // --------------------------------------------------------------------------- | 157 | // --------------------------------------------------------------------------- |
158 | 158 | ||
159 | function checkVideoExists (id: string, res: express.Response, callback: () => void) { | 159 | function checkVideoExists (id: string, res: express.Response, callback: () => void) { |
160 | db.Video.loadAndPopulateAuthorAndPodAndTags(id, function (err, video) { | 160 | db.Video.loadAndPopulateAuthorAndPodAndTags(id).then(video => { |
161 | if (err) { | ||
162 | logger.error('Error in video request validator.', { error: err }) | ||
163 | return res.sendStatus(500) | ||
164 | } | ||
165 | |||
166 | if (!video) return res.status(404).send('Video not found') | 161 | if (!video) return res.status(404).send('Video not found') |
167 | 162 | ||
168 | res.locals.video = video | 163 | res.locals.video = video |
169 | callback() | 164 | callback() |
170 | }) | 165 | }) |
166 | .catch(err => { | ||
167 | logger.error('Error in video request validator.', { error: err }) | ||
168 | return res.sendStatus(500) | ||
169 | }) | ||
171 | } | 170 | } |
172 | 171 | ||
173 | function checkUserCanDeleteVideo (userId: number, res: express.Response, callback: () => void) { | 172 | function checkUserCanDeleteVideo (userId: number, res: express.Response, callback: () => void) { |
174 | // Retrieve the user who did the request | 173 | // Retrieve the user who did the request |
175 | db.User.loadById(userId, function (err, user) { | 174 | db.User.loadById(userId) |
176 | if (err) { | 175 | .then(user => { |
177 | logger.error('Error in video request validator.', { error: err }) | 176 | // Check if the user can delete the video |
178 | return res.sendStatus(500) | 177 | // The user can delete it if s/he is an admin |
179 | } | 178 | // Or if s/he is the video's author |
180 | 179 | if (user.isAdmin() === false) { | |
181 | // Check if the user can delete the video | 180 | if (res.locals.video.isOwned() === false) { |
182 | // The user can delete it if s/he is an admin | 181 | return res.status(403).send('Cannot remove video of another pod') |
183 | // Or if s/he is the video's author | 182 | } |
184 | if (user.isAdmin() === false) { | 183 | |
185 | if (res.locals.video.isOwned() === false) { | 184 | if (res.locals.video.Author.userId !== res.locals.oauth.token.User.id) { |
186 | return res.status(403).send('Cannot remove video of another pod') | 185 | return res.status(403).send('Cannot remove video of another user') |
187 | } | 186 | } |
188 | |||
189 | if (res.locals.video.Author.userId !== res.locals.oauth.token.User.id) { | ||
190 | return res.status(403).send('Cannot remove video of another user') | ||
191 | } | 187 | } |
192 | } | ||
193 | 188 | ||
194 | // If we reach this comment, we can delete the video | 189 | // If we reach this comment, we can delete the video |
195 | callback() | 190 | callback() |
196 | }) | 191 | }) |
192 | .catch(err => { | ||
193 | logger.error('Error in video request validator.', { error: err }) | ||
194 | return res.sendStatus(500) | ||
195 | }) | ||
197 | } | 196 | } |
198 | 197 | ||
199 | function checkVideoIsBlacklistable (req: express.Request, res: express.Response, callback: () => void) { | 198 | function checkVideoIsBlacklistable (req: express.Request, res: express.Response, callback: () => void) { |