1 files changed, 38 insertions, 0 deletions
diff --git a/server/middlewares/validators/videos/video-comments.ts b/server/middlewares/validators/videos/video-comments.ts
index ffde208b7..9c1bfaeaa 100644
--- a/server/middlewares/validators/videos/video-comments.ts
+++ b/server/middlewares/validators/videos/video-comments.ts
@@ -9,6 +9,8 @@ import { UserModel } from '../../../models/account/user'
 import { VideoModel } from '../../../models/video/video'
 import { VideoCommentModel } from '../../../models/video/video-comment'
 import { areValidationErrors } from '../utils'
+import { Hooks } from '../../../lib/plugins/hooks'
+import { isLocalVideoThreadAccepted, isLocalVideoCommentReplyAccepted, AcceptResult } from '../../../lib/moderation'
 const listVideoCommentThreadsValidator = [
  param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'),
@@ -48,6 +50,7 @@ const addVideoCommentThreadValidator = [
    if (areValidationErrors(req, res)) return
    if (!await doesVideoExist(req.params.videoId, res)) return
    if (!isVideoCommentsEnabled(res.locals.video, res)) return
+    if (!await isVideoCommentAccepted(req, res, false)) return
    return next()
  }
@@ -65,6 +68,7 @@ const addVideoCommentReplyValidator = [
    if (!await doesVideoExist(req.params.videoId, res)) return
    if (!isVideoCommentsEnabled(res.locals.video, res)) return
    if (!await doesVideoCommentExist(req.params.commentId, res.locals.video, res)) return
+    if (!await isVideoCommentAccepted(req, res, true)) return
    return next()
  }
@@ -193,3 +197,37 @@ function checkUserCanDeleteVideoComment (user: UserModel, videoComment: VideoCom
  return true
 }
+async function isVideoCommentAccepted (req: express.Request, res: express.Response, isReply: boolean) {
+  const acceptParameters = {
+    video: res.locals.video,
+    commentBody: req.body,
+    user: res.locals.oauth.token.User
+  }
+  let acceptedResult: AcceptResult
+  if (isReply) {
+    const acceptReplyParameters = Object.assign(acceptParameters, { parentComment: res.locals.videoComment })
+    acceptedResult = await Hooks.wrapObject(
+      isLocalVideoCommentReplyAccepted(acceptReplyParameters),
+      'filter:api.video-comment-reply.create.accept.result'
+    )
+  } else {
+    acceptedResult = await Hooks.wrapObject(
+      isLocalVideoThreadAccepted(acceptParameters),
+      'filter:api.video-thread.create.accept.result'
+    )
+  }
+  if (!acceptedResult || acceptedResult.accepted !== true) {
+    logger.info('Refused local comment.', { acceptedResult, acceptParameters })
+    res.status(403)
+              .json({ error: acceptedResult.errorMessage || 'Refused local comment' })
+    return false
+  }
+  return true
+}

diff --git a/server/middlewares/validators/videos/video-comments.ts b/server/middlewares/validators/videos/video-comments.ts index ffde208b7..9c1bfaeaa 100644 --- a/server/middlewares/validators/videos/video-comments.ts +++ b/server/middlewares/validators/videos/video-comments.ts
@@ -9,6 +9,8 @@ import { UserModel } from '../../../models/account/user'
9	import { VideoModel } from '../../../models/video/video'	9	import { VideoModel } from '../../../models/video/video'
10	import { VideoCommentModel } from '../../../models/video/video-comment'	10	import { VideoCommentModel } from '../../../models/video/video-comment'
11	import { areValidationErrors } from '../utils'	11	import { areValidationErrors } from '../utils'
		12	import { Hooks } from '../../../lib/plugins/hooks'
		13	import { isLocalVideoThreadAccepted, isLocalVideoCommentReplyAccepted, AcceptResult } from '../../../lib/moderation'
12		14
13	const listVideoCommentThreadsValidator = [	15	const listVideoCommentThreadsValidator = [
14	param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'),	16	param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'),
@@ -48,6 +50,7 @@ const addVideoCommentThreadValidator = [
48	if (areValidationErrors(req, res)) return	50	if (areValidationErrors(req, res)) return
49	if (!await doesVideoExist(req.params.videoId, res)) return	51	if (!await doesVideoExist(req.params.videoId, res)) return
50	if (!isVideoCommentsEnabled(res.locals.video, res)) return	52	if (!isVideoCommentsEnabled(res.locals.video, res)) return
		53	if (!await isVideoCommentAccepted(req, res, false)) return
51		54
52	return next()	55	return next()
53	}	56	}
@@ -65,6 +68,7 @@ const addVideoCommentReplyValidator = [
65	if (!await doesVideoExist(req.params.videoId, res)) return	68	if (!await doesVideoExist(req.params.videoId, res)) return
66	if (!isVideoCommentsEnabled(res.locals.video, res)) return	69	if (!isVideoCommentsEnabled(res.locals.video, res)) return
67	if (!await doesVideoCommentExist(req.params.commentId, res.locals.video, res)) return	70	if (!await doesVideoCommentExist(req.params.commentId, res.locals.video, res)) return
		71	if (!await isVideoCommentAccepted(req, res, true)) return
68		72
69	return next()	73	return next()
70	}	74	}
@@ -193,3 +197,37 @@ function checkUserCanDeleteVideoComment (user: UserModel, videoComment: VideoCom
193		197
194	return true	198	return true
195	}	199	}
		200
		201	async function isVideoCommentAccepted (req: express.Request, res: express.Response, isReply: boolean) {
		202	const acceptParameters = {
		203	video: res.locals.video,
		204	commentBody: req.body,
		205	user: res.locals.oauth.token.User
		206	}
		207
		208	let acceptedResult: AcceptResult
		209
		210	if (isReply) {
		211	const acceptReplyParameters = Object.assign(acceptParameters, { parentComment: res.locals.videoComment })
		212
		213	acceptedResult = await Hooks.wrapObject(
		214	isLocalVideoCommentReplyAccepted(acceptReplyParameters),
		215	'filter:api.video-comment-reply.create.accept.result'
		216	)
		217	} else {
		218	acceptedResult = await Hooks.wrapObject(
		219	isLocalVideoThreadAccepted(acceptParameters),
		220	'filter:api.video-thread.create.accept.result'
		221	)
		222	}
		223
		224	if (!acceptedResult \|\| acceptedResult.accepted !== true) {
		225	logger.info('Refused local comment.', { acceptedResult, acceptParameters })
		226	res.status(403)
		227	.json({ error: acceptedResult.errorMessage \|\| 'Refused local comment' })
		228
		229	return false
		230	}
		231
		232	return true
		233	}