1 files changed, 24 insertions, 17 deletions
diff --git a/server/middlewares/validators/videos/video-playlists.ts b/server/middlewares/validators/videos/video-playlists.ts
index 0d2e6e90c..5ee7ee0ce 100644
--- a/server/middlewares/validators/videos/video-playlists.ts
+++ b/server/middlewares/validators/videos/video-playlists.ts
@@ -11,6 +11,7 @@ import {
  isIdOrUUIDValid,
  isIdValid,
  isUUIDValid,
+  toCompleteUUID,
  toIntArray,
  toIntOrNull,
  toValueOrNull
@@ -29,7 +30,14 @@ import { CONSTRAINTS_FIELDS } from '../../../initializers/constants'
 import { VideoPlaylistElementModel } from '../../../models/video/video-playlist-element'
 import { MVideoPlaylist } from '../../../types/models/video/video-playlist'
 import { authenticatePromiseIfNeeded } from '../../auth'
-import { areValidationErrors, doesVideoChannelIdExist, doesVideoExist, doesVideoPlaylistExist, VideoPlaylistFetchType } from '../shared'
+import {
+  areValidationErrors,
+  doesVideoChannelIdExist,
+  doesVideoExist,
+  doesVideoPlaylistExist,
+  isValidPlaylistIdParam,
+  VideoPlaylistFetchType
+} from '../shared'
 const videoPlaylistsAddValidator = getCommonPlaylistEditAttributes().concat([
  body('displayName')
@@ -43,10 +51,13 @@ const videoPlaylistsAddValidator = getCommonPlaylistEditAttributes().concat([
    const body: VideoPlaylistCreate = req.body
    if (body.videoChannelId && !await doesVideoChannelIdExist(body.videoChannelId, res)) return cleanUpReqFiles(req)
-    if (body.privacy === VideoPlaylistPrivacy.PUBLIC && !body.videoChannelId) {
+    if (
+      !body.videoChannelId &&
+      (body.privacy === VideoPlaylistPrivacy.PUBLIC || body.privacy === VideoPlaylistPrivacy.UNLISTED)
+    ) {
      cleanUpReqFiles(req)
-      return res.fail({ message: 'Cannot set "public" a playlist that is not assigned to a channel.' })
+      return res.fail({ message: 'Cannot set "public" or "unlisted" a playlist that is not assigned to a channel.' })
    }
    return next()
@@ -54,8 +65,7 @@ const videoPlaylistsAddValidator = getCommonPlaylistEditAttributes().concat([
 ])
 const videoPlaylistsUpdateValidator = getCommonPlaylistEditAttributes().concat([
-  param('playlistId')
+  isValidPlaylistIdParam('playlistId'),
-    .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
  body('displayName')
    .optional()
@@ -101,8 +111,7 @@ const videoPlaylistsUpdateValidator = getCommonPlaylistEditAttributes().concat([
 ])
 const videoPlaylistsDeleteValidator = [
-  param('playlistId')
+  isValidPlaylistIdParam('playlistId'),
-    .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking videoPlaylistsDeleteValidator parameters', { parameters: req.params })
@@ -126,8 +135,7 @@ const videoPlaylistsDeleteValidator = [
 const videoPlaylistsGetValidator = (fetchType: VideoPlaylistFetchType) => {
  return [
-    param('playlistId')
+    isValidPlaylistIdParam('playlistId'),
-      .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
    async (req: express.Request, res: express.Response, next: express.NextFunction) => {
      logger.debug('Checking videoPlaylistsGetValidator parameters', { parameters: req.params })
@@ -184,9 +192,10 @@ const videoPlaylistsSearchValidator = [
 ]
 const videoPlaylistsAddVideoValidator = [
-  param('playlistId')
+  isValidPlaylistIdParam('playlistId'),
-    .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
  body('videoId')
+    .customSanitizer(toCompleteUUID)
    .custom(isIdOrUUIDValid).withMessage('Should have a valid video id/uuid'),
  body('startTimestamp')
    .optional()
@@ -214,9 +223,9 @@ const videoPlaylistsAddVideoValidator = [
 ]
 const videoPlaylistsUpdateOrRemoveVideoValidator = [
-  param('playlistId')
+  isValidPlaylistIdParam('playlistId'),
-    .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
  param('playlistElementId')
+    .customSanitizer(toCompleteUUID)
    .custom(isIdValid).withMessage('Should have an element id/uuid'),
  body('startTimestamp')
    .optional()
@@ -251,8 +260,7 @@ const videoPlaylistsUpdateOrRemoveVideoValidator = [
 ]
 const videoPlaylistElementAPGetValidator = [
-  param('playlistId')
+  isValidPlaylistIdParam('playlistId'),
-    .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
  param('playlistElementId')
    .custom(isIdValid).withMessage('Should have an playlist element id'),
@@ -287,8 +295,7 @@ const videoPlaylistElementAPGetValidator = [
 ]
 const videoPlaylistsReorderVideosValidator = [
-  param('playlistId')
+  isValidPlaylistIdParam('playlistId'),
-    .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
  body('startPosition')
    .isInt({ min: 1 }).withMessage('Should have a valid start position'),
  body('insertAfterPosition')

diff --git a/server/middlewares/validators/videos/video-playlists.ts b/server/middlewares/validators/videos/video-playlists.ts index 0d2e6e90c..5ee7ee0ce 100644 --- a/server/middlewares/validators/videos/video-playlists.ts +++ b/server/middlewares/validators/videos/video-playlists.ts
@@ -11,6 +11,7 @@ import {
11	isIdOrUUIDValid,	11	isIdOrUUIDValid,
12	isIdValid,	12	isIdValid,
13	isUUIDValid,	13	isUUIDValid,
		14	toCompleteUUID,
14	toIntArray,	15	toIntArray,
15	toIntOrNull,	16	toIntOrNull,
16	toValueOrNull	17	toValueOrNull
@@ -29,7 +30,14 @@ import { CONSTRAINTS_FIELDS } from '../../../initializers/constants'
29	import { VideoPlaylistElementModel } from '../../../models/video/video-playlist-element'	30	import { VideoPlaylistElementModel } from '../../../models/video/video-playlist-element'
30	import { MVideoPlaylist } from '../../../types/models/video/video-playlist'	31	import { MVideoPlaylist } from '../../../types/models/video/video-playlist'
31	import { authenticatePromiseIfNeeded } from '../../auth'	32	import { authenticatePromiseIfNeeded } from '../../auth'
32	import { areValidationErrors, doesVideoChannelIdExist, doesVideoExist, doesVideoPlaylistExist, VideoPlaylistFetchType } from '../shared'	33	import {
		34	areValidationErrors,
		35	doesVideoChannelIdExist,
		36	doesVideoExist,
		37	doesVideoPlaylistExist,
		38	isValidPlaylistIdParam,
		39	VideoPlaylistFetchType
		40	} from '../shared'
33		41
34	const videoPlaylistsAddValidator = getCommonPlaylistEditAttributes().concat([	42	const videoPlaylistsAddValidator = getCommonPlaylistEditAttributes().concat([
35	body('displayName')	43	body('displayName')
@@ -43,10 +51,13 @@ const videoPlaylistsAddValidator = getCommonPlaylistEditAttributes().concat([
43	const body: VideoPlaylistCreate = req.body	51	const body: VideoPlaylistCreate = req.body
44	if (body.videoChannelId && !await doesVideoChannelIdExist(body.videoChannelId, res)) return cleanUpReqFiles(req)	52	if (body.videoChannelId && !await doesVideoChannelIdExist(body.videoChannelId, res)) return cleanUpReqFiles(req)
45		53
46	if (body.privacy === VideoPlaylistPrivacy.PUBLIC && !body.videoChannelId) {	54	if (
		55	!body.videoChannelId &&
		56	(body.privacy === VideoPlaylistPrivacy.PUBLIC \|\| body.privacy === VideoPlaylistPrivacy.UNLISTED)
		57	) {
47	cleanUpReqFiles(req)	58	cleanUpReqFiles(req)
48		59
49	return res.fail({ message: 'Cannot set "public" a playlist that is not assigned to a channel.' })	60	return res.fail({ message: 'Cannot set "public" or "unlisted" a playlist that is not assigned to a channel.' })
50	}	61	}
51		62
52	return next()	63	return next()
@@ -54,8 +65,7 @@ const videoPlaylistsAddValidator = getCommonPlaylistEditAttributes().concat([
54	])	65	])
55		66
56	const videoPlaylistsUpdateValidator = getCommonPlaylistEditAttributes().concat([	67	const videoPlaylistsUpdateValidator = getCommonPlaylistEditAttributes().concat([
57	param('playlistId')	68	isValidPlaylistIdParam('playlistId'),
58	.custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
59		69
60	body('displayName')	70	body('displayName')
61	.optional()	71	.optional()
@@ -101,8 +111,7 @@ const videoPlaylistsUpdateValidator = getCommonPlaylistEditAttributes().concat([
101	])	111	])
102		112
103	const videoPlaylistsDeleteValidator = [	113	const videoPlaylistsDeleteValidator = [
104	param('playlistId')	114	isValidPlaylistIdParam('playlistId'),
105	.custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
106		115
107	async (req: express.Request, res: express.Response, next: express.NextFunction) => {	116	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
108	logger.debug('Checking videoPlaylistsDeleteValidator parameters', { parameters: req.params })	117	logger.debug('Checking videoPlaylistsDeleteValidator parameters', { parameters: req.params })
@@ -126,8 +135,7 @@ const videoPlaylistsDeleteValidator = [
126		135
127	const videoPlaylistsGetValidator = (fetchType: VideoPlaylistFetchType) => {	136	const videoPlaylistsGetValidator = (fetchType: VideoPlaylistFetchType) => {
128	return [	137	return [
129	param('playlistId')	138	isValidPlaylistIdParam('playlistId'),
130	.custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
131		139
132	async (req: express.Request, res: express.Response, next: express.NextFunction) => {	140	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
133	logger.debug('Checking videoPlaylistsGetValidator parameters', { parameters: req.params })	141	logger.debug('Checking videoPlaylistsGetValidator parameters', { parameters: req.params })
@@ -184,9 +192,10 @@ const videoPlaylistsSearchValidator = [
184	]	192	]
185		193
186	const videoPlaylistsAddVideoValidator = [	194	const videoPlaylistsAddVideoValidator = [
187	param('playlistId')	195	isValidPlaylistIdParam('playlistId'),
188	.custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),	196
189	body('videoId')	197	body('videoId')
		198	.customSanitizer(toCompleteUUID)
190	.custom(isIdOrUUIDValid).withMessage('Should have a valid video id/uuid'),	199	.custom(isIdOrUUIDValid).withMessage('Should have a valid video id/uuid'),
191	body('startTimestamp')	200	body('startTimestamp')
192	.optional()	201	.optional()
@@ -214,9 +223,9 @@ const videoPlaylistsAddVideoValidator = [
214	]	223	]
215		224
216	const videoPlaylistsUpdateOrRemoveVideoValidator = [	225	const videoPlaylistsUpdateOrRemoveVideoValidator = [
217	param('playlistId')	226	isValidPlaylistIdParam('playlistId'),
218	.custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
219	param('playlistElementId')	227	param('playlistElementId')
		228	.customSanitizer(toCompleteUUID)
220	.custom(isIdValid).withMessage('Should have an element id/uuid'),	229	.custom(isIdValid).withMessage('Should have an element id/uuid'),
221	body('startTimestamp')	230	body('startTimestamp')
222	.optional()	231	.optional()
@@ -251,8 +260,7 @@ const videoPlaylistsUpdateOrRemoveVideoValidator = [
251	]	260	]
252		261
253	const videoPlaylistElementAPGetValidator = [	262	const videoPlaylistElementAPGetValidator = [
254	param('playlistId')	263	isValidPlaylistIdParam('playlistId'),
255	.custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
256	param('playlistElementId')	264	param('playlistElementId')
257	.custom(isIdValid).withMessage('Should have an playlist element id'),	265	.custom(isIdValid).withMessage('Should have an playlist element id'),
258		266
@@ -287,8 +295,7 @@ const videoPlaylistElementAPGetValidator = [
287	]	295	]
288		296
289	const videoPlaylistsReorderVideosValidator = [	297	const videoPlaylistsReorderVideosValidator = [
290	param('playlistId')	298	isValidPlaylistIdParam('playlistId'),
291	.custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
292	body('startPosition')	299	body('startPosition')
293	.isInt({ min: 1 }).withMessage('Should have a valid start position'),	300	.isInt({ min: 1 }).withMessage('Should have a valid start position'),
294	body('insertAfterPosition')	301	body('insertAfterPosition')