diff options
Diffstat (limited to 'server/middlewares/validators/videos/videos.ts')
-rw-r--r-- | server/middlewares/validators/videos/videos.ts | 23 |
1 files changed, 12 insertions, 11 deletions
diff --git a/server/middlewares/validators/videos/videos.ts b/server/middlewares/validators/videos/videos.ts index af0072d73..9834f714b 100644 --- a/server/middlewares/validators/videos/videos.ts +++ b/server/middlewares/validators/videos/videos.ts | |||
@@ -51,6 +51,7 @@ import { AccountModel } from '../../../models/account/account' | |||
51 | import { VideoModel } from '../../../models/video/video' | 51 | import { VideoModel } from '../../../models/video/video' |
52 | import { authenticatePromiseIfNeeded } from '../../oauth' | 52 | import { authenticatePromiseIfNeeded } from '../../oauth' |
53 | import { areValidationErrors } from '../utils' | 53 | import { areValidationErrors } from '../utils' |
54 | import { HttpStatusCode } from '../../../../shared/core-utils/miscs/http-error-codes' | ||
54 | 55 | ||
55 | const videosAddValidator = getCommonVideoEditAttributes().concat([ | 56 | const videosAddValidator = getCommonVideoEditAttributes().concat([ |
56 | body('videofile') | 57 | body('videofile') |
@@ -75,7 +76,7 @@ const videosAddValidator = getCommonVideoEditAttributes().concat([ | |||
75 | if (!await doesVideoChannelOfAccountExist(req.body.channelId, user, res)) return cleanUpReqFiles(req) | 76 | if (!await doesVideoChannelOfAccountExist(req.body.channelId, user, res)) return cleanUpReqFiles(req) |
76 | 77 | ||
77 | if (await isAbleToUploadVideo(user.id, videoFile.size) === false) { | 78 | if (await isAbleToUploadVideo(user.id, videoFile.size) === false) { |
78 | res.status(403) | 79 | res.status(HttpStatusCode.FORBIDDEN_403) |
79 | .json({ error: 'The user video quota is exceeded with this video.' }) | 80 | .json({ error: 'The user video quota is exceeded with this video.' }) |
80 | 81 | ||
81 | return cleanUpReqFiles(req) | 82 | return cleanUpReqFiles(req) |
@@ -87,7 +88,7 @@ const videosAddValidator = getCommonVideoEditAttributes().concat([ | |||
87 | duration = await getDurationFromVideoFile(videoFile.path) | 88 | duration = await getDurationFromVideoFile(videoFile.path) |
88 | } catch (err) { | 89 | } catch (err) { |
89 | logger.error('Invalid input file in videosAddValidator.', { err }) | 90 | logger.error('Invalid input file in videosAddValidator.', { err }) |
90 | res.status(400) | 91 | res.status(HttpStatusCode.BAD_REQUEST_400) |
91 | .json({ error: 'Invalid input file.' }) | 92 | .json({ error: 'Invalid input file.' }) |
92 | 93 | ||
93 | return cleanUpReqFiles(req) | 94 | return cleanUpReqFiles(req) |
@@ -147,7 +148,7 @@ async function checkVideoFollowConstraints (req: express.Request, res: express.R | |||
147 | const serverActor = await getServerActor() | 148 | const serverActor = await getServerActor() |
148 | if (await VideoModel.checkVideoHasInstanceFollow(video.id, serverActor.id) === true) return next() | 149 | if (await VideoModel.checkVideoHasInstanceFollow(video.id, serverActor.id) === true) return next() |
149 | 150 | ||
150 | return res.status(403) | 151 | return res.status(HttpStatusCode.FORBIDDEN_403) |
151 | .json({ | 152 | .json({ |
152 | errorCode: ServerErrorCode.DOES_NOT_RESPECT_FOLLOW_CONSTRAINTS, | 153 | errorCode: ServerErrorCode.DOES_NOT_RESPECT_FOLLOW_CONSTRAINTS, |
153 | error: 'Cannot get this video regarding follow constraints.', | 154 | error: 'Cannot get this video regarding follow constraints.', |
@@ -182,7 +183,7 @@ const videosCustomGetValidator = ( | |||
182 | 183 | ||
183 | // Only the owner or a user that have blacklist rights can see the video | 184 | // Only the owner or a user that have blacklist rights can see the video |
184 | if (!user || !user.canGetVideo(videoAll)) { | 185 | if (!user || !user.canGetVideo(videoAll)) { |
185 | return res.status(403) | 186 | return res.status(HttpStatusCode.FORBIDDEN_403) |
186 | .json({ error: 'Cannot get this private/internal or blacklisted video.' }) | 187 | .json({ error: 'Cannot get this private/internal or blacklisted video.' }) |
187 | } | 188 | } |
188 | 189 | ||
@@ -197,7 +198,7 @@ const videosCustomGetValidator = ( | |||
197 | if (isUUIDValid(req.params.id)) return next() | 198 | if (isUUIDValid(req.params.id)) return next() |
198 | 199 | ||
199 | // Don't leak this unlisted video | 200 | // Don't leak this unlisted video |
200 | return res.status(404).end() | 201 | return res.status(HttpStatusCode.NOT_FOUND_404).end() |
201 | } | 202 | } |
202 | } | 203 | } |
203 | ] | 204 | ] |
@@ -250,7 +251,7 @@ const videosChangeOwnershipValidator = [ | |||
250 | 251 | ||
251 | const nextOwner = await AccountModel.loadLocalByName(req.body.username) | 252 | const nextOwner = await AccountModel.loadLocalByName(req.body.username) |
252 | if (!nextOwner) { | 253 | if (!nextOwner) { |
253 | res.status(400) | 254 | res.status(HttpStatusCode.BAD_REQUEST_400) |
254 | .json({ error: 'Changing video ownership to a remote account is not supported yet' }) | 255 | .json({ error: 'Changing video ownership to a remote account is not supported yet' }) |
255 | 256 | ||
256 | return | 257 | return |
@@ -276,7 +277,7 @@ const videosTerminateChangeOwnershipValidator = [ | |||
276 | const videoChangeOwnership = res.locals.videoChangeOwnership | 277 | const videoChangeOwnership = res.locals.videoChangeOwnership |
277 | 278 | ||
278 | if (videoChangeOwnership.status !== VideoChangeOwnershipStatus.WAITING) { | 279 | if (videoChangeOwnership.status !== VideoChangeOwnershipStatus.WAITING) { |
279 | res.status(403) | 280 | res.status(HttpStatusCode.FORBIDDEN_403) |
280 | .json({ error: 'Ownership already accepted or refused' }) | 281 | .json({ error: 'Ownership already accepted or refused' }) |
281 | return | 282 | return |
282 | } | 283 | } |
@@ -294,7 +295,7 @@ const videosAcceptChangeOwnershipValidator = [ | |||
294 | const videoChangeOwnership = res.locals.videoChangeOwnership | 295 | const videoChangeOwnership = res.locals.videoChangeOwnership |
295 | const isAble = await isAbleToUploadVideo(user.id, videoChangeOwnership.Video.getMaxQualityFile().size) | 296 | const isAble = await isAbleToUploadVideo(user.id, videoChangeOwnership.Video.getMaxQualityFile().size) |
296 | if (isAble === false) { | 297 | if (isAble === false) { |
297 | res.status(403) | 298 | res.status(HttpStatusCode.FORBIDDEN_403) |
298 | .json({ error: 'The user video quota is exceeded with this video.' }) | 299 | .json({ error: 'The user video quota is exceeded with this video.' }) |
299 | 300 | ||
300 | return | 301 | return |
@@ -433,7 +434,7 @@ const commonVideosFiltersValidator = [ | |||
433 | (req.query.filter === 'all-local' || req.query.filter === 'all') && | 434 | (req.query.filter === 'all-local' || req.query.filter === 'all') && |
434 | (!user || user.hasRight(UserRight.SEE_ALL_VIDEOS) === false) | 435 | (!user || user.hasRight(UserRight.SEE_ALL_VIDEOS) === false) |
435 | ) { | 436 | ) { |
436 | res.status(401) | 437 | res.status(HttpStatusCode.UNAUTHORIZED_401) |
437 | .json({ error: 'You are not allowed to see all local videos.' }) | 438 | .json({ error: 'You are not allowed to see all local videos.' }) |
438 | 439 | ||
439 | return | 440 | return |
@@ -473,7 +474,7 @@ function areErrorsInScheduleUpdate (req: express.Request, res: express.Response) | |||
473 | if (!req.body.scheduleUpdate.updateAt) { | 474 | if (!req.body.scheduleUpdate.updateAt) { |
474 | logger.warn('Invalid parameters: scheduleUpdate.updateAt is mandatory.') | 475 | logger.warn('Invalid parameters: scheduleUpdate.updateAt is mandatory.') |
475 | 476 | ||
476 | res.status(400) | 477 | res.status(HttpStatusCode.BAD_REQUEST_400) |
477 | .json({ error: 'Schedule update at is mandatory.' }) | 478 | .json({ error: 'Schedule update at is mandatory.' }) |
478 | 479 | ||
479 | return true | 480 | return true |
@@ -498,7 +499,7 @@ async function isVideoAccepted (req: express.Request, res: express.Response, vid | |||
498 | 499 | ||
499 | if (!acceptedResult || acceptedResult.accepted !== true) { | 500 | if (!acceptedResult || acceptedResult.accepted !== true) { |
500 | logger.info('Refused local video.', { acceptedResult, acceptParameters }) | 501 | logger.info('Refused local video.', { acceptedResult, acceptParameters }) |
501 | res.status(403) | 502 | res.status(HttpStatusCode.FORBIDDEN_403) |
502 | .json({ error: acceptedResult.errorMessage || 'Refused local video' }) | 503 | .json({ error: acceptedResult.errorMessage || 'Refused local video' }) |
503 | 504 | ||
504 | return false | 505 | return false |