7 files changed, 267 insertions, 116 deletions
diff --git a/server/middlewares/validators/videos/index.ts b/server/middlewares/validators/videos/index.ts
index 0c824c314..8c6fc49b1 100644
--- a/server/middlewares/validators/videos/index.ts
+++ b/server/middlewares/validators/videos/index.ts
@@ -1,12 +1,13 @@
 export * from './video-blacklist'
 export * from './video-captions'
+export * from './video-channel-sync'
 export * from './video-channels'
 export * from './video-comments'
 export * from './video-files'
 export * from './video-imports'
 export * from './video-live'
 export * from './video-ownership-changes'
-export * from './video-view'
+export * from './video-passwords'
 export * from './video-rates'
 export * from './video-shares'
 export * from './video-source'
@@ -14,6 +15,5 @@ export * from './video-stats'
 export * from './video-studio'
 export * from './video-token'
 export * from './video-transcoding'
+export * from './video-view'
 export * from './videos'
-export * from './video-channel-sync'
-export * from './video-passwords'
diff --git a/server/middlewares/validators/videos/shared/index.ts b/server/middlewares/validators/videos/shared/index.ts
new file mode 100644
index 000000000..eb11dcc6a
--- /dev/null
+++ b/server/middlewares/validators/videos/shared/index.ts
@@ -0,0 +1,2 @@
+export * from './upload'
+export * from './video-validators'
diff --git a/server/middlewares/validators/videos/shared/upload.ts b/server/middlewares/validators/videos/shared/upload.ts
new file mode 100644
index 000000000..ea0dddc3c
--- /dev/null
+++ b/server/middlewares/validators/videos/shared/upload.ts
@@ -0,0 +1,39 @@
+import express from 'express'
+import { logger } from '@server/helpers/logger'
+import { getVideoStreamDuration } from '@shared/ffmpeg'
+import { HttpStatusCode } from '@shared/models'
+export async function addDurationToVideoFileIfNeeded (options: {
+  res: express.Response
+  videoFile: { path: string, duration?: number }
+  middlewareName: string
+}) {
+  const { res, middlewareName, videoFile } = options
+  try {
+    if (!videoFile.duration) await addDurationToVideo(videoFile)
+  } catch (err) {
+    logger.error('Invalid input file in ' + middlewareName, { err })
+    res.fail({
+      status: HttpStatusCode.UNPROCESSABLE_ENTITY_422,
+      message: 'Video file unreadable.'
+    })
+    return false
+  }
+  return true
+}
+// ---------------------------------------------------------------------------
+// Private
+// ---------------------------------------------------------------------------
+async function addDurationToVideo (videoFile: { path: string, duration?: number }) {
+  const duration = await getVideoStreamDuration(videoFile.path)
+  // FFmpeg may not be able to guess video duration
+  // For example with m2v files: https://trac.ffmpeg.org/ticket/9726#comment:2
+  if (isNaN(duration)) videoFile.duration = 0
+  else videoFile.duration = duration
+}
diff --git a/server/middlewares/validators/videos/shared/video-validators.ts b/server/middlewares/validators/videos/shared/video-validators.ts
new file mode 100644
index 000000000..72536011d
--- /dev/null
+++ b/server/middlewares/validators/videos/shared/video-validators.ts
@@ -0,0 +1,104 @@
+import express from 'express'
+import { isVideoFileMimeTypeValid, isVideoFileSizeValid } from '@server/helpers/custom-validators/videos'
+import { logger } from '@server/helpers/logger'
+import { CONSTRAINTS_FIELDS } from '@server/initializers/constants'
+import { isLocalVideoFileAccepted } from '@server/lib/moderation'
+import { Hooks } from '@server/lib/plugins/hooks'
+import { MUserAccountId, MVideo } from '@server/types/models'
+import { HttpStatusCode, ServerErrorCode, ServerFilterHookName, VideoState } from '@shared/models'
+import { checkUserQuota } from '../../shared'
+export async function commonVideoFileChecks (options: {
+  res: express.Response
+  user: MUserAccountId
+  videoFileSize: number
+  files: express.UploadFilesForCheck
+}): Promise<boolean> {
+  const { res, user, videoFileSize, files } = options
+  if (!isVideoFileMimeTypeValid(files)) {
+    res.fail({
+      status: HttpStatusCode.UNSUPPORTED_MEDIA_TYPE_415,
+      message: 'This file is not supported. Please, make sure it is of the following type: ' +
+               CONSTRAINTS_FIELDS.VIDEOS.EXTNAME.join(', ')
+    })
+    return false
+  }
+  if (!isVideoFileSizeValid(videoFileSize.toString())) {
+    res.fail({
+      status: HttpStatusCode.PAYLOAD_TOO_LARGE_413,
+      message: 'This file is too large. It exceeds the maximum file size authorized.',
+      type: ServerErrorCode.MAX_FILE_SIZE_REACHED
+    })
+    return false
+  }
+  if (await checkUserQuota(user, videoFileSize, res) === false) return false
+  return true
+}
+export async function isVideoFileAccepted (options: {
+  req: express.Request
+  res: express.Response
+  videoFile: express.VideoUploadFile
+  hook: Extract<ServerFilterHookName, 'filter:api.video.upload.accept.result' | 'filter:api.video.update-file.accept.result'>
+}) {
+  const { req, res, videoFile } = options
+  // Check we accept this video
+  const acceptParameters = {
+    videoBody: req.body,
+    videoFile,
+    user: res.locals.oauth.token.User
+  }
+  const acceptedResult = await Hooks.wrapFun(
+    isLocalVideoFileAccepted,
+    acceptParameters,
+    'filter:api.video.upload.accept.result'
+  )
+  if (!acceptedResult || acceptedResult.accepted !== true) {
+    logger.info('Refused local video file.', { acceptedResult, acceptParameters })
+    res.fail({
+      status: HttpStatusCode.FORBIDDEN_403,
+      message: acceptedResult.errorMessage || 'Refused local video file'
+    })
+    return false
+  }
+  return true
+}
+export function checkVideoFileCanBeEdited (video: MVideo, res: express.Response) {
+  if (video.isLive) {
+    res.fail({
+      status: HttpStatusCode.BAD_REQUEST_400,
+      message: 'Cannot edit a live video'
+    })
+    return false
+  }
+  if (video.state === VideoState.TO_TRANSCODE || video.state === VideoState.TO_EDIT) {
+    res.fail({
+      status: HttpStatusCode.CONFLICT_409,
+      message: 'Cannot edit video that is already waiting for transcoding/edition'
+    })
+    return false
+  }
+  const validStates = new Set([ VideoState.PUBLISHED, VideoState.TO_MOVE_TO_EXTERNAL_STORAGE_FAILED, VideoState.TRANSCODING_FAILED ])
+  if (!validStates.has(video.state)) {
+    res.fail({
+      status: HttpStatusCode.BAD_REQUEST_400,
+      message: 'Video state is not compatible with edition'
+    })
+    return false
+  }
+  return true
+}
diff --git a/server/middlewares/validators/videos/video-source.ts b/server/middlewares/validators/videos/video-source.ts
index c6d8f1a81..bbccb58b0 100644
--- a/server/middlewares/validators/videos/video-source.ts
+++ b/server/middlewares/validators/videos/video-source.ts
@@ -1,20 +1,31 @@
 import express from 'express'
+import { body, header } from 'express-validator'
+import { getResumableUploadPath } from '@server/helpers/upload'
 import { getVideoWithAttributes } from '@server/helpers/video'
+import { CONFIG } from '@server/initializers/config'
+import { uploadx } from '@server/lib/uploadx'
 import { VideoSourceModel } from '@server/models/video/video-source'
 import { MVideoFullLight } from '@server/types/models'
 import { HttpStatusCode, UserRight } from '@shared/models'
+import { Metadata as UploadXMetadata } from '@uploadx/core'
+import { logger } from '../../../helpers/logger'
 import { areValidationErrors, checkUserCanManageVideo, doesVideoExist, isValidVideoIdParam } from '../shared'
+import { addDurationToVideoFileIfNeeded, checkVideoFileCanBeEdited, commonVideoFileChecks, isVideoFileAccepted } from './shared'
-const videoSourceGetValidator = [
+export const videoSourceGetLatestValidator = [
  isValidVideoIdParam('id'),
  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    if (areValidationErrors(req, res)) return
-    if (!await doesVideoExist(req.params.id, res, 'for-api')) return
+    if (!await doesVideoExist(req.params.id, res, 'all')) return
    const video = getVideoWithAttributes(res) as MVideoFullLight
-    res.locals.videoSource = await VideoSourceModel.loadByVideoId(video.id)
+    const user = res.locals.oauth.token.User
+    if (!checkUserCanManageVideo(user, video, UserRight.UPDATE_ANY_VIDEO, res)) return
+    res.locals.videoSource = await VideoSourceModel.loadLatest(video.id)
    if (!res.locals.videoSource) {
      return res.fail({
        status: HttpStatusCode.NOT_FOUND_404,
@@ -22,13 +33,98 @@ const videoSourceGetValidator = [
      })
    }
+    return next()
+  }
+]
+export const replaceVideoSourceResumableValidator = [
+  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    const body: express.CustomUploadXFile<UploadXMetadata> = req.body
+    const file = { ...body, duration: undefined, path: getResumableUploadPath(body.name), filename: body.metadata.filename }
+    const cleanup = () => uploadx.storage.delete(file).catch(err => logger.error('Cannot delete the file %s', file.name, { err }))
+    if (!await checkCanUpdateVideoFile({ req, res })) {
+      return cleanup()
+    }
+    if (!await addDurationToVideoFileIfNeeded({ videoFile: file, res, middlewareName: 'updateVideoFileResumableValidator' })) {
+      return cleanup()
+    }
+    if (!await isVideoFileAccepted({ req, res, videoFile: file, hook: 'filter:api.video.update-file.accept.result' })) {
+      return cleanup()
+    }
+    res.locals.updateVideoFileResumable = { ...file, originalname: file.filename }
+    return next()
+  }
+]
+export const replaceVideoSourceResumableInitValidator = [
+  body('filename')
+    .exists(),
+  header('x-upload-content-length')
+    .isNumeric()
+    .exists()
+    .withMessage('Should specify the file length'),
+  header('x-upload-content-type')
+    .isString()
+    .exists()
+    .withMessage('Should specify the file mimetype'),
+  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    const user = res.locals.oauth.token.User
-    if (!checkUserCanManageVideo(user, video, UserRight.UPDATE_ANY_VIDEO, res)) return
+    logger.debug('Checking updateVideoFileResumableInitValidator parameters and headers', {
+      parameters: req.body,
+      headers: req.headers
+    })
+    if (areValidationErrors(req, res, { omitLog: true })) return
+    if (!await checkCanUpdateVideoFile({ req, res })) return
+    const videoFileMetadata = {
+      mimetype: req.headers['x-upload-content-type'] as string,
+      size: +req.headers['x-upload-content-length'],
+      originalname: req.body.filename
+    }
+    const files = { videofile: [ videoFileMetadata ] }
+    if (await commonVideoFileChecks({ res, user, videoFileSize: videoFileMetadata.size, files }) === false) return
    return next()
  }
 ]
-export {
+// ---------------------------------------------------------------------------
-  videoSourceGetValidator
+// Private
+// ---------------------------------------------------------------------------
+async function checkCanUpdateVideoFile (options: {
+  req: express.Request
+  res: express.Response
+}) {
+  const { req, res } = options
+  if (!CONFIG.VIDEO_FILE.UPDATE.ENABLED) {
+    res.fail({
+      status: HttpStatusCode.FORBIDDEN_403,
+      message: 'Updating the file of an existing video is not allowed on this instance'
+    })
+    return false
+  }
+  if (!await doesVideoExist(req.params.id, res)) return false
+  const user = res.locals.oauth.token.User
+  const video = res.locals.videoAll
+  if (!checkUserCanManageVideo(user, video, UserRight.UPDATE_ANY_VIDEO, res)) return false
+  if (!checkVideoFileCanBeEdited(video, res)) return false
+  return true
 }
diff --git a/server/middlewares/validators/videos/video-studio.ts b/server/middlewares/validators/videos/video-studio.ts
index 7a68f88e5..a375af60a 100644
--- a/server/middlewares/validators/videos/video-studio.ts
+++ b/server/middlewares/validators/videos/video-studio.ts
@@ -11,8 +11,9 @@ import { cleanUpReqFiles } from '@server/helpers/express-utils'
 import { CONFIG } from '@server/initializers/config'
 import { approximateIntroOutroAdditionalSize, getTaskFileFromReq } from '@server/lib/video-studio'
 import { isAudioFile } from '@shared/ffmpeg'
-import { HttpStatusCode, UserRight, VideoState, VideoStudioCreateEdition, VideoStudioTask } from '@shared/models'
+import { HttpStatusCode, UserRight, VideoStudioCreateEdition, VideoStudioTask } from '@shared/models'
 import { areValidationErrors, checkUserCanManageVideo, checkUserQuota, doesVideoExist } from '../shared'
+import { checkVideoFileCanBeEdited } from './shared'
 const videoStudioAddEditionValidator = [
  param('videoId')
@@ -66,14 +67,7 @@ const videoStudioAddEditionValidator = [
    if (!await doesVideoExist(req.params.videoId, res)) return cleanUpReqFiles(req)
    const video = res.locals.videoAll
-    if (video.state === VideoState.TO_TRANSCODE || video.state === VideoState.TO_EDIT) {
+    if (!checkVideoFileCanBeEdited(video, res)) return cleanUpReqFiles(req)
-      res.fail({
-        status: HttpStatusCode.CONFLICT_409,
-        message: 'Cannot edit video that is already waiting for transcoding/edition'
-      })
-      return cleanUpReqFiles(req)
-    }
    const user = res.locals.oauth.token.User
    if (!checkUserCanManageVideo(user, video, UserRight.UPDATE_ANY_VIDEO, res)) return cleanUpReqFiles(req)
diff --git a/server/middlewares/validators/videos/videos.ts b/server/middlewares/validators/videos/videos.ts
index b39d13a23..aea3453b5 100644
--- a/server/middlewares/validators/videos/videos.ts
+++ b/server/middlewares/validators/videos/videos.ts
@@ -2,13 +2,12 @@ import express from 'express'
 import { body, header, param, query, ValidationChain } from 'express-validator'
 import { isTestInstance } from '@server/helpers/core-utils'
 import { getResumableUploadPath } from '@server/helpers/upload'
-import { uploadx } from '@server/lib/uploadx'
 import { Redis } from '@server/lib/redis'
+import { uploadx } from '@server/lib/uploadx'
 import { getServerActor } from '@server/models/application/application'
 import { ExpressPromiseHandler } from '@server/types/express-handler'
 import { MUserAccountId, MVideoFullLight } from '@server/types/models'
 import { arrayify, getAllPrivacies } from '@shared/core-utils'
-import { getVideoStreamDuration } from '@shared/ffmpeg'
 import { HttpStatusCode, ServerErrorCode, UserRight, VideoInclude, VideoState } from '@shared/models'
 import {
  exists,
@@ -27,8 +26,6 @@ import {
  isValidPasswordProtectedPrivacy,
  isVideoCategoryValid,
  isVideoDescriptionValid,
-  isVideoFileMimeTypeValid,
-  isVideoFileSizeValid,
  isVideoFilterValid,
  isVideoImageValid,
  isVideoIncludeValid,
@@ -44,21 +41,19 @@ import { logger } from '../../../helpers/logger'
 import { getVideoWithAttributes } from '../../../helpers/video'
 import { CONFIG } from '../../../initializers/config'
 import { CONSTRAINTS_FIELDS, OVERVIEWS } from '../../../initializers/constants'
-import { isLocalVideoAccepted } from '../../../lib/moderation'
-import { Hooks } from '../../../lib/plugins/hooks'
 import { VideoModel } from '../../../models/video/video'
 import {
  areValidationErrors,
  checkCanAccessVideoStaticFiles,
  checkCanSeeVideo,
  checkUserCanManageVideo,
-  checkUserQuota,
  doesVideoChannelOfAccountExist,
  doesVideoExist,
  doesVideoFileOfVideoExist,
  isValidVideoIdParam,
  isValidVideoPasswordHeader
 } from '../shared'
+import { addDurationToVideoFileIfNeeded, commonVideoFileChecks, isVideoFileAccepted } from './shared'
 const videosAddLegacyValidator = getCommonVideoEditAttributes().concat([
  body('videofile')
@@ -83,26 +78,15 @@ const videosAddLegacyValidator = getCommonVideoEditAttributes().concat([
    const videoFile: express.VideoUploadFile = req.files['videofile'][0]
    const user = res.locals.oauth.token.User
-    if (!await commonVideoChecksPass({ req, res, user, videoFileSize: videoFile.size, files: req.files })) {
+    if (
+      !await commonVideoChecksPass({ req, res, user, videoFileSize: videoFile.size, files: req.files }) ||
+      !isValidPasswordProtectedPrivacy(req, res) ||
+      !await addDurationToVideoFileIfNeeded({ videoFile, res, middlewareName: 'videosAddvideosAddLegacyValidatorResumableValidator' }) ||
+      !await isVideoFileAccepted({ req, res, videoFile, hook: 'filter:api.video.upload.accept.result' })
+    ) {
      return cleanUpReqFiles(req)
    }
-    if (!isValidPasswordProtectedPrivacy(req, res)) return cleanUpReqFiles(req)
-    try {
-      if (!videoFile.duration) await addDurationToVideo(videoFile)
-    } catch (err) {
-      logger.error('Invalid input file in videosAddLegacyValidator.', { err })
-      res.fail({
-        status: HttpStatusCode.UNPROCESSABLE_ENTITY_422,
-        message: 'Video file unreadable.'
-      })
-      return cleanUpReqFiles(req)
-    }
-    if (!await isVideoAccepted(req, res, videoFile)) return cleanUpReqFiles(req)
    return next()
  }
 ])
@@ -146,22 +130,10 @@ const videosAddResumableValidator = [
    await Redis.Instance.setUploadSession(uploadId)
    if (!await doesVideoChannelOfAccountExist(file.metadata.channelId, user, res)) return cleanup()
+    if (!await addDurationToVideoFileIfNeeded({ videoFile: file, res, middlewareName: 'videosAddResumableValidator' })) return cleanup()
+    if (!await isVideoFileAccepted({ req, res, videoFile: file, hook: 'filter:api.video.upload.accept.result' })) return cleanup()
-    try {
+    res.locals.uploadVideoFileResumable = { ...file, originalname: file.filename }
-      if (!file.duration) await addDurationToVideo(file)
-    } catch (err) {
-      logger.error('Invalid input file in videosAddResumableValidator.', { err })
-      res.fail({
-        status: HttpStatusCode.UNPROCESSABLE_ENTITY_422,
-        message: 'Video file unreadable.'
-      })
-      return cleanup()
-    }
-    if (!await isVideoAccepted(req, res, file)) return cleanup()
-    res.locals.videoFileResumable = { ...file, originalname: file.filename }
    return next()
  }
@@ -604,76 +576,20 @@ function areErrorsInScheduleUpdate (req: express.Request, res: express.Response)
  return false
 }
-async function commonVideoChecksPass (parameters: {
+async function commonVideoChecksPass (options: {
  req: express.Request
  res: express.Response
  user: MUserAccountId
  videoFileSize: number
  files: express.UploadFilesForCheck
 }): Promise<boolean> {
-  const { req, res, user, videoFileSize, files } = parameters
+  const { req, res, user } = options
  if (areErrorsInScheduleUpdate(req, res)) return false
  if (!await doesVideoChannelOfAccountExist(req.body.channelId, user, res)) return false
-  if (!isVideoFileMimeTypeValid(files)) {
+  if (!await commonVideoFileChecks(options)) return false
-    res.fail({
-      status: HttpStatusCode.UNSUPPORTED_MEDIA_TYPE_415,
-      message: 'This file is not supported. Please, make sure it is of the following type: ' +
-               CONSTRAINTS_FIELDS.VIDEOS.EXTNAME.join(', ')
-    })
-    return false
-  }
-  if (!isVideoFileSizeValid(videoFileSize.toString())) {
-    res.fail({
-      status: HttpStatusCode.PAYLOAD_TOO_LARGE_413,
-      message: 'This file is too large. It exceeds the maximum file size authorized.',
-      type: ServerErrorCode.MAX_FILE_SIZE_REACHED
-    })
-    return false
-  }
-  if (await checkUserQuota(user, videoFileSize, res) === false) return false
-  return true
-}
-export async function isVideoAccepted (
-  req: express.Request,
-  res: express.Response,
-  videoFile: express.VideoUploadFile
-) {
-  // Check we accept this video
-  const acceptParameters = {
-    videoBody: req.body,
-    videoFile,
-    user: res.locals.oauth.token.User
-  }
-  const acceptedResult = await Hooks.wrapFun(
-    isLocalVideoAccepted,
-    acceptParameters,
-    'filter:api.video.upload.accept.result'
-  )
-  if (!acceptedResult || acceptedResult.accepted !== true) {
-    logger.info('Refused local video.', { acceptedResult, acceptParameters })
-    res.fail({
-      status: HttpStatusCode.FORBIDDEN_403,
-      message: acceptedResult.errorMessage || 'Refused local video'
-    })
-    return false
-  }
  return true
 }
-async function addDurationToVideo (videoFile: { path: string, duration?: number }) {
-  const duration = await getVideoStreamDuration(videoFile.path)
-  // FFmpeg may not be able to guess video duration
-  // For example with m2v files: https://trac.ffmpeg.org/ticket/9726#comment:2
-  if (isNaN(duration)) videoFile.duration = 0
-  else videoFile.duration = duration
-}