7 files changed, 182 insertions, 18 deletions
diff --git a/server/middlewares/validators/index.ts b/server/middlewares/validators/index.ts
index 068c41b24..247f6039e 100644
--- a/server/middlewares/validators/index.ts
+++ b/server/middlewares/validators/index.ts
@@ -6,3 +6,4 @@ export * from './sort'
 export * from './users'
 export * from './videos'
 export * from './video-blacklist'
+export * from './video-channels'
diff --git a/server/middlewares/validators/oembed.ts b/server/middlewares/validators/oembed.ts
index 4b8c03faf..f8e34d2d4 100644
--- a/server/middlewares/validators/oembed.ts
+++ b/server/middlewares/validators/oembed.ts
@@ -4,9 +4,12 @@ import { join } from 'path'
 import { checkErrors } from './utils'
 import { CONFIG } from '../../initializers'
-import { logger } from '../../helpers'
+import {
-import { checkVideoExists, isVideoIdOrUUIDValid } from '../../helpers/custom-validators/videos'
+  logger,
-import { isTestInstance } from '../../helpers/core-utils'
+  isTestInstance,
+  checkVideoExists,
+  isIdOrUUIDValid
+} from '../../helpers'
 const urlShouldStartWith = CONFIG.WEBSERVER.SCHEME + '://' + join(CONFIG.WEBSERVER.HOST, 'videos', 'watch') + '/'
 const videoWatchRegex = new RegExp('([^/]+)$')
@@ -45,7 +48,7 @@ const oembedValidator = [
      }
      const videoId = matches[1]
-      if (isVideoIdOrUUIDValid(videoId) === false) {
+      if (isIdOrUUIDValid(videoId) === false) {
        return res.status(400)
                  .json({ error: 'Invalid video id.' })
                  .end()
diff --git a/server/middlewares/validators/sort.ts b/server/middlewares/validators/sort.ts
index 227f309ad..d23a95537 100644
--- a/server/middlewares/validators/sort.ts
+++ b/server/middlewares/validators/sort.ts
@@ -11,12 +11,14 @@ const SORTABLE_USERS_COLUMNS = createSortableColumns(SORTABLE_COLUMNS.USERS)
 const SORTABLE_VIDEO_ABUSES_COLUMNS = createSortableColumns(SORTABLE_COLUMNS.VIDEO_ABUSES)
 const SORTABLE_VIDEOS_COLUMNS = createSortableColumns(SORTABLE_COLUMNS.VIDEOS)
 const SORTABLE_BLACKLISTS_COLUMNS = createSortableColumns(SORTABLE_COLUMNS.BLACKLISTS)
+const SORTABLE_VIDEO_CHANNELS_COLUMNS = createSortableColumns(SORTABLE_COLUMNS.VIDEO_CHANNELS)
 const podsSortValidator = checkSort(SORTABLE_PODS_COLUMNS)
 const usersSortValidator = checkSort(SORTABLE_USERS_COLUMNS)
 const videoAbusesSortValidator = checkSort(SORTABLE_VIDEO_ABUSES_COLUMNS)
 const videosSortValidator = checkSort(SORTABLE_VIDEOS_COLUMNS)
 const blacklistSortValidator = checkSort(SORTABLE_BLACKLISTS_COLUMNS)
+const videoChannelsSortValidator = checkSort(SORTABLE_VIDEO_CHANNELS_COLUMNS)
 // ---------------------------------------------------------------------------
@@ -24,6 +26,7 @@ export {
  podsSortValidator,
  usersSortValidator,
  videoAbusesSortValidator,
+  videoChannelsSortValidator,
  videosSortValidator,
  blacklistSortValidator
 }
diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts
index ab9d0938c..1a33cfd8c 100644
--- a/server/middlewares/validators/users.ts
+++ b/server/middlewares/validators/users.ts
@@ -13,7 +13,7 @@ import {
  isUserPasswordValid,
  isUserVideoQuotaValid,
  isUserDisplayNSFWValid,
-  isVideoIdOrUUIDValid
+  isIdOrUUIDValid
 } from '../../helpers'
 import { UserInstance, VideoInstance } from '../../models'
@@ -109,7 +109,7 @@ const usersGetValidator = [
 ]
 const usersVideoRatingValidator = [
-  param('videoId').custom(isVideoIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid video id'),
+  param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid video id'),
  (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking usersVideoRating parameters', { parameters: req.params })
diff --git a/server/middlewares/validators/video-blacklist.ts b/server/middlewares/validators/video-blacklist.ts
index 30c6d4bd9..3c8c31519 100644
--- a/server/middlewares/validators/video-blacklist.ts
+++ b/server/middlewares/validators/video-blacklist.ts
@@ -3,10 +3,10 @@ import * as express from 'express'
 import { database as db } from '../../initializers/database'
 import { checkErrors } from './utils'
-import { logger, isVideoIdOrUUIDValid, checkVideoExists } from '../../helpers'
+import { logger, isIdOrUUIDValid, checkVideoExists } from '../../helpers'
 const videosBlacklistRemoveValidator = [
-  param('videoId').custom(isVideoIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'),
+  param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'),
  (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking blacklistRemove parameters.', { parameters: req.params })
@@ -20,7 +20,7 @@ const videosBlacklistRemoveValidator = [
 ]
 const videosBlacklistAddValidator = [
-  param('videoId').custom(isVideoIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'),
+  param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'),
  (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking videosBlacklist parameters', { parameters: req.params })
diff --git a/server/middlewares/validators/video-channels.ts b/server/middlewares/validators/video-channels.ts
new file mode 100644
index 000000000..979fbd34a
--- /dev/null
+++ b/server/middlewares/validators/video-channels.ts
@@ -0,0 +1,142 @@
+import { body, param } from 'express-validator/check'
+import * as express from 'express'
+import { checkErrors } from './utils'
+import { database as db } from '../../initializers'
+import {
+  logger,
+  isIdOrUUIDValid,
+  isVideoChannelDescriptionValid,
+  isVideoChannelNameValid,
+  checkVideoChannelExists,
+  checkVideoAuthorExists
+} from '../../helpers'
+const listVideoAuthorChannelsValidator = [
+  param('authorId').custom(isIdOrUUIDValid).withMessage('Should have a valid author id'),
+  (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    logger.debug('Checking listVideoAuthorChannelsValidator parameters', { parameters: req.body })
+    checkErrors(req, res, () => {
+      checkVideoAuthorExists(req.params.authorId, res, next)
+    })
+  }
+]
+const videoChannelsAddValidator = [
+  body('name').custom(isVideoChannelNameValid).withMessage('Should have a valid name'),
+  body('description').custom(isVideoChannelDescriptionValid).withMessage('Should have a valid description'),
+  (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    logger.debug('Checking videoChannelsAdd parameters', { parameters: req.body })
+    checkErrors(req, res, next)
+  }
+]
+const videoChannelsUpdateValidator = [
+  param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
+  body('name').optional().custom(isVideoChannelNameValid).withMessage('Should have a valid name'),
+  body('description').optional().custom(isVideoChannelDescriptionValid).withMessage('Should have a valid description'),
+  (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    logger.debug('Checking videoChannelsUpdate parameters', { parameters: req.body })
+    checkErrors(req, res, () => {
+      checkVideoChannelExists(req.params.id, res, () => {
+        // We need to make additional checks
+        if (res.locals.videoChannel.isOwned() === false) {
+          return res.status(403)
+            .json({ error: 'Cannot update video channel of another pod' })
+            .end()
+        }
+        if (res.locals.videoChannel.Author.userId !== res.locals.oauth.token.User.id) {
+          return res.status(403)
+            .json({ error: 'Cannot update video channel of another user' })
+            .end()
+        }
+        next()
+      })
+    })
+  }
+]
+const videoChannelsRemoveValidator = [
+  param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
+  (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    logger.debug('Checking videoChannelsRemove parameters', { parameters: req.params })
+    checkErrors(req, res, () => {
+      checkVideoChannelExists(req.params.id, res, () => {
+        // Check if the user who did the request is able to delete the video
+        checkUserCanDeleteVideoChannel(res, () => {
+          checkVideoChannelIsNotTheLastOne(res, next)
+        })
+      })
+    })
+  }
+]
+const videoChannelGetValidator = [
+  param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
+  (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    logger.debug('Checking videoChannelsGet parameters', { parameters: req.params })
+    checkErrors(req, res, () => {
+      checkVideoChannelExists(req.params.id, res, next)
+    })
+  }
+]
+// ---------------------------------------------------------------------------
+export {
+  listVideoAuthorChannelsValidator,
+  videoChannelsAddValidator,
+  videoChannelsUpdateValidator,
+  videoChannelsRemoveValidator,
+  videoChannelGetValidator
+}
+// ---------------------------------------------------------------------------
+function checkUserCanDeleteVideoChannel (res: express.Response, callback: () => void) {
+  const user = res.locals.oauth.token.User
+  // Retrieve the user who did the request
+  if (res.locals.videoChannel.isOwned() === false) {
+    return res.status(403)
+              .json({ error: 'Cannot remove video channel of another pod.' })
+              .end()
+  }
+  // Check if the user can delete the video channel
+  // The user can delete it if s/he is an admin
+  // Or if s/he is the video channel's author
+  if (user.isAdmin() === false && res.locals.videoChannel.Author.userId !== user.id) {
+    return res.status(403)
+              .json({ error: 'Cannot remove video channel of another user' })
+              .end()
+  }
+  // If we reach this comment, we can delete the video
+  callback()
+}
+function checkVideoChannelIsNotTheLastOne (res: express.Response, callback: () => void) {
+  db.VideoChannel.countByAuthor(res.locals.oauth.token.User.Author.id)
+    .then(count => {
+      if (count <= 1) {
+        return res.status(409)
+          .json({ error: 'Cannot remove the last channel of this user' })
+          .end()
+      }
+      callback()
+    })
+}
diff --git a/server/middlewares/validators/videos.ts b/server/middlewares/validators/videos.ts
index 3f881e1b5..8a9b383b8 100644
--- a/server/middlewares/validators/videos.ts
+++ b/server/middlewares/validators/videos.ts
@@ -15,11 +15,12 @@ import {
  isVideoLanguageValid,
  isVideoTagsValid,
  isVideoNSFWValid,
-  isVideoIdOrUUIDValid,
+  isIdOrUUIDValid,
  isVideoAbuseReasonValid,
  isVideoRatingTypeValid,
  getDurationFromVideoFile,
-  checkVideoExists
+  checkVideoExists,
+  isIdValid
 } from '../../helpers'
 const videosAddValidator = [
@@ -33,6 +34,7 @@ const videosAddValidator = [
  body('language').optional().custom(isVideoLanguageValid).withMessage('Should have a valid language'),
  body('nsfw').custom(isVideoNSFWValid).withMessage('Should have a valid NSFW attribute'),
  body('description').custom(isVideoDescriptionValid).withMessage('Should have a valid description'),
+  body('channelId').custom(isIdValid).withMessage('Should have correct video channel id'),
  body('tags').optional().custom(isVideoTagsValid).withMessage('Should have correct tags'),
  (req: express.Request, res: express.Response, next: express.NextFunction) => {
@@ -42,7 +44,20 @@ const videosAddValidator = [
      const videoFile: Express.Multer.File = req.files['videofile'][0]
      const user = res.locals.oauth.token.User
-      user.isAbleToUploadVideo(videoFile)
+      return db.VideoChannel.loadByIdAndAuthor(req.body.channelId, user.Author.id)
+        .then(videoChannel => {
+          if (!videoChannel) {
+            res.status(400)
+              .json({ error: 'Unknown video video channel for this author.' })
+              .end()
+            return undefined
+          }
+          res.locals.videoChannel = videoChannel
+          return user.isAbleToUploadVideo(videoFile)
+        })
        .then(isAble => {
          if (isAble === false) {
            res.status(403)
@@ -88,7 +103,7 @@ const videosAddValidator = [
 ]
 const videosUpdateValidator = [
-  param('id').custom(isVideoIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
+  param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
  body('name').optional().custom(isVideoNameValid).withMessage('Should have a valid name'),
  body('category').optional().custom(isVideoCategoryValid).withMessage('Should have a valid category'),
  body('licence').optional().custom(isVideoLicenceValid).withMessage('Should have a valid licence'),
@@ -109,7 +124,7 @@ const videosUpdateValidator = [
                    .end()
        }
-        if (res.locals.video.Author.userId !== res.locals.oauth.token.User.id) {
+        if (res.locals.video.VideoChannel.Author.userId !== res.locals.oauth.token.User.id) {
          return res.status(403)
                    .json({ error: 'Cannot update video of another user' })
                    .end()
@@ -122,7 +137,7 @@ const videosUpdateValidator = [
 ]
 const videosGetValidator = [
-  param('id').custom(isVideoIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
+  param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
  (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking videosGet parameters', { parameters: req.params })
@@ -134,7 +149,7 @@ const videosGetValidator = [
 ]
 const videosRemoveValidator = [
-  param('id').custom(isVideoIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
+  param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
  (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking videosRemove parameters', { parameters: req.params })
@@ -162,7 +177,7 @@ const videosSearchValidator = [
 ]
 const videoAbuseReportValidator = [
-  param('id').custom(isVideoIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
+  param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
  body('reason').custom(isVideoAbuseReasonValid).withMessage('Should have a valid reason'),
  (req: express.Request, res: express.Response, next: express.NextFunction) => {
@@ -175,7 +190,7 @@ const videoAbuseReportValidator = [
 ]
 const videoRateValidator = [
-  param('id').custom(isVideoIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
+  param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
  body('rating').custom(isVideoRatingTypeValid).withMessage('Should have a valid rate type'),
  (req: express.Request, res: express.Response, next: express.NextFunction) => {

diff --git a/server/middlewares/validators/index.ts b/server/middlewares/validators/index.ts index 068c41b24..247f6039e 100644 --- a/server/middlewares/validators/index.ts +++ b/server/middlewares/validators/index.ts
@@ -6,3 +6,4 @@ export * from './sort'
6	export * from './users'	6	export * from './users'
7	export * from './videos'	7	export * from './videos'
8	export * from './video-blacklist'	8	export * from './video-blacklist'
		9	export * from './video-channels'


diff --git a/server/middlewares/validators/oembed.ts b/server/middlewares/validators/oembed.ts index 4b8c03faf..f8e34d2d4 100644 --- a/server/middlewares/validators/oembed.ts +++ b/server/middlewares/validators/oembed.ts
@@ -4,9 +4,12 @@ import { join } from 'path'
4		4
5	import { checkErrors } from './utils'	5	import { checkErrors } from './utils'
6	import { CONFIG } from '../../initializers'	6	import { CONFIG } from '../../initializers'
7	import { logger } from '../../helpers'	7	import {
8	import { checkVideoExists, isVideoIdOrUUIDValid } from '../../helpers/custom-validators/videos'	8	logger,
9	import { isTestInstance } from '../../helpers/core-utils'	9	isTestInstance,
		10	checkVideoExists,
		11	isIdOrUUIDValid
		12	} from '../../helpers'
10		13
11	const urlShouldStartWith = CONFIG.WEBSERVER.SCHEME + '://' + join(CONFIG.WEBSERVER.HOST, 'videos', 'watch') + '/'	14	const urlShouldStartWith = CONFIG.WEBSERVER.SCHEME + '://' + join(CONFIG.WEBSERVER.HOST, 'videos', 'watch') + '/'
12	const videoWatchRegex = new RegExp('([^/]+)$')	15	const videoWatchRegex = new RegExp('([^/]+)$')
@@ -45,7 +48,7 @@ const oembedValidator = [
45	}	48	}
46		49
47	const videoId = matches[1]	50	const videoId = matches[1]
48	if (isVideoIdOrUUIDValid(videoId) === false) {	51	if (isIdOrUUIDValid(videoId) === false) {
49	return res.status(400)	52	return res.status(400)
50	.json({ error: 'Invalid video id.' })	53	.json({ error: 'Invalid video id.' })
51	.end()	54	.end()


diff --git a/server/middlewares/validators/sort.ts b/server/middlewares/validators/sort.ts index 227f309ad..d23a95537 100644 --- a/server/middlewares/validators/sort.ts +++ b/server/middlewares/validators/sort.ts
@@ -11,12 +11,14 @@ const SORTABLE_USERS_COLUMNS = createSortableColumns(SORTABLE_COLUMNS.USERS)
11	const SORTABLE_VIDEO_ABUSES_COLUMNS = createSortableColumns(SORTABLE_COLUMNS.VIDEO_ABUSES)	11	const SORTABLE_VIDEO_ABUSES_COLUMNS = createSortableColumns(SORTABLE_COLUMNS.VIDEO_ABUSES)
12	const SORTABLE_VIDEOS_COLUMNS = createSortableColumns(SORTABLE_COLUMNS.VIDEOS)	12	const SORTABLE_VIDEOS_COLUMNS = createSortableColumns(SORTABLE_COLUMNS.VIDEOS)
13	const SORTABLE_BLACKLISTS_COLUMNS = createSortableColumns(SORTABLE_COLUMNS.BLACKLISTS)	13	const SORTABLE_BLACKLISTS_COLUMNS = createSortableColumns(SORTABLE_COLUMNS.BLACKLISTS)
		14	const SORTABLE_VIDEO_CHANNELS_COLUMNS = createSortableColumns(SORTABLE_COLUMNS.VIDEO_CHANNELS)
14		15
15	const podsSortValidator = checkSort(SORTABLE_PODS_COLUMNS)	16	const podsSortValidator = checkSort(SORTABLE_PODS_COLUMNS)
16	const usersSortValidator = checkSort(SORTABLE_USERS_COLUMNS)	17	const usersSortValidator = checkSort(SORTABLE_USERS_COLUMNS)
17	const videoAbusesSortValidator = checkSort(SORTABLE_VIDEO_ABUSES_COLUMNS)	18	const videoAbusesSortValidator = checkSort(SORTABLE_VIDEO_ABUSES_COLUMNS)
18	const videosSortValidator = checkSort(SORTABLE_VIDEOS_COLUMNS)	19	const videosSortValidator = checkSort(SORTABLE_VIDEOS_COLUMNS)
19	const blacklistSortValidator = checkSort(SORTABLE_BLACKLISTS_COLUMNS)	20	const blacklistSortValidator = checkSort(SORTABLE_BLACKLISTS_COLUMNS)
		21	const videoChannelsSortValidator = checkSort(SORTABLE_VIDEO_CHANNELS_COLUMNS)
20		22
21	// ---------------------------------------------------------------------------	23	// ---------------------------------------------------------------------------
22		24
@@ -24,6 +26,7 @@ export {
24	podsSortValidator,	26	podsSortValidator,
25	usersSortValidator,	27	usersSortValidator,
26	videoAbusesSortValidator,	28	videoAbusesSortValidator,
		29	videoChannelsSortValidator,
27	videosSortValidator,	30	videosSortValidator,
28	blacklistSortValidator	31	blacklistSortValidator
29	}	32	}


diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts index ab9d0938c..1a33cfd8c 100644 --- a/server/middlewares/validators/users.ts +++ b/server/middlewares/validators/users.ts
@@ -13,7 +13,7 @@ import {
13	isUserPasswordValid,	13	isUserPasswordValid,
14	isUserVideoQuotaValid,	14	isUserVideoQuotaValid,
15	isUserDisplayNSFWValid,	15	isUserDisplayNSFWValid,
16	isVideoIdOrUUIDValid	16	isIdOrUUIDValid
17	} from '../../helpers'	17	} from '../../helpers'
18	import { UserInstance, VideoInstance } from '../../models'	18	import { UserInstance, VideoInstance } from '../../models'
19		19
@@ -109,7 +109,7 @@ const usersGetValidator = [
109	]	109	]
110		110
111	const usersVideoRatingValidator = [	111	const usersVideoRatingValidator = [
112	param('videoId').custom(isVideoIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid video id'),	112	param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid video id'),
113		113
114	(req: express.Request, res: express.Response, next: express.NextFunction) => {	114	(req: express.Request, res: express.Response, next: express.NextFunction) => {
115	logger.debug('Checking usersVideoRating parameters', { parameters: req.params })	115	logger.debug('Checking usersVideoRating parameters', { parameters: req.params })


diff --git a/server/middlewares/validators/video-blacklist.ts b/server/middlewares/validators/video-blacklist.ts index 30c6d4bd9..3c8c31519 100644 --- a/server/middlewares/validators/video-blacklist.ts +++ b/server/middlewares/validators/video-blacklist.ts
@@ -3,10 +3,10 @@ import * as express from 'express'
3		3
4	import { database as db } from '../../initializers/database'	4	import { database as db } from '../../initializers/database'
5	import { checkErrors } from './utils'	5	import { checkErrors } from './utils'
6	import { logger, isVideoIdOrUUIDValid, checkVideoExists } from '../../helpers'	6	import { logger, isIdOrUUIDValid, checkVideoExists } from '../../helpers'
7		7
8	const videosBlacklistRemoveValidator = [	8	const videosBlacklistRemoveValidator = [
9	param('videoId').custom(isVideoIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'),	9	param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'),
10		10
11	(req: express.Request, res: express.Response, next: express.NextFunction) => {	11	(req: express.Request, res: express.Response, next: express.NextFunction) => {
12	logger.debug('Checking blacklistRemove parameters.', { parameters: req.params })	12	logger.debug('Checking blacklistRemove parameters.', { parameters: req.params })
@@ -20,7 +20,7 @@ const videosBlacklistRemoveValidator = [
20	]	20	]
21		21
22	const videosBlacklistAddValidator = [	22	const videosBlacklistAddValidator = [
23	param('videoId').custom(isVideoIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'),	23	param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'),
24		24
25	(req: express.Request, res: express.Response, next: express.NextFunction) => {	25	(req: express.Request, res: express.Response, next: express.NextFunction) => {
26	logger.debug('Checking videosBlacklist parameters', { parameters: req.params })	26	logger.debug('Checking videosBlacklist parameters', { parameters: req.params })


diff --git a/server/middlewares/validators/video-channels.ts b/server/middlewares/validators/video-channels.ts new file mode 100644 index 000000000..979fbd34a --- /dev/null +++ b/server/middlewares/validators/video-channels.ts
@@ -0,0 +1,142 @@
		1	import { body, param } from 'express-validator/check'
		2	import * as express from 'express'
		3
		4	import { checkErrors } from './utils'
		5	import { database as db } from '../../initializers'
		6	import {
		7	logger,
		8	isIdOrUUIDValid,
		9	isVideoChannelDescriptionValid,
		10	isVideoChannelNameValid,
		11	checkVideoChannelExists,
		12	checkVideoAuthorExists
		13	} from '../../helpers'
		14
		15	const listVideoAuthorChannelsValidator = [
		16	param('authorId').custom(isIdOrUUIDValid).withMessage('Should have a valid author id'),
		17
		18	(req: express.Request, res: express.Response, next: express.NextFunction) => {
		19	logger.debug('Checking listVideoAuthorChannelsValidator parameters', { parameters: req.body })
		20
		21	checkErrors(req, res, () => {
		22	checkVideoAuthorExists(req.params.authorId, res, next)
		23	})
		24	}
		25	]
		26
		27	const videoChannelsAddValidator = [
		28	body('name').custom(isVideoChannelNameValid).withMessage('Should have a valid name'),
		29	body('description').custom(isVideoChannelDescriptionValid).withMessage('Should have a valid description'),
		30
		31	(req: express.Request, res: express.Response, next: express.NextFunction) => {
		32	logger.debug('Checking videoChannelsAdd parameters', { parameters: req.body })
		33
		34	checkErrors(req, res, next)
		35	}
		36	]
		37
		38	const videoChannelsUpdateValidator = [
		39	param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
		40	body('name').optional().custom(isVideoChannelNameValid).withMessage('Should have a valid name'),
		41	body('description').optional().custom(isVideoChannelDescriptionValid).withMessage('Should have a valid description'),
		42
		43	(req: express.Request, res: express.Response, next: express.NextFunction) => {
		44	logger.debug('Checking videoChannelsUpdate parameters', { parameters: req.body })
		45
		46	checkErrors(req, res, () => {
		47	checkVideoChannelExists(req.params.id, res, () => {
		48	// We need to make additional checks
		49	if (res.locals.videoChannel.isOwned() === false) {
		50	return res.status(403)
		51	.json({ error: 'Cannot update video channel of another pod' })
		52	.end()
		53	}
		54
		55	if (res.locals.videoChannel.Author.userId !== res.locals.oauth.token.User.id) {
		56	return res.status(403)
		57	.json({ error: 'Cannot update video channel of another user' })
		58	.end()
		59	}
		60
		61	next()
		62	})
		63	})
		64	}
		65	]
		66
		67	const videoChannelsRemoveValidator = [
		68	param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
		69
		70	(req: express.Request, res: express.Response, next: express.NextFunction) => {
		71	logger.debug('Checking videoChannelsRemove parameters', { parameters: req.params })
		72
		73	checkErrors(req, res, () => {
		74	checkVideoChannelExists(req.params.id, res, () => {
		75	// Check if the user who did the request is able to delete the video
		76	checkUserCanDeleteVideoChannel(res, () => {
		77	checkVideoChannelIsNotTheLastOne(res, next)
		78	})
		79	})
		80	})
		81	}
		82	]
		83
		84	const videoChannelGetValidator = [
		85	param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
		86
		87	(req: express.Request, res: express.Response, next: express.NextFunction) => {
		88	logger.debug('Checking videoChannelsGet parameters', { parameters: req.params })
		89
		90	checkErrors(req, res, () => {
		91	checkVideoChannelExists(req.params.id, res, next)
		92	})
		93	}
		94	]
		95
		96	// ---------------------------------------------------------------------------
		97
		98	export {
		99	listVideoAuthorChannelsValidator,
		100	videoChannelsAddValidator,
		101	videoChannelsUpdateValidator,
		102	videoChannelsRemoveValidator,
		103	videoChannelGetValidator
		104	}
		105
		106	// ---------------------------------------------------------------------------
		107
		108	function checkUserCanDeleteVideoChannel (res: express.Response, callback: () => void) {
		109	const user = res.locals.oauth.token.User
		110
		111	// Retrieve the user who did the request
		112	if (res.locals.videoChannel.isOwned() === false) {
		113	return res.status(403)
		114	.json({ error: 'Cannot remove video channel of another pod.' })
		115	.end()
		116	}
		117
		118	// Check if the user can delete the video channel
		119	// The user can delete it if s/he is an admin
		120	// Or if s/he is the video channel's author
		121	if (user.isAdmin() === false && res.locals.videoChannel.Author.userId !== user.id) {
		122	return res.status(403)
		123	.json({ error: 'Cannot remove video channel of another user' })
		124	.end()
		125	}
		126
		127	// If we reach this comment, we can delete the video
		128	callback()
		129	}
		130
		131	function checkVideoChannelIsNotTheLastOne (res: express.Response, callback: () => void) {
		132	db.VideoChannel.countByAuthor(res.locals.oauth.token.User.Author.id)
		133	.then(count => {
		134	if (count <= 1) {
		135	return res.status(409)
		136	.json({ error: 'Cannot remove the last channel of this user' })
		137	.end()
		138	}
		139
		140	callback()
		141	})
		142	}


diff --git a/server/middlewares/validators/videos.ts b/server/middlewares/validators/videos.ts index 3f881e1b5..8a9b383b8 100644 --- a/server/middlewares/validators/videos.ts +++ b/server/middlewares/validators/videos.ts
@@ -15,11 +15,12 @@ import {
15	isVideoLanguageValid,	15	isVideoLanguageValid,
16	isVideoTagsValid,	16	isVideoTagsValid,
17	isVideoNSFWValid,	17	isVideoNSFWValid,
18	isVideoIdOrUUIDValid,	18	isIdOrUUIDValid,
19	isVideoAbuseReasonValid,	19	isVideoAbuseReasonValid,
20	isVideoRatingTypeValid,	20	isVideoRatingTypeValid,
21	getDurationFromVideoFile,	21	getDurationFromVideoFile,
22	checkVideoExists	22	checkVideoExists,
		23	isIdValid
23	} from '../../helpers'	24	} from '../../helpers'
24		25
25	const videosAddValidator = [	26	const videosAddValidator = [
@@ -33,6 +34,7 @@ const videosAddValidator = [
33	body('language').optional().custom(isVideoLanguageValid).withMessage('Should have a valid language'),	34	body('language').optional().custom(isVideoLanguageValid).withMessage('Should have a valid language'),
34	body('nsfw').custom(isVideoNSFWValid).withMessage('Should have a valid NSFW attribute'),	35	body('nsfw').custom(isVideoNSFWValid).withMessage('Should have a valid NSFW attribute'),
35	body('description').custom(isVideoDescriptionValid).withMessage('Should have a valid description'),	36	body('description').custom(isVideoDescriptionValid).withMessage('Should have a valid description'),
		37	body('channelId').custom(isIdValid).withMessage('Should have correct video channel id'),
36	body('tags').optional().custom(isVideoTagsValid).withMessage('Should have correct tags'),	38	body('tags').optional().custom(isVideoTagsValid).withMessage('Should have correct tags'),
37		39
38	(req: express.Request, res: express.Response, next: express.NextFunction) => {	40	(req: express.Request, res: express.Response, next: express.NextFunction) => {
@@ -42,7 +44,20 @@ const videosAddValidator = [
42	const videoFile: Express.Multer.File = req.files['videofile'][0]	44	const videoFile: Express.Multer.File = req.files['videofile'][0]
43	const user = res.locals.oauth.token.User	45	const user = res.locals.oauth.token.User
44		46
45	user.isAbleToUploadVideo(videoFile)	47	return db.VideoChannel.loadByIdAndAuthor(req.body.channelId, user.Author.id)
		48	.then(videoChannel => {
		49	if (!videoChannel) {
		50	res.status(400)
		51	.json({ error: 'Unknown video video channel for this author.' })
		52	.end()
		53
		54	return undefined
		55	}
		56
		57	res.locals.videoChannel = videoChannel
		58
		59	return user.isAbleToUploadVideo(videoFile)
		60	})
46	.then(isAble => {	61	.then(isAble => {
47	if (isAble === false) {	62	if (isAble === false) {
48	res.status(403)	63	res.status(403)
@@ -88,7 +103,7 @@ const videosAddValidator = [
88	]	103	]
89		104
90	const videosUpdateValidator = [	105	const videosUpdateValidator = [
91	param('id').custom(isVideoIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),	106	param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
92	body('name').optional().custom(isVideoNameValid).withMessage('Should have a valid name'),	107	body('name').optional().custom(isVideoNameValid).withMessage('Should have a valid name'),
93	body('category').optional().custom(isVideoCategoryValid).withMessage('Should have a valid category'),	108	body('category').optional().custom(isVideoCategoryValid).withMessage('Should have a valid category'),
94	body('licence').optional().custom(isVideoLicenceValid).withMessage('Should have a valid licence'),	109	body('licence').optional().custom(isVideoLicenceValid).withMessage('Should have a valid licence'),
@@ -109,7 +124,7 @@ const videosUpdateValidator = [
109	.end()	124	.end()
110	}	125	}
111		126
112	if (res.locals.video.Author.userId !== res.locals.oauth.token.User.id) {	127	if (res.locals.video.VideoChannel.Author.userId !== res.locals.oauth.token.User.id) {
113	return res.status(403)	128	return res.status(403)
114	.json({ error: 'Cannot update video of another user' })	129	.json({ error: 'Cannot update video of another user' })
115	.end()	130	.end()
@@ -122,7 +137,7 @@ const videosUpdateValidator = [
122	]	137	]
123		138
124	const videosGetValidator = [	139	const videosGetValidator = [
125	param('id').custom(isVideoIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),	140	param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
126		141
127	(req: express.Request, res: express.Response, next: express.NextFunction) => {	142	(req: express.Request, res: express.Response, next: express.NextFunction) => {
128	logger.debug('Checking videosGet parameters', { parameters: req.params })	143	logger.debug('Checking videosGet parameters', { parameters: req.params })
@@ -134,7 +149,7 @@ const videosGetValidator = [
134	]	149	]
135		150
136	const videosRemoveValidator = [	151	const videosRemoveValidator = [
137	param('id').custom(isVideoIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),	152	param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
138		153
139	(req: express.Request, res: express.Response, next: express.NextFunction) => {	154	(req: express.Request, res: express.Response, next: express.NextFunction) => {
140	logger.debug('Checking videosRemove parameters', { parameters: req.params })	155	logger.debug('Checking videosRemove parameters', { parameters: req.params })
@@ -162,7 +177,7 @@ const videosSearchValidator = [
162	]	177	]
163		178
164	const videoAbuseReportValidator = [	179	const videoAbuseReportValidator = [
165	param('id').custom(isVideoIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),	180	param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
166	body('reason').custom(isVideoAbuseReasonValid).withMessage('Should have a valid reason'),	181	body('reason').custom(isVideoAbuseReasonValid).withMessage('Should have a valid reason'),
167		182
168	(req: express.Request, res: express.Response, next: express.NextFunction) => {	183	(req: express.Request, res: express.Response, next: express.NextFunction) => {
@@ -175,7 +190,7 @@ const videoAbuseReportValidator = [
175	]	190	]
176		191
177	const videoRateValidator = [	192	const videoRateValidator = [
178	param('id').custom(isVideoIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),	193	param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
179	body('rating').custom(isVideoRatingTypeValid).withMessage('Should have a valid rate type'),	194	body('rating').custom(isVideoRatingTypeValid).withMessage('Should have a valid rate type'),
180		195
181	(req: express.Request, res: express.Response, next: express.NextFunction) => {	196	(req: express.Request, res: express.Response, next: express.NextFunction) => {