diff options
Diffstat (limited to 'server/middlewares/validators')
-rw-r--r-- | server/middlewares/validators/videos/videos.ts | 19 |
1 files changed, 18 insertions, 1 deletions
diff --git a/server/middlewares/validators/videos/videos.ts b/server/middlewares/validators/videos/videos.ts index 5f1234379..53643635c 100644 --- a/server/middlewares/validators/videos/videos.ts +++ b/server/middlewares/validators/videos/videos.ts | |||
@@ -103,6 +103,22 @@ const videosAddLegacyValidator = getCommonVideoEditAttributes().concat([ | |||
103 | } | 103 | } |
104 | ]) | 104 | ]) |
105 | 105 | ||
106 | const videosResumableUploadIdValidator = [ | ||
107 | (req: express.Request, res: express.Response, next: express.NextFunction) => { | ||
108 | const user = res.locals.oauth.token.User | ||
109 | const uploadId = req.query.upload_id | ||
110 | |||
111 | if (uploadId.startsWith(user.id + '-') !== true) { | ||
112 | return res.fail({ | ||
113 | status: HttpStatusCode.FORBIDDEN_403, | ||
114 | message: 'You cannot send chunks in another user upload' | ||
115 | }) | ||
116 | } | ||
117 | |||
118 | return next() | ||
119 | } | ||
120 | ] | ||
121 | |||
106 | /** | 122 | /** |
107 | * Gets called after the last PUT request | 123 | * Gets called after the last PUT request |
108 | */ | 124 | */ |
@@ -110,7 +126,7 @@ const videosAddResumableValidator = [ | |||
110 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | 126 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { |
111 | const user = res.locals.oauth.token.User | 127 | const user = res.locals.oauth.token.User |
112 | const body: express.CustomUploadXFile<express.UploadXFileMetadata> = req.body | 128 | const body: express.CustomUploadXFile<express.UploadXFileMetadata> = req.body |
113 | const file = { ...body, duration: undefined, path: getResumableUploadPath(body.id), filename: body.metadata.filename } | 129 | const file = { ...body, duration: undefined, path: getResumableUploadPath(body.name), filename: body.metadata.filename } |
114 | const cleanup = () => deleteFileAndCatch(file.path) | 130 | const cleanup = () => deleteFileAndCatch(file.path) |
115 | 131 | ||
116 | const uploadId = req.query.upload_id | 132 | const uploadId = req.query.upload_id |
@@ -552,6 +568,7 @@ export { | |||
552 | videosAddLegacyValidator, | 568 | videosAddLegacyValidator, |
553 | videosAddResumableValidator, | 569 | videosAddResumableValidator, |
554 | videosAddResumableInitValidator, | 570 | videosAddResumableInitValidator, |
571 | videosResumableUploadIdValidator, | ||
555 | 572 | ||
556 | videosUpdateValidator, | 573 | videosUpdateValidator, |
557 | videosGetValidator, | 574 | videosGetValidator, |