diff options
Diffstat (limited to 'server/middlewares/validators')
-rw-r--r-- | server/middlewares/validators/videos/index.ts | 2 | ||||
-rw-r--r-- | server/middlewares/validators/videos/video-ownership-changes.ts | 119 | ||||
-rw-r--r-- | server/middlewares/validators/videos/videos.ts | 80 |
3 files changed, 122 insertions, 79 deletions
diff --git a/server/middlewares/validators/videos/index.ts b/server/middlewares/validators/videos/index.ts index 1eabada0a..369c2c9b6 100644 --- a/server/middlewares/validators/videos/index.ts +++ b/server/middlewares/validators/videos/index.ts | |||
@@ -3,6 +3,8 @@ export * from './video-captions' | |||
3 | export * from './video-channels' | 3 | export * from './video-channels' |
4 | export * from './video-comments' | 4 | export * from './video-comments' |
5 | export * from './video-imports' | 5 | export * from './video-imports' |
6 | export * from './video-live' | ||
7 | export * from './video-ownership-changes' | ||
6 | export * from './video-watch' | 8 | export * from './video-watch' |
7 | export * from './video-rates' | 9 | export * from './video-rates' |
8 | export * from './video-shares' | 10 | export * from './video-shares' |
diff --git a/server/middlewares/validators/videos/video-ownership-changes.ts b/server/middlewares/validators/videos/video-ownership-changes.ts new file mode 100644 index 000000000..120b0469c --- /dev/null +++ b/server/middlewares/validators/videos/video-ownership-changes.ts | |||
@@ -0,0 +1,119 @@ | |||
1 | import * as express from 'express' | ||
2 | import { param } from 'express-validator' | ||
3 | import { isIdOrUUIDValid } from '@server/helpers/custom-validators/misc' | ||
4 | import { checkUserCanTerminateOwnershipChange } from '@server/helpers/custom-validators/video-ownership' | ||
5 | import { logger } from '@server/helpers/logger' | ||
6 | import { isAbleToUploadVideo } from '@server/lib/user' | ||
7 | import { AccountModel } from '@server/models/account/account' | ||
8 | import { MVideoWithAllFiles } from '@server/types/models' | ||
9 | import { HttpStatusCode } from '@shared/core-utils' | ||
10 | import { ServerErrorCode, UserRight, VideoChangeOwnershipAccept, VideoChangeOwnershipStatus, VideoState } from '@shared/models' | ||
11 | import { | ||
12 | areValidationErrors, | ||
13 | checkUserCanManageVideo, | ||
14 | doesChangeVideoOwnershipExist, | ||
15 | doesVideoChannelOfAccountExist, | ||
16 | doesVideoExist | ||
17 | } from '../shared' | ||
18 | |||
19 | const videosChangeOwnershipValidator = [ | ||
20 | param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), | ||
21 | |||
22 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | ||
23 | logger.debug('Checking changeOwnership parameters', { parameters: req.params }) | ||
24 | |||
25 | if (areValidationErrors(req, res)) return | ||
26 | if (!await doesVideoExist(req.params.videoId, res)) return | ||
27 | |||
28 | // Check if the user who did the request is able to change the ownership of the video | ||
29 | if (!checkUserCanManageVideo(res.locals.oauth.token.User, res.locals.videoAll, UserRight.CHANGE_VIDEO_OWNERSHIP, res)) return | ||
30 | |||
31 | const nextOwner = await AccountModel.loadLocalByName(req.body.username) | ||
32 | if (!nextOwner) { | ||
33 | res.fail({ message: 'Changing video ownership to a remote account is not supported yet' }) | ||
34 | return | ||
35 | } | ||
36 | |||
37 | res.locals.nextOwner = nextOwner | ||
38 | return next() | ||
39 | } | ||
40 | ] | ||
41 | |||
42 | const videosTerminateChangeOwnershipValidator = [ | ||
43 | param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), | ||
44 | |||
45 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | ||
46 | logger.debug('Checking changeOwnership parameters', { parameters: req.params }) | ||
47 | |||
48 | if (areValidationErrors(req, res)) return | ||
49 | if (!await doesChangeVideoOwnershipExist(req.params.id, res)) return | ||
50 | |||
51 | // Check if the user who did the request is able to change the ownership of the video | ||
52 | if (!checkUserCanTerminateOwnershipChange(res.locals.oauth.token.User, res.locals.videoChangeOwnership, res)) return | ||
53 | |||
54 | const videoChangeOwnership = res.locals.videoChangeOwnership | ||
55 | |||
56 | if (videoChangeOwnership.status !== VideoChangeOwnershipStatus.WAITING) { | ||
57 | res.fail({ | ||
58 | status: HttpStatusCode.FORBIDDEN_403, | ||
59 | message: 'Ownership already accepted or refused' | ||
60 | }) | ||
61 | return | ||
62 | } | ||
63 | |||
64 | return next() | ||
65 | } | ||
66 | ] | ||
67 | |||
68 | const videosAcceptChangeOwnershipValidator = [ | ||
69 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | ||
70 | const body = req.body as VideoChangeOwnershipAccept | ||
71 | if (!await doesVideoChannelOfAccountExist(body.channelId, res.locals.oauth.token.User, res)) return | ||
72 | |||
73 | const videoChangeOwnership = res.locals.videoChangeOwnership | ||
74 | |||
75 | const video = videoChangeOwnership.Video | ||
76 | |||
77 | if (!await checkCanAccept(video, res)) return | ||
78 | |||
79 | return next() | ||
80 | } | ||
81 | ] | ||
82 | |||
83 | export { | ||
84 | videosChangeOwnershipValidator, | ||
85 | videosTerminateChangeOwnershipValidator, | ||
86 | videosAcceptChangeOwnershipValidator | ||
87 | } | ||
88 | |||
89 | // --------------------------------------------------------------------------- | ||
90 | |||
91 | async function checkCanAccept (video: MVideoWithAllFiles, res: express.Response): Promise<boolean> { | ||
92 | if (video.isLive) { | ||
93 | |||
94 | if (video.state !== VideoState.WAITING_FOR_LIVE) { | ||
95 | res.fail({ | ||
96 | status: HttpStatusCode.BAD_REQUEST_400, | ||
97 | message: 'You can accept an ownership change of a published live.' | ||
98 | }) | ||
99 | |||
100 | return false | ||
101 | } | ||
102 | |||
103 | return true | ||
104 | } | ||
105 | |||
106 | const user = res.locals.oauth.token.User | ||
107 | |||
108 | if (!await isAbleToUploadVideo(user.id, video.getMaxQualityFile().size)) { | ||
109 | res.fail({ | ||
110 | status: HttpStatusCode.PAYLOAD_TOO_LARGE_413, | ||
111 | message: 'The user video quota is exceeded with this video.', | ||
112 | type: ServerErrorCode.QUOTA_REACHED | ||
113 | }) | ||
114 | |||
115 | return false | ||
116 | } | ||
117 | |||
118 | return true | ||
119 | } | ||
diff --git a/server/middlewares/validators/videos/videos.ts b/server/middlewares/validators/videos/videos.ts index 2bed5f181..8201e80c3 100644 --- a/server/middlewares/validators/videos/videos.ts +++ b/server/middlewares/validators/videos/videos.ts | |||
@@ -5,9 +5,8 @@ import { isAbleToUploadVideo } from '@server/lib/user' | |||
5 | import { getServerActor } from '@server/models/application/application' | 5 | import { getServerActor } from '@server/models/application/application' |
6 | import { ExpressPromiseHandler } from '@server/types/express' | 6 | import { ExpressPromiseHandler } from '@server/types/express' |
7 | import { MUserAccountId, MVideoFullLight } from '@server/types/models' | 7 | import { MUserAccountId, MVideoFullLight } from '@server/types/models' |
8 | import { ServerErrorCode, UserRight, VideoChangeOwnershipStatus, VideoPrivacy } from '../../../../shared' | 8 | import { ServerErrorCode, UserRight, VideoPrivacy } from '../../../../shared' |
9 | import { HttpStatusCode } from '../../../../shared/core-utils/miscs/http-error-codes' | 9 | import { HttpStatusCode } from '../../../../shared/core-utils/miscs/http-error-codes' |
10 | import { VideoChangeOwnershipAccept } from '../../../../shared/models/videos/change-ownership/video-change-ownership-accept.model' | ||
11 | import { | 10 | import { |
12 | exists, | 11 | exists, |
13 | isBooleanValid, | 12 | isBooleanValid, |
@@ -22,7 +21,6 @@ import { | |||
22 | toValueOrNull | 21 | toValueOrNull |
23 | } from '../../../helpers/custom-validators/misc' | 22 | } from '../../../helpers/custom-validators/misc' |
24 | import { isBooleanBothQueryValid, isNumberArray, isStringArray } from '../../../helpers/custom-validators/search' | 23 | import { isBooleanBothQueryValid, isNumberArray, isStringArray } from '../../../helpers/custom-validators/search' |
25 | import { checkUserCanTerminateOwnershipChange } from '../../../helpers/custom-validators/video-ownership' | ||
26 | import { | 24 | import { |
27 | isScheduleVideoUpdatePrivacyValid, | 25 | isScheduleVideoUpdatePrivacyValid, |
28 | isVideoCategoryValid, | 26 | isVideoCategoryValid, |
@@ -48,13 +46,11 @@ import { CONFIG } from '../../../initializers/config' | |||
48 | import { CONSTRAINTS_FIELDS, OVERVIEWS } from '../../../initializers/constants' | 46 | import { CONSTRAINTS_FIELDS, OVERVIEWS } from '../../../initializers/constants' |
49 | import { isLocalVideoAccepted } from '../../../lib/moderation' | 47 | import { isLocalVideoAccepted } from '../../../lib/moderation' |
50 | import { Hooks } from '../../../lib/plugins/hooks' | 48 | import { Hooks } from '../../../lib/plugins/hooks' |
51 | import { AccountModel } from '../../../models/account/account' | ||
52 | import { VideoModel } from '../../../models/video/video' | 49 | import { VideoModel } from '../../../models/video/video' |
53 | import { authenticatePromiseIfNeeded } from '../../auth' | 50 | import { authenticatePromiseIfNeeded } from '../../auth' |
54 | import { | 51 | import { |
55 | areValidationErrors, | 52 | areValidationErrors, |
56 | checkUserCanManageVideo, | 53 | checkUserCanManageVideo, |
57 | doesChangeVideoOwnershipExist, | ||
58 | doesVideoChannelOfAccountExist, | 54 | doesVideoChannelOfAccountExist, |
59 | doesVideoExist, | 55 | doesVideoExist, |
60 | doesVideoFileOfVideoExist | 56 | doesVideoFileOfVideoExist |
@@ -342,76 +338,6 @@ const videosRemoveValidator = [ | |||
342 | } | 338 | } |
343 | ] | 339 | ] |
344 | 340 | ||
345 | const videosChangeOwnershipValidator = [ | ||
346 | param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), | ||
347 | |||
348 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | ||
349 | logger.debug('Checking changeOwnership parameters', { parameters: req.params }) | ||
350 | |||
351 | if (areValidationErrors(req, res)) return | ||
352 | if (!await doesVideoExist(req.params.videoId, res)) return | ||
353 | |||
354 | // Check if the user who did the request is able to change the ownership of the video | ||
355 | if (!checkUserCanManageVideo(res.locals.oauth.token.User, res.locals.videoAll, UserRight.CHANGE_VIDEO_OWNERSHIP, res)) return | ||
356 | |||
357 | const nextOwner = await AccountModel.loadLocalByName(req.body.username) | ||
358 | if (!nextOwner) { | ||
359 | res.fail({ message: 'Changing video ownership to a remote account is not supported yet' }) | ||
360 | return | ||
361 | } | ||
362 | |||
363 | res.locals.nextOwner = nextOwner | ||
364 | return next() | ||
365 | } | ||
366 | ] | ||
367 | |||
368 | const videosTerminateChangeOwnershipValidator = [ | ||
369 | param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), | ||
370 | |||
371 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | ||
372 | logger.debug('Checking changeOwnership parameters', { parameters: req.params }) | ||
373 | |||
374 | if (areValidationErrors(req, res)) return | ||
375 | if (!await doesChangeVideoOwnershipExist(req.params.id, res)) return | ||
376 | |||
377 | // Check if the user who did the request is able to change the ownership of the video | ||
378 | if (!checkUserCanTerminateOwnershipChange(res.locals.oauth.token.User, res.locals.videoChangeOwnership, res)) return | ||
379 | |||
380 | const videoChangeOwnership = res.locals.videoChangeOwnership | ||
381 | |||
382 | if (videoChangeOwnership.status !== VideoChangeOwnershipStatus.WAITING) { | ||
383 | res.fail({ | ||
384 | status: HttpStatusCode.FORBIDDEN_403, | ||
385 | message: 'Ownership already accepted or refused' | ||
386 | }) | ||
387 | return | ||
388 | } | ||
389 | |||
390 | return next() | ||
391 | } | ||
392 | ] | ||
393 | |||
394 | const videosAcceptChangeOwnershipValidator = [ | ||
395 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | ||
396 | const body = req.body as VideoChangeOwnershipAccept | ||
397 | if (!await doesVideoChannelOfAccountExist(body.channelId, res.locals.oauth.token.User, res)) return | ||
398 | |||
399 | const user = res.locals.oauth.token.User | ||
400 | const videoChangeOwnership = res.locals.videoChangeOwnership | ||
401 | const isAble = await isAbleToUploadVideo(user.id, videoChangeOwnership.Video.getMaxQualityFile().size) | ||
402 | if (isAble === false) { | ||
403 | res.fail({ | ||
404 | status: HttpStatusCode.PAYLOAD_TOO_LARGE_413, | ||
405 | message: 'The user video quota is exceeded with this video.', | ||
406 | type: ServerErrorCode.QUOTA_REACHED | ||
407 | }) | ||
408 | return | ||
409 | } | ||
410 | |||
411 | return next() | ||
412 | } | ||
413 | ] | ||
414 | |||
415 | const videosOverviewValidator = [ | 341 | const videosOverviewValidator = [ |
416 | query('page') | 342 | query('page') |
417 | .optional() | 343 | .optional() |
@@ -578,10 +504,6 @@ export { | |||
578 | videosCustomGetValidator, | 504 | videosCustomGetValidator, |
579 | videosRemoveValidator, | 505 | videosRemoveValidator, |
580 | 506 | ||
581 | videosChangeOwnershipValidator, | ||
582 | videosTerminateChangeOwnershipValidator, | ||
583 | videosAcceptChangeOwnershipValidator, | ||
584 | |||
585 | getCommonVideoEditAttributes, | 507 | getCommonVideoEditAttributes, |
586 | 508 | ||
587 | commonVideosFiltersValidator, | 509 | commonVideosFiltersValidator, |