aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/middlewares/validators
diff options
context:
space:
mode:
Diffstat (limited to 'server/middlewares/validators')
-rw-r--r--server/middlewares/validators/videos/index.ts2
-rw-r--r--server/middlewares/validators/videos/video-ownership-changes.ts119
-rw-r--r--server/middlewares/validators/videos/videos.ts80
3 files changed, 122 insertions, 79 deletions
diff --git a/server/middlewares/validators/videos/index.ts b/server/middlewares/validators/videos/index.ts
index 1eabada0a..369c2c9b6 100644
--- a/server/middlewares/validators/videos/index.ts
+++ b/server/middlewares/validators/videos/index.ts
@@ -3,6 +3,8 @@ export * from './video-captions'
3export * from './video-channels' 3export * from './video-channels'
4export * from './video-comments' 4export * from './video-comments'
5export * from './video-imports' 5export * from './video-imports'
6export * from './video-live'
7export * from './video-ownership-changes'
6export * from './video-watch' 8export * from './video-watch'
7export * from './video-rates' 9export * from './video-rates'
8export * from './video-shares' 10export * from './video-shares'
diff --git a/server/middlewares/validators/videos/video-ownership-changes.ts b/server/middlewares/validators/videos/video-ownership-changes.ts
new file mode 100644
index 000000000..120b0469c
--- /dev/null
+++ b/server/middlewares/validators/videos/video-ownership-changes.ts
@@ -0,0 +1,119 @@
1import * as express from 'express'
2import { param } from 'express-validator'
3import { isIdOrUUIDValid } from '@server/helpers/custom-validators/misc'
4import { checkUserCanTerminateOwnershipChange } from '@server/helpers/custom-validators/video-ownership'
5import { logger } from '@server/helpers/logger'
6import { isAbleToUploadVideo } from '@server/lib/user'
7import { AccountModel } from '@server/models/account/account'
8import { MVideoWithAllFiles } from '@server/types/models'
9import { HttpStatusCode } from '@shared/core-utils'
10import { ServerErrorCode, UserRight, VideoChangeOwnershipAccept, VideoChangeOwnershipStatus, VideoState } from '@shared/models'
11import {
12 areValidationErrors,
13 checkUserCanManageVideo,
14 doesChangeVideoOwnershipExist,
15 doesVideoChannelOfAccountExist,
16 doesVideoExist
17} from '../shared'
18
19const videosChangeOwnershipValidator = [
20 param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
21
22 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
23 logger.debug('Checking changeOwnership parameters', { parameters: req.params })
24
25 if (areValidationErrors(req, res)) return
26 if (!await doesVideoExist(req.params.videoId, res)) return
27
28 // Check if the user who did the request is able to change the ownership of the video
29 if (!checkUserCanManageVideo(res.locals.oauth.token.User, res.locals.videoAll, UserRight.CHANGE_VIDEO_OWNERSHIP, res)) return
30
31 const nextOwner = await AccountModel.loadLocalByName(req.body.username)
32 if (!nextOwner) {
33 res.fail({ message: 'Changing video ownership to a remote account is not supported yet' })
34 return
35 }
36
37 res.locals.nextOwner = nextOwner
38 return next()
39 }
40]
41
42const videosTerminateChangeOwnershipValidator = [
43 param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
44
45 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
46 logger.debug('Checking changeOwnership parameters', { parameters: req.params })
47
48 if (areValidationErrors(req, res)) return
49 if (!await doesChangeVideoOwnershipExist(req.params.id, res)) return
50
51 // Check if the user who did the request is able to change the ownership of the video
52 if (!checkUserCanTerminateOwnershipChange(res.locals.oauth.token.User, res.locals.videoChangeOwnership, res)) return
53
54 const videoChangeOwnership = res.locals.videoChangeOwnership
55
56 if (videoChangeOwnership.status !== VideoChangeOwnershipStatus.WAITING) {
57 res.fail({
58 status: HttpStatusCode.FORBIDDEN_403,
59 message: 'Ownership already accepted or refused'
60 })
61 return
62 }
63
64 return next()
65 }
66]
67
68const videosAcceptChangeOwnershipValidator = [
69 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
70 const body = req.body as VideoChangeOwnershipAccept
71 if (!await doesVideoChannelOfAccountExist(body.channelId, res.locals.oauth.token.User, res)) return
72
73 const videoChangeOwnership = res.locals.videoChangeOwnership
74
75 const video = videoChangeOwnership.Video
76
77 if (!await checkCanAccept(video, res)) return
78
79 return next()
80 }
81]
82
83export {
84 videosChangeOwnershipValidator,
85 videosTerminateChangeOwnershipValidator,
86 videosAcceptChangeOwnershipValidator
87}
88
89// ---------------------------------------------------------------------------
90
91async function checkCanAccept (video: MVideoWithAllFiles, res: express.Response): Promise<boolean> {
92 if (video.isLive) {
93
94 if (video.state !== VideoState.WAITING_FOR_LIVE) {
95 res.fail({
96 status: HttpStatusCode.BAD_REQUEST_400,
97 message: 'You can accept an ownership change of a published live.'
98 })
99
100 return false
101 }
102
103 return true
104 }
105
106 const user = res.locals.oauth.token.User
107
108 if (!await isAbleToUploadVideo(user.id, video.getMaxQualityFile().size)) {
109 res.fail({
110 status: HttpStatusCode.PAYLOAD_TOO_LARGE_413,
111 message: 'The user video quota is exceeded with this video.',
112 type: ServerErrorCode.QUOTA_REACHED
113 })
114
115 return false
116 }
117
118 return true
119}
diff --git a/server/middlewares/validators/videos/videos.ts b/server/middlewares/validators/videos/videos.ts
index 2bed5f181..8201e80c3 100644
--- a/server/middlewares/validators/videos/videos.ts
+++ b/server/middlewares/validators/videos/videos.ts
@@ -5,9 +5,8 @@ import { isAbleToUploadVideo } from '@server/lib/user'
5import { getServerActor } from '@server/models/application/application' 5import { getServerActor } from '@server/models/application/application'
6import { ExpressPromiseHandler } from '@server/types/express' 6import { ExpressPromiseHandler } from '@server/types/express'
7import { MUserAccountId, MVideoFullLight } from '@server/types/models' 7import { MUserAccountId, MVideoFullLight } from '@server/types/models'
8import { ServerErrorCode, UserRight, VideoChangeOwnershipStatus, VideoPrivacy } from '../../../../shared' 8import { ServerErrorCode, UserRight, VideoPrivacy } from '../../../../shared'
9import { HttpStatusCode } from '../../../../shared/core-utils/miscs/http-error-codes' 9import { HttpStatusCode } from '../../../../shared/core-utils/miscs/http-error-codes'
10import { VideoChangeOwnershipAccept } from '../../../../shared/models/videos/change-ownership/video-change-ownership-accept.model'
11import { 10import {
12 exists, 11 exists,
13 isBooleanValid, 12 isBooleanValid,
@@ -22,7 +21,6 @@ import {
22 toValueOrNull 21 toValueOrNull
23} from '../../../helpers/custom-validators/misc' 22} from '../../../helpers/custom-validators/misc'
24import { isBooleanBothQueryValid, isNumberArray, isStringArray } from '../../../helpers/custom-validators/search' 23import { isBooleanBothQueryValid, isNumberArray, isStringArray } from '../../../helpers/custom-validators/search'
25import { checkUserCanTerminateOwnershipChange } from '../../../helpers/custom-validators/video-ownership'
26import { 24import {
27 isScheduleVideoUpdatePrivacyValid, 25 isScheduleVideoUpdatePrivacyValid,
28 isVideoCategoryValid, 26 isVideoCategoryValid,
@@ -48,13 +46,11 @@ import { CONFIG } from '../../../initializers/config'
48import { CONSTRAINTS_FIELDS, OVERVIEWS } from '../../../initializers/constants' 46import { CONSTRAINTS_FIELDS, OVERVIEWS } from '../../../initializers/constants'
49import { isLocalVideoAccepted } from '../../../lib/moderation' 47import { isLocalVideoAccepted } from '../../../lib/moderation'
50import { Hooks } from '../../../lib/plugins/hooks' 48import { Hooks } from '../../../lib/plugins/hooks'
51import { AccountModel } from '../../../models/account/account'
52import { VideoModel } from '../../../models/video/video' 49import { VideoModel } from '../../../models/video/video'
53import { authenticatePromiseIfNeeded } from '../../auth' 50import { authenticatePromiseIfNeeded } from '../../auth'
54import { 51import {
55 areValidationErrors, 52 areValidationErrors,
56 checkUserCanManageVideo, 53 checkUserCanManageVideo,
57 doesChangeVideoOwnershipExist,
58 doesVideoChannelOfAccountExist, 54 doesVideoChannelOfAccountExist,
59 doesVideoExist, 55 doesVideoExist,
60 doesVideoFileOfVideoExist 56 doesVideoFileOfVideoExist
@@ -342,76 +338,6 @@ const videosRemoveValidator = [
342 } 338 }
343] 339]
344 340
345const videosChangeOwnershipValidator = [
346 param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
347
348 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
349 logger.debug('Checking changeOwnership parameters', { parameters: req.params })
350
351 if (areValidationErrors(req, res)) return
352 if (!await doesVideoExist(req.params.videoId, res)) return
353
354 // Check if the user who did the request is able to change the ownership of the video
355 if (!checkUserCanManageVideo(res.locals.oauth.token.User, res.locals.videoAll, UserRight.CHANGE_VIDEO_OWNERSHIP, res)) return
356
357 const nextOwner = await AccountModel.loadLocalByName(req.body.username)
358 if (!nextOwner) {
359 res.fail({ message: 'Changing video ownership to a remote account is not supported yet' })
360 return
361 }
362
363 res.locals.nextOwner = nextOwner
364 return next()
365 }
366]
367
368const videosTerminateChangeOwnershipValidator = [
369 param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
370
371 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
372 logger.debug('Checking changeOwnership parameters', { parameters: req.params })
373
374 if (areValidationErrors(req, res)) return
375 if (!await doesChangeVideoOwnershipExist(req.params.id, res)) return
376
377 // Check if the user who did the request is able to change the ownership of the video
378 if (!checkUserCanTerminateOwnershipChange(res.locals.oauth.token.User, res.locals.videoChangeOwnership, res)) return
379
380 const videoChangeOwnership = res.locals.videoChangeOwnership
381
382 if (videoChangeOwnership.status !== VideoChangeOwnershipStatus.WAITING) {
383 res.fail({
384 status: HttpStatusCode.FORBIDDEN_403,
385 message: 'Ownership already accepted or refused'
386 })
387 return
388 }
389
390 return next()
391 }
392]
393
394const videosAcceptChangeOwnershipValidator = [
395 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
396 const body = req.body as VideoChangeOwnershipAccept
397 if (!await doesVideoChannelOfAccountExist(body.channelId, res.locals.oauth.token.User, res)) return
398
399 const user = res.locals.oauth.token.User
400 const videoChangeOwnership = res.locals.videoChangeOwnership
401 const isAble = await isAbleToUploadVideo(user.id, videoChangeOwnership.Video.getMaxQualityFile().size)
402 if (isAble === false) {
403 res.fail({
404 status: HttpStatusCode.PAYLOAD_TOO_LARGE_413,
405 message: 'The user video quota is exceeded with this video.',
406 type: ServerErrorCode.QUOTA_REACHED
407 })
408 return
409 }
410
411 return next()
412 }
413]
414
415const videosOverviewValidator = [ 341const videosOverviewValidator = [
416 query('page') 342 query('page')
417 .optional() 343 .optional()
@@ -578,10 +504,6 @@ export {
578 videosCustomGetValidator, 504 videosCustomGetValidator,
579 videosRemoveValidator, 505 videosRemoveValidator,
580 506
581 videosChangeOwnershipValidator,
582 videosTerminateChangeOwnershipValidator,
583 videosAcceptChangeOwnershipValidator,
584
585 getCommonVideoEditAttributes, 507 getCommonVideoEditAttributes,
586 508
587 commonVideosFiltersValidator, 509 commonVideosFiltersValidator,