aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/middlewares/validators
diff options
context:
space:
mode:
Diffstat (limited to 'server/middlewares/validators')
-rw-r--r--server/middlewares/validators/users.ts7
-rw-r--r--server/middlewares/validators/videos.ts82
2 files changed, 87 insertions, 2 deletions
diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts
index a595c39ec..d13c50c84 100644
--- a/server/middlewares/validators/users.ts
+++ b/server/middlewares/validators/users.ts
@@ -290,6 +290,10 @@ const usersVerifyEmailValidator = [
290 } 290 }
291] 291]
292 292
293const userAutocompleteValidator = [
294 param('search').isString().not().isEmpty().withMessage('Should have a search parameter')
295]
296
293// --------------------------------------------------------------------------- 297// ---------------------------------------------------------------------------
294 298
295export { 299export {
@@ -307,7 +311,8 @@ export {
307 usersAskResetPasswordValidator, 311 usersAskResetPasswordValidator,
308 usersResetPasswordValidator, 312 usersResetPasswordValidator,
309 usersAskSendVerifyEmailValidator, 313 usersAskSendVerifyEmailValidator,
310 usersVerifyEmailValidator 314 usersVerifyEmailValidator,
315 userAutocompleteValidator
311} 316}
312 317
313// --------------------------------------------------------------------------- 318// ---------------------------------------------------------------------------
diff --git a/server/middlewares/validators/videos.ts b/server/middlewares/validators/videos.ts
index a2c866152..9befbc9ee 100644
--- a/server/middlewares/validators/videos.ts
+++ b/server/middlewares/validators/videos.ts
@@ -1,7 +1,7 @@
1import * as express from 'express' 1import * as express from 'express'
2import 'express-validator' 2import 'express-validator'
3import { body, param, ValidationChain } from 'express-validator/check' 3import { body, param, ValidationChain } from 'express-validator/check'
4import { UserRight, VideoPrivacy } from '../../../shared' 4import { UserRight, VideoChangeOwnershipStatus, VideoPrivacy } from '../../../shared'
5import { 5import {
6 isBooleanValid, 6 isBooleanValid,
7 isDateValid, 7 isDateValid,
@@ -37,6 +37,10 @@ import { areValidationErrors } from './utils'
37import { cleanUpReqFiles } from '../../helpers/express-utils' 37import { cleanUpReqFiles } from '../../helpers/express-utils'
38import { VideoModel } from '../../models/video/video' 38import { VideoModel } from '../../models/video/video'
39import { UserModel } from '../../models/account/user' 39import { UserModel } from '../../models/account/user'
40import { checkUserCanTerminateOwnershipChange, doesChangeVideoOwnershipExist } from '../../helpers/custom-validators/video-ownership'
41import { VideoChangeOwnershipAccept } from '../../../shared/models/videos/video-change-ownership-accept.model'
42import { VideoChangeOwnershipModel } from '../../models/video/video-change-ownership'
43import { AccountModel } from '../../models/account/account'
40 44
41const videosAddValidator = getCommonVideoAttributes().concat([ 45const videosAddValidator = getCommonVideoAttributes().concat([
42 body('videofile') 46 body('videofile')
@@ -217,6 +221,78 @@ const videosShareValidator = [
217 } 221 }
218] 222]
219 223
224const videosChangeOwnershipValidator = [
225 param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
226
227 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
228 logger.debug('Checking changeOwnership parameters', { parameters: req.params })
229
230 if (areValidationErrors(req, res)) return
231 if (!await isVideoExist(req.params.videoId, res)) return
232
233 // Check if the user who did the request is able to change the ownership of the video
234 if (!checkUserCanManageVideo(res.locals.oauth.token.User, res.locals.video, UserRight.CHANGE_VIDEO_OWNERSHIP, res)) return
235
236 const nextOwner = await AccountModel.loadLocalByName(req.body.username)
237 if (!nextOwner) {
238 res.status(400)
239 .type('json')
240 .end()
241 return
242 }
243 res.locals.nextOwner = nextOwner
244
245 return next()
246 }
247]
248
249const videosTerminateChangeOwnershipValidator = [
250 param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
251
252 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
253 logger.debug('Checking changeOwnership parameters', { parameters: req.params })
254
255 if (areValidationErrors(req, res)) return
256 if (!await doesChangeVideoOwnershipExist(req.params.id, res)) return
257
258 // Check if the user who did the request is able to change the ownership of the video
259 if (!checkUserCanTerminateOwnershipChange(res.locals.oauth.token.User, res.locals.videoChangeOwnership, res)) return
260
261 return next()
262 },
263 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
264 const videoChangeOwnership = res.locals.videoChangeOwnership as VideoChangeOwnershipModel
265
266 if (videoChangeOwnership.status === VideoChangeOwnershipStatus.WAITING) {
267 return next()
268 } else {
269 res.status(403)
270 .json({ error: 'Ownership already accepted or refused' })
271 .end()
272 return
273 }
274 }
275]
276
277const videosAcceptChangeOwnershipValidator = [
278 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
279 const body = req.body as VideoChangeOwnershipAccept
280 if (!await isVideoChannelOfAccountExist(body.channelId, res.locals.oauth.token.User, res)) return
281
282 const user = res.locals.oauth.token.User
283 const videoChangeOwnership = res.locals.videoChangeOwnership as VideoChangeOwnershipModel
284 const isAble = await user.isAbleToUploadVideo(videoChangeOwnership.Video.getOriginalFile())
285 if (isAble === false) {
286 res.status(403)
287 .json({ error: 'The user video quota is exceeded with this video.' })
288 .end()
289 return
290 }
291
292 return next()
293 }
294]
295
220function getCommonVideoAttributes () { 296function getCommonVideoAttributes () {
221 return [ 297 return [
222 body('thumbnailfile') 298 body('thumbnailfile')
@@ -295,6 +371,10 @@ export {
295 371
296 videoRateValidator, 372 videoRateValidator,
297 373
374 videosChangeOwnershipValidator,
375 videosTerminateChangeOwnershipValidator,
376 videosAcceptChangeOwnershipValidator,
377
298 getCommonVideoAttributes 378 getCommonVideoAttributes
299} 379}
300 380