diff options
Diffstat (limited to 'server/middlewares/validators')
-rw-r--r-- | server/middlewares/validators/users.ts | 7 | ||||
-rw-r--r-- | server/middlewares/validators/videos.ts | 82 |
2 files changed, 87 insertions, 2 deletions
diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts index a595c39ec..d13c50c84 100644 --- a/server/middlewares/validators/users.ts +++ b/server/middlewares/validators/users.ts | |||
@@ -290,6 +290,10 @@ const usersVerifyEmailValidator = [ | |||
290 | } | 290 | } |
291 | ] | 291 | ] |
292 | 292 | ||
293 | const userAutocompleteValidator = [ | ||
294 | param('search').isString().not().isEmpty().withMessage('Should have a search parameter') | ||
295 | ] | ||
296 | |||
293 | // --------------------------------------------------------------------------- | 297 | // --------------------------------------------------------------------------- |
294 | 298 | ||
295 | export { | 299 | export { |
@@ -307,7 +311,8 @@ export { | |||
307 | usersAskResetPasswordValidator, | 311 | usersAskResetPasswordValidator, |
308 | usersResetPasswordValidator, | 312 | usersResetPasswordValidator, |
309 | usersAskSendVerifyEmailValidator, | 313 | usersAskSendVerifyEmailValidator, |
310 | usersVerifyEmailValidator | 314 | usersVerifyEmailValidator, |
315 | userAutocompleteValidator | ||
311 | } | 316 | } |
312 | 317 | ||
313 | // --------------------------------------------------------------------------- | 318 | // --------------------------------------------------------------------------- |
diff --git a/server/middlewares/validators/videos.ts b/server/middlewares/validators/videos.ts index a2c866152..9befbc9ee 100644 --- a/server/middlewares/validators/videos.ts +++ b/server/middlewares/validators/videos.ts | |||
@@ -1,7 +1,7 @@ | |||
1 | import * as express from 'express' | 1 | import * as express from 'express' |
2 | import 'express-validator' | 2 | import 'express-validator' |
3 | import { body, param, ValidationChain } from 'express-validator/check' | 3 | import { body, param, ValidationChain } from 'express-validator/check' |
4 | import { UserRight, VideoPrivacy } from '../../../shared' | 4 | import { UserRight, VideoChangeOwnershipStatus, VideoPrivacy } from '../../../shared' |
5 | import { | 5 | import { |
6 | isBooleanValid, | 6 | isBooleanValid, |
7 | isDateValid, | 7 | isDateValid, |
@@ -37,6 +37,10 @@ import { areValidationErrors } from './utils' | |||
37 | import { cleanUpReqFiles } from '../../helpers/express-utils' | 37 | import { cleanUpReqFiles } from '../../helpers/express-utils' |
38 | import { VideoModel } from '../../models/video/video' | 38 | import { VideoModel } from '../../models/video/video' |
39 | import { UserModel } from '../../models/account/user' | 39 | import { UserModel } from '../../models/account/user' |
40 | import { checkUserCanTerminateOwnershipChange, doesChangeVideoOwnershipExist } from '../../helpers/custom-validators/video-ownership' | ||
41 | import { VideoChangeOwnershipAccept } from '../../../shared/models/videos/video-change-ownership-accept.model' | ||
42 | import { VideoChangeOwnershipModel } from '../../models/video/video-change-ownership' | ||
43 | import { AccountModel } from '../../models/account/account' | ||
40 | 44 | ||
41 | const videosAddValidator = getCommonVideoAttributes().concat([ | 45 | const videosAddValidator = getCommonVideoAttributes().concat([ |
42 | body('videofile') | 46 | body('videofile') |
@@ -217,6 +221,78 @@ const videosShareValidator = [ | |||
217 | } | 221 | } |
218 | ] | 222 | ] |
219 | 223 | ||
224 | const videosChangeOwnershipValidator = [ | ||
225 | param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), | ||
226 | |||
227 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | ||
228 | logger.debug('Checking changeOwnership parameters', { parameters: req.params }) | ||
229 | |||
230 | if (areValidationErrors(req, res)) return | ||
231 | if (!await isVideoExist(req.params.videoId, res)) return | ||
232 | |||
233 | // Check if the user who did the request is able to change the ownership of the video | ||
234 | if (!checkUserCanManageVideo(res.locals.oauth.token.User, res.locals.video, UserRight.CHANGE_VIDEO_OWNERSHIP, res)) return | ||
235 | |||
236 | const nextOwner = await AccountModel.loadLocalByName(req.body.username) | ||
237 | if (!nextOwner) { | ||
238 | res.status(400) | ||
239 | .type('json') | ||
240 | .end() | ||
241 | return | ||
242 | } | ||
243 | res.locals.nextOwner = nextOwner | ||
244 | |||
245 | return next() | ||
246 | } | ||
247 | ] | ||
248 | |||
249 | const videosTerminateChangeOwnershipValidator = [ | ||
250 | param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), | ||
251 | |||
252 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | ||
253 | logger.debug('Checking changeOwnership parameters', { parameters: req.params }) | ||
254 | |||
255 | if (areValidationErrors(req, res)) return | ||
256 | if (!await doesChangeVideoOwnershipExist(req.params.id, res)) return | ||
257 | |||
258 | // Check if the user who did the request is able to change the ownership of the video | ||
259 | if (!checkUserCanTerminateOwnershipChange(res.locals.oauth.token.User, res.locals.videoChangeOwnership, res)) return | ||
260 | |||
261 | return next() | ||
262 | }, | ||
263 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | ||
264 | const videoChangeOwnership = res.locals.videoChangeOwnership as VideoChangeOwnershipModel | ||
265 | |||
266 | if (videoChangeOwnership.status === VideoChangeOwnershipStatus.WAITING) { | ||
267 | return next() | ||
268 | } else { | ||
269 | res.status(403) | ||
270 | .json({ error: 'Ownership already accepted or refused' }) | ||
271 | .end() | ||
272 | return | ||
273 | } | ||
274 | } | ||
275 | ] | ||
276 | |||
277 | const videosAcceptChangeOwnershipValidator = [ | ||
278 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | ||
279 | const body = req.body as VideoChangeOwnershipAccept | ||
280 | if (!await isVideoChannelOfAccountExist(body.channelId, res.locals.oauth.token.User, res)) return | ||
281 | |||
282 | const user = res.locals.oauth.token.User | ||
283 | const videoChangeOwnership = res.locals.videoChangeOwnership as VideoChangeOwnershipModel | ||
284 | const isAble = await user.isAbleToUploadVideo(videoChangeOwnership.Video.getOriginalFile()) | ||
285 | if (isAble === false) { | ||
286 | res.status(403) | ||
287 | .json({ error: 'The user video quota is exceeded with this video.' }) | ||
288 | .end() | ||
289 | return | ||
290 | } | ||
291 | |||
292 | return next() | ||
293 | } | ||
294 | ] | ||
295 | |||
220 | function getCommonVideoAttributes () { | 296 | function getCommonVideoAttributes () { |
221 | return [ | 297 | return [ |
222 | body('thumbnailfile') | 298 | body('thumbnailfile') |
@@ -295,6 +371,10 @@ export { | |||
295 | 371 | ||
296 | videoRateValidator, | 372 | videoRateValidator, |
297 | 373 | ||
374 | videosChangeOwnershipValidator, | ||
375 | videosTerminateChangeOwnershipValidator, | ||
376 | videosAcceptChangeOwnershipValidator, | ||
377 | |||
298 | getCommonVideoAttributes | 378 | getCommonVideoAttributes |
299 | } | 379 | } |
300 | 380 | ||