aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/middlewares/validators
diff options
context:
space:
mode:
Diffstat (limited to 'server/middlewares/validators')
-rw-r--r--server/middlewares/validators/pods.ts44
-rw-r--r--server/middlewares/validators/users.ts52
-rw-r--r--server/middlewares/validators/videos.ts75
3 files changed, 85 insertions, 86 deletions
diff --git a/server/middlewares/validators/pods.ts b/server/middlewares/validators/pods.ts
index d8eb90168..da7fc2bd6 100644
--- a/server/middlewares/validators/pods.ts
+++ b/server/middlewares/validators/pods.ts
@@ -19,19 +19,19 @@ function makeFriendsValidator (req: express.Request, res: express.Response, next
19 logger.debug('Checking makeFriends parameters', { parameters: req.body }) 19 logger.debug('Checking makeFriends parameters', { parameters: req.body })
20 20
21 checkErrors(req, res, function () { 21 checkErrors(req, res, function () {
22 hasFriends(function (err, heHasFriends) { 22 hasFriends()
23 if (err) { 23 .then(heHasFriends => {
24 if (heHasFriends === true) {
25 // We need to quit our friends before make new ones
26 return res.sendStatus(409)
27 }
28
29 return next()
30 })
31 .catch(err => {
24 logger.error('Cannot know if we have friends.', { error: err }) 32 logger.error('Cannot know if we have friends.', { error: err })
25 res.sendStatus(500) 33 res.sendStatus(500)
26 } 34 })
27
28 if (heHasFriends === true) {
29 // We need to quit our friends before make new ones
30 return res.sendStatus(409)
31 }
32
33 return next()
34 })
35 }) 35 })
36} 36}
37 37
@@ -42,19 +42,19 @@ function podsAddValidator (req: express.Request, res: express.Response, next: ex
42 logger.debug('Checking podsAdd parameters', { parameters: req.body }) 42 logger.debug('Checking podsAdd parameters', { parameters: req.body })
43 43
44 checkErrors(req, res, function () { 44 checkErrors(req, res, function () {
45 db.Pod.loadByHost(req.body.host, function (err, pod) { 45 db.Pod.loadByHost(req.body.host)
46 if (err) { 46 .then(pod => {
47 // Pod with this host already exists
48 if (pod) {
49 return res.sendStatus(409)
50 }
51
52 return next()
53 })
54 .catch(err => {
47 logger.error('Cannot load pod by host.', { error: err }) 55 logger.error('Cannot load pod by host.', { error: err })
48 res.sendStatus(500) 56 res.sendStatus(500)
49 } 57 })
50
51 // Pod with this host already exists
52 if (pod) {
53 return res.sendStatus(409)
54 }
55
56 return next()
57 })
58 }) 58 })
59} 59}
60 60
diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts
index b7b9ef370..c06735047 100644
--- a/server/middlewares/validators/users.ts
+++ b/server/middlewares/validators/users.ts
@@ -13,16 +13,16 @@ function usersAddValidator (req: express.Request, res: express.Response, next: e
13 logger.debug('Checking usersAdd parameters', { parameters: req.body }) 13 logger.debug('Checking usersAdd parameters', { parameters: req.body })
14 14
15 checkErrors(req, res, function () { 15 checkErrors(req, res, function () {
16 db.User.loadByUsernameOrEmail(req.body.username, req.body.email, function (err, user) { 16 db.User.loadByUsernameOrEmail(req.body.username, req.body.email)
17 if (err) { 17 .then(user => {
18 if (user) return res.status(409).send('User already exists.')
19
20 next()
21 })
22 .catch(err => {
18 logger.error('Error in usersAdd request validator.', { error: err }) 23 logger.error('Error in usersAdd request validator.', { error: err })
19 return res.sendStatus(500) 24 return res.sendStatus(500)
20 } 25 })
21
22 if (user) return res.status(409).send('User already exists.')
23
24 next()
25 })
26 }) 26 })
27} 27}
28 28
@@ -32,18 +32,18 @@ function usersRemoveValidator (req: express.Request, res: express.Response, next
32 logger.debug('Checking usersRemove parameters', { parameters: req.params }) 32 logger.debug('Checking usersRemove parameters', { parameters: req.params })
33 33
34 checkErrors(req, res, function () { 34 checkErrors(req, res, function () {
35 db.User.loadById(req.params.id, function (err, user) { 35 db.User.loadById(req.params.id)
36 if (err) { 36 .then(user => {
37 logger.error('Error in usersRemove request validator.', { error: err }) 37 if (!user) return res.status(404).send('User not found')
38 return res.sendStatus(500)
39 }
40
41 if (!user) return res.status(404).send('User not found')
42 38
43 if (user.username === 'root') return res.status(400).send('Cannot remove the root user') 39 if (user.username === 'root') return res.status(400).send('Cannot remove the root user')
44 40
45 next() 41 next()
46 }) 42 })
43 .catch(err => {
44 logger.error('Error in usersRemove request validator.', { error: err })
45 return res.sendStatus(500)
46 })
47 }) 47 })
48} 48}
49 49
@@ -64,16 +64,16 @@ function usersVideoRatingValidator (req: express.Request, res: express.Response,
64 logger.debug('Checking usersVideoRating parameters', { parameters: req.params }) 64 logger.debug('Checking usersVideoRating parameters', { parameters: req.params })
65 65
66 checkErrors(req, res, function () { 66 checkErrors(req, res, function () {
67 db.Video.load(req.params.videoId, function (err, video) { 67 db.Video.load(req.params.videoId)
68 if (err) { 68 .then(video => {
69 if (!video) return res.status(404).send('Video not found')
70
71 next()
72 })
73 .catch(err => {
69 logger.error('Error in user request validator.', { error: err }) 74 logger.error('Error in user request validator.', { error: err })
70 return res.sendStatus(500) 75 return res.sendStatus(500)
71 } 76 })
72
73 if (!video) return res.status(404).send('Video not found')
74
75 next()
76 })
77 }) 77 })
78} 78}
79 79
diff --git a/server/middlewares/validators/videos.ts b/server/middlewares/validators/videos.ts
index 03742a522..ec452cade 100644
--- a/server/middlewares/validators/videos.ts
+++ b/server/middlewares/validators/videos.ts
@@ -1,5 +1,4 @@
1import 'express-validator' 1import 'express-validator'
2import * as multer from 'multer'
3import * as express from 'express' 2import * as express from 'express'
4 3
5import { database as db } from '../../initializers/database' 4import { database as db } from '../../initializers/database'
@@ -24,18 +23,19 @@ function videosAddValidator (req: express.Request, res: express.Response, next:
24 checkErrors(req, res, function () { 23 checkErrors(req, res, function () {
25 const videoFile = req.files.videofile[0] 24 const videoFile = req.files.videofile[0]
26 25
27 db.Video.getDurationFromFile(videoFile.path, function (err, duration) { 26 db.Video.getDurationFromFile(videoFile.path)
28 if (err) { 27 .then(duration => {
29 return res.status(400).send('Cannot retrieve metadata of the file.') 28 if (!isVideoDurationValid('' + duration)) {
30 } 29 return res.status(400).send('Duration of the video file is too big (max: ' + CONSTRAINTS_FIELDS.VIDEOS.DURATION.max + 's).')
31 30 }
32 if (!isVideoDurationValid(duration)) {
33 return res.status(400).send('Duration of the video file is too big (max: ' + CONSTRAINTS_FIELDS.VIDEOS.DURATION.max + 's).')
34 }
35 31
36 videoFile['duration'] = duration 32 videoFile['duration'] = duration
37 next() 33 next()
38 }) 34 })
35 .catch(err => {
36 logger.error('Error in getting duration from file.', { error: err })
37 res.status(400).send('Cannot retrieve metadata of the file.')
38 })
39 }) 39 })
40} 40}
41 41
@@ -157,43 +157,42 @@ export {
157// --------------------------------------------------------------------------- 157// ---------------------------------------------------------------------------
158 158
159function checkVideoExists (id: string, res: express.Response, callback: () => void) { 159function checkVideoExists (id: string, res: express.Response, callback: () => void) {
160 db.Video.loadAndPopulateAuthorAndPodAndTags(id, function (err, video) { 160 db.Video.loadAndPopulateAuthorAndPodAndTags(id).then(video => {
161 if (err) {
162 logger.error('Error in video request validator.', { error: err })
163 return res.sendStatus(500)
164 }
165
166 if (!video) return res.status(404).send('Video not found') 161 if (!video) return res.status(404).send('Video not found')
167 162
168 res.locals.video = video 163 res.locals.video = video
169 callback() 164 callback()
170 }) 165 })
166 .catch(err => {
167 logger.error('Error in video request validator.', { error: err })
168 return res.sendStatus(500)
169 })
171} 170}
172 171
173function checkUserCanDeleteVideo (userId: number, res: express.Response, callback: () => void) { 172function checkUserCanDeleteVideo (userId: number, res: express.Response, callback: () => void) {
174 // Retrieve the user who did the request 173 // Retrieve the user who did the request
175 db.User.loadById(userId, function (err, user) { 174 db.User.loadById(userId)
176 if (err) { 175 .then(user => {
177 logger.error('Error in video request validator.', { error: err }) 176 // Check if the user can delete the video
178 return res.sendStatus(500) 177 // The user can delete it if s/he is an admin
179 } 178 // Or if s/he is the video's author
180 179 if (user.isAdmin() === false) {
181 // Check if the user can delete the video 180 if (res.locals.video.isOwned() === false) {
182 // The user can delete it if s/he is an admin 181 return res.status(403).send('Cannot remove video of another pod')
183 // Or if s/he is the video's author 182 }
184 if (user.isAdmin() === false) { 183
185 if (res.locals.video.isOwned() === false) { 184 if (res.locals.video.Author.userId !== res.locals.oauth.token.User.id) {
186 return res.status(403).send('Cannot remove video of another pod') 185 return res.status(403).send('Cannot remove video of another user')
187 } 186 }
188
189 if (res.locals.video.Author.userId !== res.locals.oauth.token.User.id) {
190 return res.status(403).send('Cannot remove video of another user')
191 } 187 }
192 }
193 188
194 // If we reach this comment, we can delete the video 189 // If we reach this comment, we can delete the video
195 callback() 190 callback()
196 }) 191 })
192 .catch(err => {
193 logger.error('Error in video request validator.', { error: err })
194 return res.sendStatus(500)
195 })
197} 196}
198 197
199function checkVideoIsBlacklistable (req: express.Request, res: express.Response, callback: () => void) { 198function checkVideoIsBlacklistable (req: express.Request, res: express.Response, callback: () => void) {