aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/middlewares/validators
diff options
context:
space:
mode:
Diffstat (limited to 'server/middlewares/validators')
-rw-r--r--server/middlewares/validators/videos/videos.ts19
1 files changed, 18 insertions, 1 deletions
diff --git a/server/middlewares/validators/videos/videos.ts b/server/middlewares/validators/videos/videos.ts
index 5f1234379..53643635c 100644
--- a/server/middlewares/validators/videos/videos.ts
+++ b/server/middlewares/validators/videos/videos.ts
@@ -103,6 +103,22 @@ const videosAddLegacyValidator = getCommonVideoEditAttributes().concat([
103 } 103 }
104]) 104])
105 105
106const videosResumableUploadIdValidator = [
107 (req: express.Request, res: express.Response, next: express.NextFunction) => {
108 const user = res.locals.oauth.token.User
109 const uploadId = req.query.upload_id
110
111 if (uploadId.startsWith(user.id + '-') !== true) {
112 return res.fail({
113 status: HttpStatusCode.FORBIDDEN_403,
114 message: 'You cannot send chunks in another user upload'
115 })
116 }
117
118 return next()
119 }
120]
121
106/** 122/**
107 * Gets called after the last PUT request 123 * Gets called after the last PUT request
108 */ 124 */
@@ -110,7 +126,7 @@ const videosAddResumableValidator = [
110 async (req: express.Request, res: express.Response, next: express.NextFunction) => { 126 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
111 const user = res.locals.oauth.token.User 127 const user = res.locals.oauth.token.User
112 const body: express.CustomUploadXFile<express.UploadXFileMetadata> = req.body 128 const body: express.CustomUploadXFile<express.UploadXFileMetadata> = req.body
113 const file = { ...body, duration: undefined, path: getResumableUploadPath(body.id), filename: body.metadata.filename } 129 const file = { ...body, duration: undefined, path: getResumableUploadPath(body.name), filename: body.metadata.filename }
114 const cleanup = () => deleteFileAndCatch(file.path) 130 const cleanup = () => deleteFileAndCatch(file.path)
115 131
116 const uploadId = req.query.upload_id 132 const uploadId = req.query.upload_id
@@ -552,6 +568,7 @@ export {
552 videosAddLegacyValidator, 568 videosAddLegacyValidator,
553 videosAddResumableValidator, 569 videosAddResumableValidator,
554 videosAddResumableInitValidator, 570 videosAddResumableInitValidator,
571 videosResumableUploadIdValidator,
555 572
556 videosUpdateValidator, 573 videosUpdateValidator,
557 videosGetValidator, 574 videosGetValidator,