diff options
Diffstat (limited to 'server/middlewares')
-rw-r--r-- | server/middlewares/validators/videos/video-comments.ts | 38 | ||||
-rw-r--r-- | server/middlewares/validators/videos/videos.ts | 37 |
2 files changed, 69 insertions, 6 deletions
diff --git a/server/middlewares/validators/videos/video-comments.ts b/server/middlewares/validators/videos/video-comments.ts index ffde208b7..9c1bfaeaa 100644 --- a/server/middlewares/validators/videos/video-comments.ts +++ b/server/middlewares/validators/videos/video-comments.ts | |||
@@ -9,6 +9,8 @@ import { UserModel } from '../../../models/account/user' | |||
9 | import { VideoModel } from '../../../models/video/video' | 9 | import { VideoModel } from '../../../models/video/video' |
10 | import { VideoCommentModel } from '../../../models/video/video-comment' | 10 | import { VideoCommentModel } from '../../../models/video/video-comment' |
11 | import { areValidationErrors } from '../utils' | 11 | import { areValidationErrors } from '../utils' |
12 | import { Hooks } from '../../../lib/plugins/hooks' | ||
13 | import { isLocalVideoThreadAccepted, isLocalVideoCommentReplyAccepted, AcceptResult } from '../../../lib/moderation' | ||
12 | 14 | ||
13 | const listVideoCommentThreadsValidator = [ | 15 | const listVideoCommentThreadsValidator = [ |
14 | param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'), | 16 | param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'), |
@@ -48,6 +50,7 @@ const addVideoCommentThreadValidator = [ | |||
48 | if (areValidationErrors(req, res)) return | 50 | if (areValidationErrors(req, res)) return |
49 | if (!await doesVideoExist(req.params.videoId, res)) return | 51 | if (!await doesVideoExist(req.params.videoId, res)) return |
50 | if (!isVideoCommentsEnabled(res.locals.video, res)) return | 52 | if (!isVideoCommentsEnabled(res.locals.video, res)) return |
53 | if (!await isVideoCommentAccepted(req, res, false)) return | ||
51 | 54 | ||
52 | return next() | 55 | return next() |
53 | } | 56 | } |
@@ -65,6 +68,7 @@ const addVideoCommentReplyValidator = [ | |||
65 | if (!await doesVideoExist(req.params.videoId, res)) return | 68 | if (!await doesVideoExist(req.params.videoId, res)) return |
66 | if (!isVideoCommentsEnabled(res.locals.video, res)) return | 69 | if (!isVideoCommentsEnabled(res.locals.video, res)) return |
67 | if (!await doesVideoCommentExist(req.params.commentId, res.locals.video, res)) return | 70 | if (!await doesVideoCommentExist(req.params.commentId, res.locals.video, res)) return |
71 | if (!await isVideoCommentAccepted(req, res, true)) return | ||
68 | 72 | ||
69 | return next() | 73 | return next() |
70 | } | 74 | } |
@@ -193,3 +197,37 @@ function checkUserCanDeleteVideoComment (user: UserModel, videoComment: VideoCom | |||
193 | 197 | ||
194 | return true | 198 | return true |
195 | } | 199 | } |
200 | |||
201 | async function isVideoCommentAccepted (req: express.Request, res: express.Response, isReply: boolean) { | ||
202 | const acceptParameters = { | ||
203 | video: res.locals.video, | ||
204 | commentBody: req.body, | ||
205 | user: res.locals.oauth.token.User | ||
206 | } | ||
207 | |||
208 | let acceptedResult: AcceptResult | ||
209 | |||
210 | if (isReply) { | ||
211 | const acceptReplyParameters = Object.assign(acceptParameters, { parentComment: res.locals.videoComment }) | ||
212 | |||
213 | acceptedResult = await Hooks.wrapObject( | ||
214 | isLocalVideoCommentReplyAccepted(acceptReplyParameters), | ||
215 | 'filter:api.video-comment-reply.create.accept.result' | ||
216 | ) | ||
217 | } else { | ||
218 | acceptedResult = await Hooks.wrapObject( | ||
219 | isLocalVideoThreadAccepted(acceptParameters), | ||
220 | 'filter:api.video-thread.create.accept.result' | ||
221 | ) | ||
222 | } | ||
223 | |||
224 | if (!acceptedResult || acceptedResult.accepted !== true) { | ||
225 | logger.info('Refused local comment.', { acceptedResult, acceptParameters }) | ||
226 | res.status(403) | ||
227 | .json({ error: acceptedResult.errorMessage || 'Refused local comment' }) | ||
228 | |||
229 | return false | ||
230 | } | ||
231 | |||
232 | return true | ||
233 | } | ||
diff --git a/server/middlewares/validators/videos/videos.ts b/server/middlewares/validators/videos/videos.ts index b1c05ab2d..cb2c071ba 100644 --- a/server/middlewares/validators/videos/videos.ts +++ b/server/middlewares/validators/videos/videos.ts | |||
@@ -33,7 +33,7 @@ import { | |||
33 | import { getDurationFromVideoFile } from '../../../helpers/ffmpeg-utils' | 33 | import { getDurationFromVideoFile } from '../../../helpers/ffmpeg-utils' |
34 | import { logger } from '../../../helpers/logger' | 34 | import { logger } from '../../../helpers/logger' |
35 | import { CONSTRAINTS_FIELDS } from '../../../initializers/constants' | 35 | import { CONSTRAINTS_FIELDS } from '../../../initializers/constants' |
36 | import { authenticatePromiseIfNeeded } from '../../oauth' | 36 | import { authenticate, authenticatePromiseIfNeeded } from '../../oauth' |
37 | import { areValidationErrors } from '../utils' | 37 | import { areValidationErrors } from '../utils' |
38 | import { cleanUpReqFiles } from '../../../helpers/express-utils' | 38 | import { cleanUpReqFiles } from '../../../helpers/express-utils' |
39 | import { VideoModel } from '../../../models/video/video' | 39 | import { VideoModel } from '../../../models/video/video' |
@@ -44,6 +44,8 @@ import { VideoFetchType } from '../../../helpers/video' | |||
44 | import { isNSFWQueryValid, isNumberArray, isStringArray } from '../../../helpers/custom-validators/search' | 44 | import { isNSFWQueryValid, isNumberArray, isStringArray } from '../../../helpers/custom-validators/search' |
45 | import { getServerActor } from '../../../helpers/utils' | 45 | import { getServerActor } from '../../../helpers/utils' |
46 | import { CONFIG } from '../../../initializers/config' | 46 | import { CONFIG } from '../../../initializers/config' |
47 | import { isLocalVideoAccepted } from '../../../lib/moderation' | ||
48 | import { Hooks } from '../../../lib/plugins/hooks' | ||
47 | 49 | ||
48 | const videosAddValidator = getCommonVideoEditAttributes().concat([ | 50 | const videosAddValidator = getCommonVideoEditAttributes().concat([ |
49 | body('videofile') | 51 | body('videofile') |
@@ -62,14 +64,12 @@ const videosAddValidator = getCommonVideoEditAttributes().concat([ | |||
62 | if (areValidationErrors(req, res)) return cleanUpReqFiles(req) | 64 | if (areValidationErrors(req, res)) return cleanUpReqFiles(req) |
63 | if (areErrorsInScheduleUpdate(req, res)) return cleanUpReqFiles(req) | 65 | if (areErrorsInScheduleUpdate(req, res)) return cleanUpReqFiles(req) |
64 | 66 | ||
65 | const videoFile: Express.Multer.File = req.files['videofile'][0] | 67 | const videoFile: Express.Multer.File & { duration?: number } = req.files['videofile'][0] |
66 | const user = res.locals.oauth.token.User | 68 | const user = res.locals.oauth.token.User |
67 | 69 | ||
68 | if (!await doesVideoChannelOfAccountExist(req.body.channelId, user, res)) return cleanUpReqFiles(req) | 70 | if (!await doesVideoChannelOfAccountExist(req.body.channelId, user, res)) return cleanUpReqFiles(req) |
69 | 71 | ||
70 | const isAble = await user.isAbleToUploadVideo(videoFile) | 72 | if (await user.isAbleToUploadVideo(videoFile) === false) { |
71 | |||
72 | if (isAble === false) { | ||
73 | res.status(403) | 73 | res.status(403) |
74 | .json({ error: 'The user video quota is exceeded with this video.' }) | 74 | .json({ error: 'The user video quota is exceeded with this video.' }) |
75 | 75 | ||
@@ -88,7 +88,9 @@ const videosAddValidator = getCommonVideoEditAttributes().concat([ | |||
88 | return cleanUpReqFiles(req) | 88 | return cleanUpReqFiles(req) |
89 | } | 89 | } |
90 | 90 | ||
91 | videoFile['duration'] = duration | 91 | videoFile.duration = duration |
92 | |||
93 | if (!await isVideoAccepted(req, res, videoFile)) return cleanUpReqFiles(req) | ||
92 | 94 | ||
93 | return next() | 95 | return next() |
94 | } | 96 | } |
@@ -434,3 +436,26 @@ function areErrorsInScheduleUpdate (req: express.Request, res: express.Response) | |||
434 | 436 | ||
435 | return false | 437 | return false |
436 | } | 438 | } |
439 | |||
440 | async function isVideoAccepted (req: express.Request, res: express.Response, videoFile: Express.Multer.File & { duration?: number }) { | ||
441 | // Check we accept this video | ||
442 | const acceptParameters = { | ||
443 | videoBody: req.body, | ||
444 | videoFile, | ||
445 | user: res.locals.oauth.token.User | ||
446 | } | ||
447 | const acceptedResult = await Hooks.wrapObject( | ||
448 | isLocalVideoAccepted(acceptParameters), | ||
449 | 'filter:api.video.upload.accept.result' | ||
450 | ) | ||
451 | |||
452 | if (!acceptedResult || acceptedResult.accepted !== true) { | ||
453 | logger.info('Refused local video.', { acceptedResult, acceptParameters }) | ||
454 | res.status(403) | ||
455 | .json({ error: acceptedResult.errorMessage || 'Refused local video' }) | ||
456 | |||
457 | return false | ||
458 | } | ||
459 | |||
460 | return true | ||
461 | } | ||