aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/middlewares
diff options
context:
space:
mode:
Diffstat (limited to 'server/middlewares')
-rw-r--r--server/middlewares/validators/videos/video-comments.ts38
-rw-r--r--server/middlewares/validators/videos/videos.ts37
2 files changed, 69 insertions, 6 deletions
diff --git a/server/middlewares/validators/videos/video-comments.ts b/server/middlewares/validators/videos/video-comments.ts
index ffde208b7..9c1bfaeaa 100644
--- a/server/middlewares/validators/videos/video-comments.ts
+++ b/server/middlewares/validators/videos/video-comments.ts
@@ -9,6 +9,8 @@ import { UserModel } from '../../../models/account/user'
9import { VideoModel } from '../../../models/video/video' 9import { VideoModel } from '../../../models/video/video'
10import { VideoCommentModel } from '../../../models/video/video-comment' 10import { VideoCommentModel } from '../../../models/video/video-comment'
11import { areValidationErrors } from '../utils' 11import { areValidationErrors } from '../utils'
12import { Hooks } from '../../../lib/plugins/hooks'
13import { isLocalVideoThreadAccepted, isLocalVideoCommentReplyAccepted, AcceptResult } from '../../../lib/moderation'
12 14
13const listVideoCommentThreadsValidator = [ 15const listVideoCommentThreadsValidator = [
14 param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'), 16 param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'),
@@ -48,6 +50,7 @@ const addVideoCommentThreadValidator = [
48 if (areValidationErrors(req, res)) return 50 if (areValidationErrors(req, res)) return
49 if (!await doesVideoExist(req.params.videoId, res)) return 51 if (!await doesVideoExist(req.params.videoId, res)) return
50 if (!isVideoCommentsEnabled(res.locals.video, res)) return 52 if (!isVideoCommentsEnabled(res.locals.video, res)) return
53 if (!await isVideoCommentAccepted(req, res, false)) return
51 54
52 return next() 55 return next()
53 } 56 }
@@ -65,6 +68,7 @@ const addVideoCommentReplyValidator = [
65 if (!await doesVideoExist(req.params.videoId, res)) return 68 if (!await doesVideoExist(req.params.videoId, res)) return
66 if (!isVideoCommentsEnabled(res.locals.video, res)) return 69 if (!isVideoCommentsEnabled(res.locals.video, res)) return
67 if (!await doesVideoCommentExist(req.params.commentId, res.locals.video, res)) return 70 if (!await doesVideoCommentExist(req.params.commentId, res.locals.video, res)) return
71 if (!await isVideoCommentAccepted(req, res, true)) return
68 72
69 return next() 73 return next()
70 } 74 }
@@ -193,3 +197,37 @@ function checkUserCanDeleteVideoComment (user: UserModel, videoComment: VideoCom
193 197
194 return true 198 return true
195} 199}
200
201async function isVideoCommentAccepted (req: express.Request, res: express.Response, isReply: boolean) {
202 const acceptParameters = {
203 video: res.locals.video,
204 commentBody: req.body,
205 user: res.locals.oauth.token.User
206 }
207
208 let acceptedResult: AcceptResult
209
210 if (isReply) {
211 const acceptReplyParameters = Object.assign(acceptParameters, { parentComment: res.locals.videoComment })
212
213 acceptedResult = await Hooks.wrapObject(
214 isLocalVideoCommentReplyAccepted(acceptReplyParameters),
215 'filter:api.video-comment-reply.create.accept.result'
216 )
217 } else {
218 acceptedResult = await Hooks.wrapObject(
219 isLocalVideoThreadAccepted(acceptParameters),
220 'filter:api.video-thread.create.accept.result'
221 )
222 }
223
224 if (!acceptedResult || acceptedResult.accepted !== true) {
225 logger.info('Refused local comment.', { acceptedResult, acceptParameters })
226 res.status(403)
227 .json({ error: acceptedResult.errorMessage || 'Refused local comment' })
228
229 return false
230 }
231
232 return true
233}
diff --git a/server/middlewares/validators/videos/videos.ts b/server/middlewares/validators/videos/videos.ts
index b1c05ab2d..cb2c071ba 100644
--- a/server/middlewares/validators/videos/videos.ts
+++ b/server/middlewares/validators/videos/videos.ts
@@ -33,7 +33,7 @@ import {
33import { getDurationFromVideoFile } from '../../../helpers/ffmpeg-utils' 33import { getDurationFromVideoFile } from '../../../helpers/ffmpeg-utils'
34import { logger } from '../../../helpers/logger' 34import { logger } from '../../../helpers/logger'
35import { CONSTRAINTS_FIELDS } from '../../../initializers/constants' 35import { CONSTRAINTS_FIELDS } from '../../../initializers/constants'
36import { authenticatePromiseIfNeeded } from '../../oauth' 36import { authenticate, authenticatePromiseIfNeeded } from '../../oauth'
37import { areValidationErrors } from '../utils' 37import { areValidationErrors } from '../utils'
38import { cleanUpReqFiles } from '../../../helpers/express-utils' 38import { cleanUpReqFiles } from '../../../helpers/express-utils'
39import { VideoModel } from '../../../models/video/video' 39import { VideoModel } from '../../../models/video/video'
@@ -44,6 +44,8 @@ import { VideoFetchType } from '../../../helpers/video'
44import { isNSFWQueryValid, isNumberArray, isStringArray } from '../../../helpers/custom-validators/search' 44import { isNSFWQueryValid, isNumberArray, isStringArray } from '../../../helpers/custom-validators/search'
45import { getServerActor } from '../../../helpers/utils' 45import { getServerActor } from '../../../helpers/utils'
46import { CONFIG } from '../../../initializers/config' 46import { CONFIG } from '../../../initializers/config'
47import { isLocalVideoAccepted } from '../../../lib/moderation'
48import { Hooks } from '../../../lib/plugins/hooks'
47 49
48const videosAddValidator = getCommonVideoEditAttributes().concat([ 50const videosAddValidator = getCommonVideoEditAttributes().concat([
49 body('videofile') 51 body('videofile')
@@ -62,14 +64,12 @@ const videosAddValidator = getCommonVideoEditAttributes().concat([
62 if (areValidationErrors(req, res)) return cleanUpReqFiles(req) 64 if (areValidationErrors(req, res)) return cleanUpReqFiles(req)
63 if (areErrorsInScheduleUpdate(req, res)) return cleanUpReqFiles(req) 65 if (areErrorsInScheduleUpdate(req, res)) return cleanUpReqFiles(req)
64 66
65 const videoFile: Express.Multer.File = req.files['videofile'][0] 67 const videoFile: Express.Multer.File & { duration?: number } = req.files['videofile'][0]
66 const user = res.locals.oauth.token.User 68 const user = res.locals.oauth.token.User
67 69
68 if (!await doesVideoChannelOfAccountExist(req.body.channelId, user, res)) return cleanUpReqFiles(req) 70 if (!await doesVideoChannelOfAccountExist(req.body.channelId, user, res)) return cleanUpReqFiles(req)
69 71
70 const isAble = await user.isAbleToUploadVideo(videoFile) 72 if (await user.isAbleToUploadVideo(videoFile) === false) {
71
72 if (isAble === false) {
73 res.status(403) 73 res.status(403)
74 .json({ error: 'The user video quota is exceeded with this video.' }) 74 .json({ error: 'The user video quota is exceeded with this video.' })
75 75
@@ -88,7 +88,9 @@ const videosAddValidator = getCommonVideoEditAttributes().concat([
88 return cleanUpReqFiles(req) 88 return cleanUpReqFiles(req)
89 } 89 }
90 90
91 videoFile['duration'] = duration 91 videoFile.duration = duration
92
93 if (!await isVideoAccepted(req, res, videoFile)) return cleanUpReqFiles(req)
92 94
93 return next() 95 return next()
94 } 96 }
@@ -434,3 +436,26 @@ function areErrorsInScheduleUpdate (req: express.Request, res: express.Response)
434 436
435 return false 437 return false
436} 438}
439
440async function isVideoAccepted (req: express.Request, res: express.Response, videoFile: Express.Multer.File & { duration?: number }) {
441 // Check we accept this video
442 const acceptParameters = {
443 videoBody: req.body,
444 videoFile,
445 user: res.locals.oauth.token.User
446 }
447 const acceptedResult = await Hooks.wrapObject(
448 isLocalVideoAccepted(acceptParameters),
449 'filter:api.video.upload.accept.result'
450 )
451
452 if (!acceptedResult || acceptedResult.accepted !== true) {
453 logger.info('Refused local video.', { acceptedResult, acceptParameters })
454 res.status(403)
455 .json({ error: acceptedResult.errorMessage || 'Refused local video' })
456
457 return false
458 }
459
460 return true
461}