diff options
Diffstat (limited to 'server/middlewares')
-rw-r--r-- | server/middlewares/validators/video-captions.ts | 70 | ||||
-rw-r--r-- | server/middlewares/validators/videos.ts | 36 |
2 files changed, 76 insertions, 30 deletions
diff --git a/server/middlewares/validators/video-captions.ts b/server/middlewares/validators/video-captions.ts new file mode 100644 index 000000000..b6d92d380 --- /dev/null +++ b/server/middlewares/validators/video-captions.ts | |||
@@ -0,0 +1,70 @@ | |||
1 | import * as express from 'express' | ||
2 | import { areValidationErrors } from './utils' | ||
3 | import { checkUserCanManageVideo, isVideoExist } from '../../helpers/custom-validators/videos' | ||
4 | import { isIdOrUUIDValid } from '../../helpers/custom-validators/misc' | ||
5 | import { body, param } from 'express-validator/check' | ||
6 | import { CONSTRAINTS_FIELDS } from '../../initializers' | ||
7 | import { UserRight } from '../../../shared' | ||
8 | import { logger } from '../../helpers/logger' | ||
9 | import { isVideoCaptionExist, isVideoCaptionFile, isVideoCaptionLanguageValid } from '../../helpers/custom-validators/video-captions' | ||
10 | |||
11 | const addVideoCaptionValidator = [ | ||
12 | param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid video id'), | ||
13 | param('captionLanguage').custom(isVideoCaptionLanguageValid).not().isEmpty().withMessage('Should have a valid caption language'), | ||
14 | body('captionfile') | ||
15 | .custom((value, { req }) => isVideoCaptionFile(req.files, 'captionfile')).withMessage( | ||
16 | 'This caption file is not supported or too large. Please, make sure it is of the following type : ' | ||
17 | + CONSTRAINTS_FIELDS.VIDEO_CAPTIONS.CAPTION_FILE.EXTNAME.join(', ') | ||
18 | ), | ||
19 | |||
20 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | ||
21 | logger.debug('Checking addVideoCaption parameters', { parameters: req.body }) | ||
22 | |||
23 | if (areValidationErrors(req, res)) return | ||
24 | if (!await isVideoExist(req.params.videoId, res)) return | ||
25 | |||
26 | // Check if the user who did the request is able to update the video | ||
27 | const user = res.locals.oauth.token.User | ||
28 | if (!checkUserCanManageVideo(user, res.locals.video, UserRight.UPDATE_ANY_VIDEO, res)) return | ||
29 | |||
30 | return next() | ||
31 | } | ||
32 | ] | ||
33 | |||
34 | const deleteVideoCaptionValidator = [ | ||
35 | param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid video id'), | ||
36 | param('captionLanguage').custom(isVideoCaptionLanguageValid).not().isEmpty().withMessage('Should have a valid caption language'), | ||
37 | |||
38 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | ||
39 | logger.debug('Checking deleteVideoCaption parameters', { parameters: req.params }) | ||
40 | |||
41 | if (areValidationErrors(req, res)) return | ||
42 | if (!await isVideoExist(req.params.videoId, res)) return | ||
43 | if (!await isVideoCaptionExist(res.locals.video, req.params.captionLanguage, res)) return | ||
44 | |||
45 | // Check if the user who did the request is able to update the video | ||
46 | const user = res.locals.oauth.token.User | ||
47 | if (!checkUserCanManageVideo(user, res.locals.video, UserRight.UPDATE_ANY_VIDEO, res)) return | ||
48 | |||
49 | return next() | ||
50 | } | ||
51 | ] | ||
52 | |||
53 | const listVideoCaptionsValidator = [ | ||
54 | param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid video id'), | ||
55 | |||
56 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | ||
57 | logger.debug('Checking listVideoCaptions parameters', { parameters: req.params }) | ||
58 | |||
59 | if (areValidationErrors(req, res)) return | ||
60 | if (!await isVideoExist(req.params.videoId, res)) return | ||
61 | |||
62 | return next() | ||
63 | } | ||
64 | ] | ||
65 | |||
66 | export { | ||
67 | addVideoCaptionValidator, | ||
68 | listVideoCaptionsValidator, | ||
69 | deleteVideoCaptionValidator | ||
70 | } | ||
diff --git a/server/middlewares/validators/videos.ts b/server/middlewares/validators/videos.ts index 59d65d5a4..899def6fc 100644 --- a/server/middlewares/validators/videos.ts +++ b/server/middlewares/validators/videos.ts | |||
@@ -12,6 +12,7 @@ import { | |||
12 | toValueOrNull | 12 | toValueOrNull |
13 | } from '../../helpers/custom-validators/misc' | 13 | } from '../../helpers/custom-validators/misc' |
14 | import { | 14 | import { |
15 | checkUserCanManageVideo, | ||
15 | isScheduleVideoUpdatePrivacyValid, | 16 | isScheduleVideoUpdatePrivacyValid, |
16 | isVideoAbuseReasonValid, | 17 | isVideoAbuseReasonValid, |
17 | isVideoCategoryValid, | 18 | isVideoCategoryValid, |
@@ -31,8 +32,6 @@ import { | |||
31 | import { getDurationFromVideoFile } from '../../helpers/ffmpeg-utils' | 32 | import { getDurationFromVideoFile } from '../../helpers/ffmpeg-utils' |
32 | import { logger } from '../../helpers/logger' | 33 | import { logger } from '../../helpers/logger' |
33 | import { CONSTRAINTS_FIELDS } from '../../initializers' | 34 | import { CONSTRAINTS_FIELDS } from '../../initializers' |
34 | import { UserModel } from '../../models/account/user' | ||
35 | import { VideoModel } from '../../models/video/video' | ||
36 | import { VideoShareModel } from '../../models/video/video-share' | 35 | import { VideoShareModel } from '../../models/video/video-share' |
37 | import { authenticate } from '../oauth' | 36 | import { authenticate } from '../oauth' |
38 | import { areValidationErrors } from './utils' | 37 | import { areValidationErrors } from './utils' |
@@ -40,17 +39,17 @@ import { areValidationErrors } from './utils' | |||
40 | const videosAddValidator = [ | 39 | const videosAddValidator = [ |
41 | body('videofile') | 40 | body('videofile') |
42 | .custom((value, { req }) => isVideoFile(req.files)).withMessage( | 41 | .custom((value, { req }) => isVideoFile(req.files)).withMessage( |
43 | 'This file is not supported or too large. Please, make sure it is of the following type : ' | 42 | 'This file is not supported or too large. Please, make sure it is of the following type: ' |
44 | + CONSTRAINTS_FIELDS.VIDEOS.EXTNAME.join(', ') | 43 | + CONSTRAINTS_FIELDS.VIDEOS.EXTNAME.join(', ') |
45 | ), | 44 | ), |
46 | body('thumbnailfile') | 45 | body('thumbnailfile') |
47 | .custom((value, { req }) => isVideoImage(req.files, 'thumbnailfile')).withMessage( | 46 | .custom((value, { req }) => isVideoImage(req.files, 'thumbnailfile')).withMessage( |
48 | 'This thumbnail file is not supported or too large. Please, make sure it is of the following type : ' | 47 | 'This thumbnail file is not supported or too large. Please, make sure it is of the following type: ' |
49 | + CONSTRAINTS_FIELDS.VIDEOS.IMAGE.EXTNAME.join(', ') | 48 | + CONSTRAINTS_FIELDS.VIDEOS.IMAGE.EXTNAME.join(', ') |
50 | ), | 49 | ), |
51 | body('previewfile') | 50 | body('previewfile') |
52 | .custom((value, { req }) => isVideoImage(req.files, 'previewfile')).withMessage( | 51 | .custom((value, { req }) => isVideoImage(req.files, 'previewfile')).withMessage( |
53 | 'This preview file is not supported or too large. Please, make sure it is of the following type : ' | 52 | 'This preview file is not supported or too large. Please, make sure it is of the following type: ' |
54 | + CONSTRAINTS_FIELDS.VIDEOS.IMAGE.EXTNAME.join(', ') | 53 | + CONSTRAINTS_FIELDS.VIDEOS.IMAGE.EXTNAME.join(', ') |
55 | ), | 54 | ), |
56 | body('name').custom(isVideoNameValid).withMessage('Should have a valid name'), | 55 | body('name').custom(isVideoNameValid).withMessage('Should have a valid name'), |
@@ -152,12 +151,12 @@ const videosUpdateValidator = [ | |||
152 | param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), | 151 | param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), |
153 | body('thumbnailfile') | 152 | body('thumbnailfile') |
154 | .custom((value, { req }) => isVideoImage(req.files, 'thumbnailfile')).withMessage( | 153 | .custom((value, { req }) => isVideoImage(req.files, 'thumbnailfile')).withMessage( |
155 | 'This thumbnail file is not supported or too large. Please, make sure it is of the following type : ' | 154 | 'This thumbnail file is not supported or too large. Please, make sure it is of the following type: ' |
156 | + CONSTRAINTS_FIELDS.VIDEOS.IMAGE.EXTNAME.join(', ') | 155 | + CONSTRAINTS_FIELDS.VIDEOS.IMAGE.EXTNAME.join(', ') |
157 | ), | 156 | ), |
158 | body('previewfile') | 157 | body('previewfile') |
159 | .custom((value, { req }) => isVideoImage(req.files, 'previewfile')).withMessage( | 158 | .custom((value, { req }) => isVideoImage(req.files, 'previewfile')).withMessage( |
160 | 'This preview file is not supported or too large. Please, make sure it is of the following type : ' | 159 | 'This preview file is not supported or too large. Please, make sure it is of the following type: ' |
161 | + CONSTRAINTS_FIELDS.VIDEOS.IMAGE.EXTNAME.join(', ') | 160 | + CONSTRAINTS_FIELDS.VIDEOS.IMAGE.EXTNAME.join(', ') |
162 | ), | 161 | ), |
163 | body('name') | 162 | body('name') |
@@ -373,29 +372,6 @@ export { | |||
373 | 372 | ||
374 | // --------------------------------------------------------------------------- | 373 | // --------------------------------------------------------------------------- |
375 | 374 | ||
376 | function checkUserCanManageVideo (user: UserModel, video: VideoModel, right: UserRight, res: express.Response) { | ||
377 | // Retrieve the user who did the request | ||
378 | if (video.isOwned() === false) { | ||
379 | res.status(403) | ||
380 | .json({ error: 'Cannot manage a video of another server.' }) | ||
381 | .end() | ||
382 | return false | ||
383 | } | ||
384 | |||
385 | // Check if the user can delete the video | ||
386 | // The user can delete it if he has the right | ||
387 | // Or if s/he is the video's account | ||
388 | const account = video.VideoChannel.Account | ||
389 | if (user.hasRight(right) === false && account.userId !== user.id) { | ||
390 | res.status(403) | ||
391 | .json({ error: 'Cannot manage a video of another user.' }) | ||
392 | .end() | ||
393 | return false | ||
394 | } | ||
395 | |||
396 | return true | ||
397 | } | ||
398 | |||
399 | function areErrorsInVideoImageFiles (req: express.Request, res: express.Response) { | 375 | function areErrorsInVideoImageFiles (req: express.Request, res: express.Response) { |
400 | // Files are optional | 376 | // Files are optional |
401 | if (!req.files) return false | 377 | if (!req.files) return false |