diff options
Diffstat (limited to 'server/middlewares')
-rw-r--r-- | server/middlewares/cache/shared/api-cache.ts | 4 | ||||
-rw-r--r-- | server/middlewares/validators/express.ts | 15 | ||||
-rw-r--r-- | server/middlewares/validators/index.ts | 23 | ||||
-rw-r--r-- | server/middlewares/validators/videos/index.ts | 3 | ||||
-rw-r--r-- | server/middlewares/validators/videos/video-stats.ts | 73 | ||||
-rw-r--r-- | server/middlewares/validators/videos/video-view.ts | 74 | ||||
-rw-r--r-- | server/middlewares/validators/videos/video-watch.ts | 38 |
7 files changed, 182 insertions, 48 deletions
diff --git a/server/middlewares/cache/shared/api-cache.ts b/server/middlewares/cache/shared/api-cache.ts index 86c5095b5..abc919339 100644 --- a/server/middlewares/cache/shared/api-cache.ts +++ b/server/middlewares/cache/shared/api-cache.ts | |||
@@ -6,8 +6,8 @@ import { OutgoingHttpHeaders } from 'http' | |||
6 | import { isTestInstance, parseDurationToMs } from '@server/helpers/core-utils' | 6 | import { isTestInstance, parseDurationToMs } from '@server/helpers/core-utils' |
7 | import { logger } from '@server/helpers/logger' | 7 | import { logger } from '@server/helpers/logger' |
8 | import { Redis } from '@server/lib/redis' | 8 | import { Redis } from '@server/lib/redis' |
9 | import { HttpStatusCode } from '@shared/models' | ||
10 | import { asyncMiddleware } from '@server/middlewares' | 9 | import { asyncMiddleware } from '@server/middlewares' |
10 | import { HttpStatusCode } from '@shared/models' | ||
11 | 11 | ||
12 | export interface APICacheOptions { | 12 | export interface APICacheOptions { |
13 | headerBlacklist?: string[] | 13 | headerBlacklist?: string[] |
@@ -152,7 +152,7 @@ export class ApiCache { | |||
152 | end: res.end, | 152 | end: res.end, |
153 | cacheable: true, | 153 | cacheable: true, |
154 | content: undefined, | 154 | content: undefined, |
155 | headers: {} | 155 | headers: undefined |
156 | } | 156 | } |
157 | 157 | ||
158 | // Patch express | 158 | // Patch express |
diff --git a/server/middlewares/validators/express.ts b/server/middlewares/validators/express.ts new file mode 100644 index 000000000..718aec55b --- /dev/null +++ b/server/middlewares/validators/express.ts | |||
@@ -0,0 +1,15 @@ | |||
1 | import * as express from 'express' | ||
2 | |||
3 | const methodsValidator = (methods: string[]) => { | ||
4 | return (req: express.Request, res: express.Response, next: express.NextFunction) => { | ||
5 | if (methods.includes(req.method) !== true) { | ||
6 | return res.sendStatus(405) | ||
7 | } | ||
8 | |||
9 | return next() | ||
10 | } | ||
11 | } | ||
12 | |||
13 | export { | ||
14 | methodsValidator | ||
15 | } | ||
diff --git a/server/middlewares/validators/index.ts b/server/middlewares/validators/index.ts index 94a3c2dea..b0ad04819 100644 --- a/server/middlewares/validators/index.ts +++ b/server/middlewares/validators/index.ts | |||
@@ -1,17 +1,26 @@ | |||
1 | export * from './activitypub' | ||
2 | export * from './videos' | ||
1 | export * from './abuse' | 3 | export * from './abuse' |
2 | export * from './account' | 4 | export * from './account' |
3 | export * from './actor-image' | 5 | export * from './actor-image' |
4 | export * from './blocklist' | 6 | export * from './blocklist' |
7 | export * from './bulk' | ||
8 | export * from './config' | ||
9 | export * from './express' | ||
10 | export * from './feeds' | ||
11 | export * from './follows' | ||
12 | export * from './jobs' | ||
13 | export * from './logs' | ||
5 | export * from './oembed' | 14 | export * from './oembed' |
6 | export * from './activitypub' | ||
7 | export * from './pagination' | 15 | export * from './pagination' |
8 | export * from './follows' | 16 | export * from './plugins' |
9 | export * from './feeds' | 17 | export * from './redundancy' |
10 | export * from './sort' | ||
11 | export * from './users' | ||
12 | export * from './user-subscriptions' | ||
13 | export * from './videos' | ||
14 | export * from './search' | 18 | export * from './search' |
15 | export * from './server' | 19 | export * from './server' |
20 | export * from './sort' | ||
21 | export * from './themes' | ||
16 | export * from './user-history' | 22 | export * from './user-history' |
23 | export * from './user-notifications' | ||
24 | export * from './user-subscriptions' | ||
25 | export * from './users' | ||
17 | export * from './webfinger' | 26 | export * from './webfinger' |
diff --git a/server/middlewares/validators/videos/index.ts b/server/middlewares/validators/videos/index.ts index c7dea4b3d..bd2590bc5 100644 --- a/server/middlewares/validators/videos/index.ts +++ b/server/middlewares/validators/videos/index.ts | |||
@@ -6,9 +6,10 @@ export * from './video-files' | |||
6 | export * from './video-imports' | 6 | export * from './video-imports' |
7 | export * from './video-live' | 7 | export * from './video-live' |
8 | export * from './video-ownership-changes' | 8 | export * from './video-ownership-changes' |
9 | export * from './video-watch' | 9 | export * from './video-view' |
10 | export * from './video-rates' | 10 | export * from './video-rates' |
11 | export * from './video-shares' | 11 | export * from './video-shares' |
12 | export * from './video-stats' | ||
12 | export * from './video-studio' | 13 | export * from './video-studio' |
13 | export * from './video-transcoding' | 14 | export * from './video-transcoding' |
14 | export * from './videos' | 15 | export * from './videos' |
diff --git a/server/middlewares/validators/videos/video-stats.ts b/server/middlewares/validators/videos/video-stats.ts new file mode 100644 index 000000000..358b6b473 --- /dev/null +++ b/server/middlewares/validators/videos/video-stats.ts | |||
@@ -0,0 +1,73 @@ | |||
1 | import express from 'express' | ||
2 | import { param } from 'express-validator' | ||
3 | import { isValidStatTimeserieMetric } from '@server/helpers/custom-validators/video-stats' | ||
4 | import { HttpStatusCode, UserRight } from '@shared/models' | ||
5 | import { logger } from '../../../helpers/logger' | ||
6 | import { areValidationErrors, checkUserCanManageVideo, doesVideoExist, isValidVideoIdParam } from '../shared' | ||
7 | |||
8 | const videoOverallStatsValidator = [ | ||
9 | isValidVideoIdParam('videoId'), | ||
10 | |||
11 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | ||
12 | logger.debug('Checking videoOverallStatsValidator parameters', { parameters: req.body }) | ||
13 | |||
14 | if (areValidationErrors(req, res)) return | ||
15 | if (!await commonStatsCheck(req, res)) return | ||
16 | |||
17 | return next() | ||
18 | } | ||
19 | ] | ||
20 | |||
21 | const videoRetentionStatsValidator = [ | ||
22 | isValidVideoIdParam('videoId'), | ||
23 | |||
24 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | ||
25 | logger.debug('Checking videoRetentionStatsValidator parameters', { parameters: req.body }) | ||
26 | |||
27 | if (areValidationErrors(req, res)) return | ||
28 | if (!await commonStatsCheck(req, res)) return | ||
29 | |||
30 | if (res.locals.videoAll.isLive) { | ||
31 | return res.fail({ | ||
32 | status: HttpStatusCode.BAD_REQUEST_400, | ||
33 | message: 'Cannot get retention stats of live video' | ||
34 | }) | ||
35 | } | ||
36 | |||
37 | return next() | ||
38 | } | ||
39 | ] | ||
40 | |||
41 | const videoTimeserieStatsValidator = [ | ||
42 | isValidVideoIdParam('videoId'), | ||
43 | |||
44 | param('metric') | ||
45 | .custom(isValidStatTimeserieMetric) | ||
46 | .withMessage('Should have a valid timeserie metric'), | ||
47 | |||
48 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | ||
49 | logger.debug('Checking videoTimeserieStatsValidator parameters', { parameters: req.body }) | ||
50 | |||
51 | if (areValidationErrors(req, res)) return | ||
52 | if (!await commonStatsCheck(req, res)) return | ||
53 | |||
54 | return next() | ||
55 | } | ||
56 | ] | ||
57 | |||
58 | // --------------------------------------------------------------------------- | ||
59 | |||
60 | export { | ||
61 | videoOverallStatsValidator, | ||
62 | videoTimeserieStatsValidator, | ||
63 | videoRetentionStatsValidator | ||
64 | } | ||
65 | |||
66 | // --------------------------------------------------------------------------- | ||
67 | |||
68 | async function commonStatsCheck (req: express.Request, res: express.Response) { | ||
69 | if (!await doesVideoExist(req.params.videoId, res, 'all')) return false | ||
70 | if (!checkUserCanManageVideo(res.locals.oauth.token.User, res.locals.videoAll, UserRight.SEE_ALL_VIDEOS, res)) return false | ||
71 | |||
72 | return true | ||
73 | } | ||
diff --git a/server/middlewares/validators/videos/video-view.ts b/server/middlewares/validators/videos/video-view.ts new file mode 100644 index 000000000..7a4994e8a --- /dev/null +++ b/server/middlewares/validators/videos/video-view.ts | |||
@@ -0,0 +1,74 @@ | |||
1 | import express from 'express' | ||
2 | import { body, param } from 'express-validator' | ||
3 | import { isVideoTimeValid } from '@server/helpers/custom-validators/video-view' | ||
4 | import { LocalVideoViewerModel } from '@server/models/view/local-video-viewer' | ||
5 | import { HttpStatusCode } from '../../../../shared/models/http/http-error-codes' | ||
6 | import { exists, isIdValid, isIntOrNull, toIntOrNull } from '../../../helpers/custom-validators/misc' | ||
7 | import { logger } from '../../../helpers/logger' | ||
8 | import { areValidationErrors, doesVideoExist, isValidVideoIdParam } from '../shared' | ||
9 | |||
10 | const getVideoLocalViewerValidator = [ | ||
11 | param('localViewerId') | ||
12 | .custom(isIdValid).withMessage('Should have a valid local viewer id'), | ||
13 | |||
14 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | ||
15 | logger.debug('Checking getVideoLocalViewerValidator parameters', { parameters: req.params }) | ||
16 | |||
17 | if (areValidationErrors(req, res)) return | ||
18 | |||
19 | const localViewer = await LocalVideoViewerModel.loadFullById(+req.params.localViewerId) | ||
20 | if (!localViewer) { | ||
21 | return res.fail({ | ||
22 | status: HttpStatusCode.NOT_FOUND_404, | ||
23 | message: 'Local viewer not found' | ||
24 | }) | ||
25 | } | ||
26 | |||
27 | res.locals.localViewerFull = localViewer | ||
28 | |||
29 | return next() | ||
30 | } | ||
31 | ] | ||
32 | |||
33 | const videoViewValidator = [ | ||
34 | isValidVideoIdParam('videoId'), | ||
35 | |||
36 | body('currentTime') | ||
37 | .optional() // TODO: remove optional in a few versions, introduced in 4.2 | ||
38 | .customSanitizer(toIntOrNull) | ||
39 | .custom(isIntOrNull).withMessage('Should have correct current time'), | ||
40 | |||
41 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | ||
42 | logger.debug('Checking videoView parameters', { parameters: req.body }) | ||
43 | |||
44 | if (areValidationErrors(req, res)) return | ||
45 | if (!await doesVideoExist(req.params.videoId, res, 'only-video')) return | ||
46 | |||
47 | const video = res.locals.onlyVideo | ||
48 | const videoDuration = video.isLive | ||
49 | ? undefined | ||
50 | : video.duration | ||
51 | |||
52 | if (!exists(req.body.currentTime)) { // TODO: remove in a few versions, introduced in 4.2 | ||
53 | req.body.currentTime = Math.min(videoDuration ?? 0, 30) | ||
54 | } | ||
55 | |||
56 | const currentTime: number = req.body.currentTime | ||
57 | |||
58 | if (!isVideoTimeValid(currentTime, videoDuration)) { | ||
59 | return res.fail({ | ||
60 | status: HttpStatusCode.BAD_REQUEST_400, | ||
61 | message: 'Current time is invalid' | ||
62 | }) | ||
63 | } | ||
64 | |||
65 | return next() | ||
66 | } | ||
67 | ] | ||
68 | |||
69 | // --------------------------------------------------------------------------- | ||
70 | |||
71 | export { | ||
72 | videoViewValidator, | ||
73 | getVideoLocalViewerValidator | ||
74 | } | ||
diff --git a/server/middlewares/validators/videos/video-watch.ts b/server/middlewares/validators/videos/video-watch.ts deleted file mode 100644 index d83710a64..000000000 --- a/server/middlewares/validators/videos/video-watch.ts +++ /dev/null | |||
@@ -1,38 +0,0 @@ | |||
1 | import express from 'express' | ||
2 | import { body } from 'express-validator' | ||
3 | import { HttpStatusCode } from '../../../../shared/models/http/http-error-codes' | ||
4 | import { toIntOrNull } from '../../../helpers/custom-validators/misc' | ||
5 | import { logger } from '../../../helpers/logger' | ||
6 | import { areValidationErrors, doesVideoExist, isValidVideoIdParam } from '../shared' | ||
7 | |||
8 | const videoWatchingValidator = [ | ||
9 | isValidVideoIdParam('videoId'), | ||
10 | |||
11 | body('currentTime') | ||
12 | .customSanitizer(toIntOrNull) | ||
13 | .isInt().withMessage('Should have correct current time'), | ||
14 | |||
15 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | ||
16 | logger.debug('Checking videoWatching parameters', { parameters: req.body }) | ||
17 | |||
18 | if (areValidationErrors(req, res)) return | ||
19 | if (!await doesVideoExist(req.params.videoId, res, 'id')) return | ||
20 | |||
21 | const user = res.locals.oauth.token.User | ||
22 | if (user.videosHistoryEnabled === false) { | ||
23 | logger.warn('Cannot set videos to watch by user %d: videos history is disabled.', user.id) | ||
24 | return res.fail({ | ||
25 | status: HttpStatusCode.CONFLICT_409, | ||
26 | message: 'Video history is disabled' | ||
27 | }) | ||
28 | } | ||
29 | |||
30 | return next() | ||
31 | } | ||
32 | ] | ||
33 | |||
34 | // --------------------------------------------------------------------------- | ||
35 | |||
36 | export { | ||
37 | videoWatchingValidator | ||
38 | } | ||