diff options
Diffstat (limited to 'server/middlewares')
17 files changed, 151 insertions, 85 deletions
diff --git a/server/middlewares/validators/abuse.ts b/server/middlewares/validators/abuse.ts index 56c97747c..c048bc6af 100644 --- a/server/middlewares/validators/abuse.ts +++ b/server/middlewares/validators/abuse.ts | |||
@@ -12,7 +12,7 @@ import { | |||
12 | isAbuseTimestampValid, | 12 | isAbuseTimestampValid, |
13 | isAbuseVideoIsValid | 13 | isAbuseVideoIsValid |
14 | } from '@server/helpers/custom-validators/abuses' | 14 | } from '@server/helpers/custom-validators/abuses' |
15 | import { exists, isIdOrUUIDValid, isIdValid, toIntOrNull } from '@server/helpers/custom-validators/misc' | 15 | import { exists, isIdOrUUIDValid, isIdValid, toCompleteUUID, toIntOrNull } from '@server/helpers/custom-validators/misc' |
16 | import { logger } from '@server/helpers/logger' | 16 | import { logger } from '@server/helpers/logger' |
17 | import { AbuseMessageModel } from '@server/models/abuse/abuse-message' | 17 | import { AbuseMessageModel } from '@server/models/abuse/abuse-message' |
18 | import { AbuseCreate, UserRight } from '@shared/models' | 18 | import { AbuseCreate, UserRight } from '@shared/models' |
@@ -27,6 +27,7 @@ const abuseReportValidator = [ | |||
27 | 27 | ||
28 | body('video.id') | 28 | body('video.id') |
29 | .optional() | 29 | .optional() |
30 | .customSanitizer(toCompleteUUID) | ||
30 | .custom(isIdOrUUIDValid) | 31 | .custom(isIdOrUUIDValid) |
31 | .withMessage('Should have a valid videoId'), | 32 | .withMessage('Should have a valid videoId'), |
32 | body('video.startAt') | 33 | body('video.startAt') |
diff --git a/server/middlewares/validators/feeds.ts b/server/middlewares/validators/feeds.ts index 51e6d6fff..51b8fdd19 100644 --- a/server/middlewares/validators/feeds.ts +++ b/server/middlewares/validators/feeds.ts | |||
@@ -1,8 +1,9 @@ | |||
1 | import * as express from 'express' | 1 | import * as express from 'express' |
2 | import { param, query } from 'express-validator' | 2 | import { param, query } from 'express-validator' |
3 | |||
3 | import { HttpStatusCode } from '../../../shared/core-utils/miscs/http-error-codes' | 4 | import { HttpStatusCode } from '../../../shared/core-utils/miscs/http-error-codes' |
4 | import { isValidRSSFeed } from '../../helpers/custom-validators/feeds' | 5 | import { isValidRSSFeed } from '../../helpers/custom-validators/feeds' |
5 | import { exists, isIdOrUUIDValid, isIdValid } from '../../helpers/custom-validators/misc' | 6 | import { exists, isIdOrUUIDValid, isIdValid, toCompleteUUID } from '../../helpers/custom-validators/misc' |
6 | import { logger } from '../../helpers/logger' | 7 | import { logger } from '../../helpers/logger' |
7 | import { | 8 | import { |
8 | areValidationErrors, | 9 | areValidationErrors, |
@@ -98,7 +99,10 @@ const videoSubscriptionFeedsValidator = [ | |||
98 | ] | 99 | ] |
99 | 100 | ||
100 | const videoCommentsFeedsValidator = [ | 101 | const videoCommentsFeedsValidator = [ |
101 | query('videoId').optional().custom(isIdOrUUIDValid), | 102 | query('videoId') |
103 | .customSanitizer(toCompleteUUID) | ||
104 | .optional() | ||
105 | .custom(isIdOrUUIDValid), | ||
102 | 106 | ||
103 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | 107 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { |
104 | logger.debug('Checking feeds parameters', { parameters: req.query }) | 108 | logger.debug('Checking feeds parameters', { parameters: req.query }) |
diff --git a/server/middlewares/validators/index.ts b/server/middlewares/validators/index.ts index 24faeea3e..94a3c2dea 100644 --- a/server/middlewares/validators/index.ts +++ b/server/middlewares/validators/index.ts | |||
@@ -11,7 +11,7 @@ export * from './sort' | |||
11 | export * from './users' | 11 | export * from './users' |
12 | export * from './user-subscriptions' | 12 | export * from './user-subscriptions' |
13 | export * from './videos' | 13 | export * from './videos' |
14 | export * from './webfinger' | ||
15 | export * from './search' | 14 | export * from './search' |
16 | export * from './server' | 15 | export * from './server' |
17 | export * from './user-history' | 16 | export * from './user-history' |
17 | export * from './webfinger' | ||
diff --git a/server/middlewares/validators/oembed.ts b/server/middlewares/validators/oembed.ts index e1015d7fd..0a82e6932 100644 --- a/server/middlewares/validators/oembed.ts +++ b/server/middlewares/validators/oembed.ts | |||
@@ -6,7 +6,7 @@ import { VideoPlaylistModel } from '@server/models/video/video-playlist' | |||
6 | import { VideoPlaylistPrivacy, VideoPrivacy } from '@shared/models' | 6 | import { VideoPlaylistPrivacy, VideoPrivacy } from '@shared/models' |
7 | import { HttpStatusCode } from '../../../shared/core-utils/miscs/http-error-codes' | 7 | import { HttpStatusCode } from '../../../shared/core-utils/miscs/http-error-codes' |
8 | import { isTestInstance } from '../../helpers/core-utils' | 8 | import { isTestInstance } from '../../helpers/core-utils' |
9 | import { isIdOrUUIDValid } from '../../helpers/custom-validators/misc' | 9 | import { isIdOrUUIDValid, toCompleteUUID } from '../../helpers/custom-validators/misc' |
10 | import { logger } from '../../helpers/logger' | 10 | import { logger } from '../../helpers/logger' |
11 | import { WEBSERVER } from '../../initializers/constants' | 11 | import { WEBSERVER } from '../../initializers/constants' |
12 | import { areValidationErrors } from './shared' | 12 | import { areValidationErrors } from './shared' |
@@ -79,7 +79,7 @@ const oembedValidator = [ | |||
79 | }) | 79 | }) |
80 | } | 80 | } |
81 | 81 | ||
82 | const elementId = matches[1] | 82 | const elementId = toCompleteUUID(matches[1]) |
83 | if (isIdOrUUIDValid(elementId) === false) { | 83 | if (isIdOrUUIDValid(elementId) === false) { |
84 | return res.fail({ message: 'Invalid video or playlist id.' }) | 84 | return res.fail({ message: 'Invalid video or playlist id.' }) |
85 | } | 85 | } |
diff --git a/server/middlewares/validators/redundancy.ts b/server/middlewares/validators/redundancy.ts index da24f4c9b..116c8c611 100644 --- a/server/middlewares/validators/redundancy.ts +++ b/server/middlewares/validators/redundancy.ts | |||
@@ -2,15 +2,24 @@ import * as express from 'express' | |||
2 | import { body, param, query } from 'express-validator' | 2 | import { body, param, query } from 'express-validator' |
3 | import { isVideoRedundancyTarget } from '@server/helpers/custom-validators/video-redundancies' | 3 | import { isVideoRedundancyTarget } from '@server/helpers/custom-validators/video-redundancies' |
4 | import { HttpStatusCode } from '../../../shared/core-utils/miscs/http-error-codes' | 4 | import { HttpStatusCode } from '../../../shared/core-utils/miscs/http-error-codes' |
5 | import { exists, isBooleanValid, isIdOrUUIDValid, isIdValid, toBooleanOrNull, toIntOrNull } from '../../helpers/custom-validators/misc' | 5 | import { |
6 | exists, | ||
7 | isBooleanValid, | ||
8 | isIdOrUUIDValid, | ||
9 | isIdValid, | ||
10 | toBooleanOrNull, | ||
11 | toCompleteUUID, | ||
12 | toIntOrNull | ||
13 | } from '../../helpers/custom-validators/misc' | ||
6 | import { isHostValid } from '../../helpers/custom-validators/servers' | 14 | import { isHostValid } from '../../helpers/custom-validators/servers' |
7 | import { logger } from '../../helpers/logger' | 15 | import { logger } from '../../helpers/logger' |
8 | import { VideoRedundancyModel } from '../../models/redundancy/video-redundancy' | 16 | import { VideoRedundancyModel } from '../../models/redundancy/video-redundancy' |
9 | import { ServerModel } from '../../models/server/server' | 17 | import { ServerModel } from '../../models/server/server' |
10 | import { areValidationErrors, doesVideoExist } from './shared' | 18 | import { areValidationErrors, doesVideoExist, isValidVideoIdParam } from './shared' |
11 | 19 | ||
12 | const videoFileRedundancyGetValidator = [ | 20 | const videoFileRedundancyGetValidator = [ |
13 | param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid video id'), | 21 | isValidVideoIdParam('videoId'), |
22 | |||
14 | param('resolution') | 23 | param('resolution') |
15 | .customSanitizer(toIntOrNull) | 24 | .customSanitizer(toIntOrNull) |
16 | .custom(exists).withMessage('Should have a valid resolution'), | 25 | .custom(exists).withMessage('Should have a valid resolution'), |
@@ -56,9 +65,8 @@ const videoFileRedundancyGetValidator = [ | |||
56 | ] | 65 | ] |
57 | 66 | ||
58 | const videoPlaylistRedundancyGetValidator = [ | 67 | const videoPlaylistRedundancyGetValidator = [ |
59 | param('videoId') | 68 | isValidVideoIdParam('videoId'), |
60 | .custom(isIdOrUUIDValid) | 69 | |
61 | .not().isEmpty().withMessage('Should have a valid video id'), | ||
62 | param('streamingPlaylistType') | 70 | param('streamingPlaylistType') |
63 | .customSanitizer(toIntOrNull) | 71 | .customSanitizer(toIntOrNull) |
64 | .custom(exists).withMessage('Should have a valid streaming playlist type'), | 72 | .custom(exists).withMessage('Should have a valid streaming playlist type'), |
@@ -135,7 +143,8 @@ const listVideoRedundanciesValidator = [ | |||
135 | 143 | ||
136 | const addVideoRedundancyValidator = [ | 144 | const addVideoRedundancyValidator = [ |
137 | body('videoId') | 145 | body('videoId') |
138 | .custom(isIdValid) | 146 | .customSanitizer(toCompleteUUID) |
147 | .custom(isIdOrUUIDValid) | ||
139 | .withMessage('Should have a valid video id'), | 148 | .withMessage('Should have a valid video id'), |
140 | 149 | ||
141 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | 150 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { |
diff --git a/server/middlewares/validators/shared/utils.ts b/server/middlewares/validators/shared/utils.ts index d3e4870a9..4f08560af 100644 --- a/server/middlewares/validators/shared/utils.ts +++ b/server/middlewares/validators/shared/utils.ts | |||
@@ -1,5 +1,6 @@ | |||
1 | import * as express from 'express' | 1 | import * as express from 'express' |
2 | import { query, validationResult } from 'express-validator' | 2 | import { param, query, validationResult } from 'express-validator' |
3 | import { isIdOrUUIDValid, toCompleteUUID } from '@server/helpers/custom-validators/misc' | ||
3 | import { logger } from '../../../helpers/logger' | 4 | import { logger } from '../../../helpers/logger' |
4 | 5 | ||
5 | function areValidationErrors (req: express.Request, res: express.Response) { | 6 | function areValidationErrors (req: express.Request, res: express.Response) { |
@@ -41,10 +42,24 @@ function createSortableColumns (sortableColumns: string[]) { | |||
41 | return sortableColumns.concat(sortableColumnDesc) | 42 | return sortableColumns.concat(sortableColumnDesc) |
42 | } | 43 | } |
43 | 44 | ||
45 | function isValidVideoIdParam (paramName: string) { | ||
46 | return param(paramName) | ||
47 | .customSanitizer(toCompleteUUID) | ||
48 | .custom(isIdOrUUIDValid).withMessage('Should have a valid video id') | ||
49 | } | ||
50 | |||
51 | function isValidPlaylistIdParam (paramName: string) { | ||
52 | return param(paramName) | ||
53 | .customSanitizer(toCompleteUUID) | ||
54 | .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id') | ||
55 | } | ||
56 | |||
44 | // --------------------------------------------------------------------------- | 57 | // --------------------------------------------------------------------------- |
45 | 58 | ||
46 | export { | 59 | export { |
47 | areValidationErrors, | 60 | areValidationErrors, |
48 | checkSort, | 61 | checkSort, |
49 | createSortableColumns | 62 | createSortableColumns, |
63 | isValidVideoIdParam, | ||
64 | isValidPlaylistIdParam | ||
50 | } | 65 | } |
diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts index 218633b8d..698d7d814 100644 --- a/server/middlewares/validators/users.ts +++ b/server/middlewares/validators/users.ts | |||
@@ -7,7 +7,7 @@ import { HttpStatusCode } from '../../../shared/core-utils/miscs/http-error-code | |||
7 | import { UserRole } from '../../../shared/models/users' | 7 | import { UserRole } from '../../../shared/models/users' |
8 | import { UserRegister } from '../../../shared/models/users/user-register.model' | 8 | import { UserRegister } from '../../../shared/models/users/user-register.model' |
9 | import { isActorPreferredUsernameValid } from '../../helpers/custom-validators/activitypub/actor' | 9 | import { isActorPreferredUsernameValid } from '../../helpers/custom-validators/activitypub/actor' |
10 | import { isIdOrUUIDValid, toBooleanOrNull, toIntOrNull } from '../../helpers/custom-validators/misc' | 10 | import { toBooleanOrNull, toIntOrNull } from '../../helpers/custom-validators/misc' |
11 | import { isThemeNameValid } from '../../helpers/custom-validators/plugins' | 11 | import { isThemeNameValid } from '../../helpers/custom-validators/plugins' |
12 | import { | 12 | import { |
13 | isNoInstanceConfigWarningModal, | 13 | isNoInstanceConfigWarningModal, |
@@ -35,7 +35,7 @@ import { Redis } from '../../lib/redis' | |||
35 | import { isSignupAllowed, isSignupAllowedForCurrentIP } from '../../lib/signup' | 35 | import { isSignupAllowed, isSignupAllowedForCurrentIP } from '../../lib/signup' |
36 | import { ActorModel } from '../../models/actor/actor' | 36 | import { ActorModel } from '../../models/actor/actor' |
37 | import { UserModel } from '../../models/user/user' | 37 | import { UserModel } from '../../models/user/user' |
38 | import { areValidationErrors, doesVideoExist } from './shared' | 38 | import { areValidationErrors, doesVideoExist, isValidVideoIdParam } from './shared' |
39 | 39 | ||
40 | const usersListValidator = [ | 40 | const usersListValidator = [ |
41 | query('blocked') | 41 | query('blocked') |
@@ -302,7 +302,7 @@ const usersGetValidator = [ | |||
302 | ] | 302 | ] |
303 | 303 | ||
304 | const usersVideoRatingValidator = [ | 304 | const usersVideoRatingValidator = [ |
305 | param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid video id'), | 305 | isValidVideoIdParam('videoId'), |
306 | 306 | ||
307 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | 307 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { |
308 | logger.debug('Checking usersVideoRating parameters', { parameters: req.params }) | 308 | logger.debug('Checking usersVideoRating parameters', { parameters: req.params }) |
diff --git a/server/middlewares/validators/videos/video-blacklist.ts b/server/middlewares/validators/videos/video-blacklist.ts index 7374ba774..21141d84d 100644 --- a/server/middlewares/validators/videos/video-blacklist.ts +++ b/server/middlewares/validators/videos/video-blacklist.ts | |||
@@ -1,13 +1,13 @@ | |||
1 | import * as express from 'express' | 1 | import * as express from 'express' |
2 | import { body, param, query } from 'express-validator' | 2 | import { body, query } from 'express-validator' |
3 | import { HttpStatusCode } from '../../../../shared/core-utils/miscs/http-error-codes' | 3 | import { HttpStatusCode } from '../../../../shared/core-utils/miscs/http-error-codes' |
4 | import { isBooleanValid, isIdOrUUIDValid, toBooleanOrNull, toIntOrNull } from '../../../helpers/custom-validators/misc' | 4 | import { isBooleanValid, toBooleanOrNull, toIntOrNull } from '../../../helpers/custom-validators/misc' |
5 | import { isVideoBlacklistReasonValid, isVideoBlacklistTypeValid } from '../../../helpers/custom-validators/video-blacklist' | 5 | import { isVideoBlacklistReasonValid, isVideoBlacklistTypeValid } from '../../../helpers/custom-validators/video-blacklist' |
6 | import { logger } from '../../../helpers/logger' | 6 | import { logger } from '../../../helpers/logger' |
7 | import { areValidationErrors, doesVideoBlacklistExist, doesVideoExist } from '../shared' | 7 | import { areValidationErrors, doesVideoBlacklistExist, doesVideoExist, isValidVideoIdParam } from '../shared' |
8 | 8 | ||
9 | const videosBlacklistRemoveValidator = [ | 9 | const videosBlacklistRemoveValidator = [ |
10 | param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'), | 10 | isValidVideoIdParam('videoId'), |
11 | 11 | ||
12 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | 12 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { |
13 | logger.debug('Checking blacklistRemove parameters.', { parameters: req.params }) | 13 | logger.debug('Checking blacklistRemove parameters.', { parameters: req.params }) |
@@ -21,7 +21,8 @@ const videosBlacklistRemoveValidator = [ | |||
21 | ] | 21 | ] |
22 | 22 | ||
23 | const videosBlacklistAddValidator = [ | 23 | const videosBlacklistAddValidator = [ |
24 | param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'), | 24 | isValidVideoIdParam('videoId'), |
25 | |||
25 | body('unfederate') | 26 | body('unfederate') |
26 | .optional() | 27 | .optional() |
27 | .customSanitizer(toBooleanOrNull) | 28 | .customSanitizer(toBooleanOrNull) |
@@ -49,7 +50,8 @@ const videosBlacklistAddValidator = [ | |||
49 | ] | 50 | ] |
50 | 51 | ||
51 | const videosBlacklistUpdateValidator = [ | 52 | const videosBlacklistUpdateValidator = [ |
52 | param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'), | 53 | isValidVideoIdParam('videoId'), |
54 | |||
53 | body('reason') | 55 | body('reason') |
54 | .optional() | 56 | .optional() |
55 | .custom(isVideoBlacklistReasonValid).withMessage('Should have a valid reason'), | 57 | .custom(isVideoBlacklistReasonValid).withMessage('Should have a valid reason'), |
diff --git a/server/middlewares/validators/videos/video-captions.ts b/server/middlewares/validators/videos/video-captions.ts index 2295e049a..2946f3e15 100644 --- a/server/middlewares/validators/videos/video-captions.ts +++ b/server/middlewares/validators/videos/video-captions.ts | |||
@@ -1,16 +1,18 @@ | |||
1 | import * as express from 'express' | 1 | import * as express from 'express' |
2 | import { body, param } from 'express-validator' | 2 | import { body, param } from 'express-validator' |
3 | import { UserRight } from '../../../../shared' | 3 | import { UserRight } from '../../../../shared' |
4 | import { isIdOrUUIDValid } from '../../../helpers/custom-validators/misc' | ||
5 | import { isVideoCaptionFile, isVideoCaptionLanguageValid } from '../../../helpers/custom-validators/video-captions' | 4 | import { isVideoCaptionFile, isVideoCaptionLanguageValid } from '../../../helpers/custom-validators/video-captions' |
6 | import { cleanUpReqFiles } from '../../../helpers/express-utils' | 5 | import { cleanUpReqFiles } from '../../../helpers/express-utils' |
7 | import { logger } from '../../../helpers/logger' | 6 | import { logger } from '../../../helpers/logger' |
8 | import { CONSTRAINTS_FIELDS, MIMETYPES } from '../../../initializers/constants' | 7 | import { CONSTRAINTS_FIELDS, MIMETYPES } from '../../../initializers/constants' |
9 | import { areValidationErrors, checkUserCanManageVideo, doesVideoCaptionExist, doesVideoExist } from '../shared' | 8 | import { areValidationErrors, checkUserCanManageVideo, doesVideoCaptionExist, doesVideoExist, isValidVideoIdParam } from '../shared' |
10 | 9 | ||
11 | const addVideoCaptionValidator = [ | 10 | const addVideoCaptionValidator = [ |
12 | param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid video id'), | 11 | isValidVideoIdParam('videoId'), |
13 | param('captionLanguage').custom(isVideoCaptionLanguageValid).not().isEmpty().withMessage('Should have a valid caption language'), | 12 | |
13 | param('captionLanguage') | ||
14 | .custom(isVideoCaptionLanguageValid).not().isEmpty().withMessage('Should have a valid caption language'), | ||
15 | |||
14 | body('captionfile') | 16 | body('captionfile') |
15 | .custom((_, { req }) => isVideoCaptionFile(req.files, 'captionfile')) | 17 | .custom((_, { req }) => isVideoCaptionFile(req.files, 'captionfile')) |
16 | .withMessage( | 18 | .withMessage( |
@@ -34,8 +36,10 @@ const addVideoCaptionValidator = [ | |||
34 | ] | 36 | ] |
35 | 37 | ||
36 | const deleteVideoCaptionValidator = [ | 38 | const deleteVideoCaptionValidator = [ |
37 | param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid video id'), | 39 | isValidVideoIdParam('videoId'), |
38 | param('captionLanguage').custom(isVideoCaptionLanguageValid).not().isEmpty().withMessage('Should have a valid caption language'), | 40 | |
41 | param('captionLanguage') | ||
42 | .custom(isVideoCaptionLanguageValid).not().isEmpty().withMessage('Should have a valid caption language'), | ||
39 | 43 | ||
40 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | 44 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { |
41 | logger.debug('Checking deleteVideoCaption parameters', { parameters: req.params }) | 45 | logger.debug('Checking deleteVideoCaption parameters', { parameters: req.params }) |
@@ -53,7 +57,7 @@ const deleteVideoCaptionValidator = [ | |||
53 | ] | 57 | ] |
54 | 58 | ||
55 | const listVideoCaptionsValidator = [ | 59 | const listVideoCaptionsValidator = [ |
56 | param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid video id'), | 60 | isValidVideoIdParam('videoId'), |
57 | 61 | ||
58 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | 62 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { |
59 | logger.debug('Checking listVideoCaptions parameters', { parameters: req.params }) | 63 | logger.debug('Checking listVideoCaptions parameters', { parameters: req.params }) |
diff --git a/server/middlewares/validators/videos/video-comments.ts b/server/middlewares/validators/videos/video-comments.ts index 1451ab988..885506ebe 100644 --- a/server/middlewares/validators/videos/video-comments.ts +++ b/server/middlewares/validators/videos/video-comments.ts | |||
@@ -3,13 +3,13 @@ import { body, param, query } from 'express-validator' | |||
3 | import { MUserAccountUrl } from '@server/types/models' | 3 | import { MUserAccountUrl } from '@server/types/models' |
4 | import { UserRight } from '../../../../shared' | 4 | import { UserRight } from '../../../../shared' |
5 | import { HttpStatusCode } from '../../../../shared/core-utils/miscs/http-error-codes' | 5 | import { HttpStatusCode } from '../../../../shared/core-utils/miscs/http-error-codes' |
6 | import { exists, isBooleanValid, isIdOrUUIDValid, isIdValid, toBooleanOrNull } from '../../../helpers/custom-validators/misc' | 6 | import { exists, isBooleanValid, isIdValid, toBooleanOrNull } from '../../../helpers/custom-validators/misc' |
7 | import { isValidVideoCommentText } from '../../../helpers/custom-validators/video-comments' | 7 | import { isValidVideoCommentText } from '../../../helpers/custom-validators/video-comments' |
8 | import { logger } from '../../../helpers/logger' | 8 | import { logger } from '../../../helpers/logger' |
9 | import { AcceptResult, isLocalVideoCommentReplyAccepted, isLocalVideoThreadAccepted } from '../../../lib/moderation' | 9 | import { AcceptResult, isLocalVideoCommentReplyAccepted, isLocalVideoThreadAccepted } from '../../../lib/moderation' |
10 | import { Hooks } from '../../../lib/plugins/hooks' | 10 | import { Hooks } from '../../../lib/plugins/hooks' |
11 | import { MCommentOwnerVideoReply, MVideo, MVideoFullLight } from '../../../types/models/video' | 11 | import { MCommentOwnerVideoReply, MVideo, MVideoFullLight } from '../../../types/models/video' |
12 | import { areValidationErrors, doesVideoCommentExist, doesVideoCommentThreadExist, doesVideoExist } from '../shared' | 12 | import { areValidationErrors, doesVideoCommentExist, doesVideoCommentThreadExist, doesVideoExist, isValidVideoIdParam } from '../shared' |
13 | 13 | ||
14 | const listVideoCommentsValidator = [ | 14 | const listVideoCommentsValidator = [ |
15 | query('isLocal') | 15 | query('isLocal') |
@@ -40,7 +40,7 @@ const listVideoCommentsValidator = [ | |||
40 | ] | 40 | ] |
41 | 41 | ||
42 | const listVideoCommentThreadsValidator = [ | 42 | const listVideoCommentThreadsValidator = [ |
43 | param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'), | 43 | isValidVideoIdParam('videoId'), |
44 | 44 | ||
45 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | 45 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { |
46 | logger.debug('Checking listVideoCommentThreads parameters.', { parameters: req.params }) | 46 | logger.debug('Checking listVideoCommentThreads parameters.', { parameters: req.params }) |
@@ -53,8 +53,10 @@ const listVideoCommentThreadsValidator = [ | |||
53 | ] | 53 | ] |
54 | 54 | ||
55 | const listVideoThreadCommentsValidator = [ | 55 | const listVideoThreadCommentsValidator = [ |
56 | param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'), | 56 | isValidVideoIdParam('videoId'), |
57 | param('threadId').custom(isIdValid).not().isEmpty().withMessage('Should have a valid threadId'), | 57 | |
58 | param('threadId') | ||
59 | .custom(isIdValid).not().isEmpty().withMessage('Should have a valid threadId'), | ||
58 | 60 | ||
59 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | 61 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { |
60 | logger.debug('Checking listVideoThreadComments parameters.', { parameters: req.params }) | 62 | logger.debug('Checking listVideoThreadComments parameters.', { parameters: req.params }) |
@@ -68,8 +70,10 @@ const listVideoThreadCommentsValidator = [ | |||
68 | ] | 70 | ] |
69 | 71 | ||
70 | const addVideoCommentThreadValidator = [ | 72 | const addVideoCommentThreadValidator = [ |
71 | param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'), | 73 | isValidVideoIdParam('videoId'), |
72 | body('text').custom(isValidVideoCommentText).not().isEmpty().withMessage('Should have a valid comment text'), | 74 | |
75 | body('text') | ||
76 | .custom(isValidVideoCommentText).not().isEmpty().withMessage('Should have a valid comment text'), | ||
73 | 77 | ||
74 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | 78 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { |
75 | logger.debug('Checking addVideoCommentThread parameters.', { parameters: req.params, body: req.body }) | 79 | logger.debug('Checking addVideoCommentThread parameters.', { parameters: req.params, body: req.body }) |
@@ -84,8 +88,10 @@ const addVideoCommentThreadValidator = [ | |||
84 | ] | 88 | ] |
85 | 89 | ||
86 | const addVideoCommentReplyValidator = [ | 90 | const addVideoCommentReplyValidator = [ |
87 | param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'), | 91 | isValidVideoIdParam('videoId'), |
92 | |||
88 | param('commentId').custom(isIdValid).not().isEmpty().withMessage('Should have a valid commentId'), | 93 | param('commentId').custom(isIdValid).not().isEmpty().withMessage('Should have a valid commentId'), |
94 | |||
89 | body('text').custom(isValidVideoCommentText).not().isEmpty().withMessage('Should have a valid comment text'), | 95 | body('text').custom(isValidVideoCommentText).not().isEmpty().withMessage('Should have a valid comment text'), |
90 | 96 | ||
91 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | 97 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { |
@@ -102,8 +108,10 @@ const addVideoCommentReplyValidator = [ | |||
102 | ] | 108 | ] |
103 | 109 | ||
104 | const videoCommentGetValidator = [ | 110 | const videoCommentGetValidator = [ |
105 | param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'), | 111 | isValidVideoIdParam('videoId'), |
106 | param('commentId').custom(isIdValid).not().isEmpty().withMessage('Should have a valid commentId'), | 112 | |
113 | param('commentId') | ||
114 | .custom(isIdValid).not().isEmpty().withMessage('Should have a valid commentId'), | ||
107 | 115 | ||
108 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | 116 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { |
109 | logger.debug('Checking videoCommentGetValidator parameters.', { parameters: req.params }) | 117 | logger.debug('Checking videoCommentGetValidator parameters.', { parameters: req.params }) |
@@ -117,7 +125,8 @@ const videoCommentGetValidator = [ | |||
117 | ] | 125 | ] |
118 | 126 | ||
119 | const removeVideoCommentValidator = [ | 127 | const removeVideoCommentValidator = [ |
120 | param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'), | 128 | isValidVideoIdParam('videoId'), |
129 | |||
121 | param('commentId').custom(isIdValid).not().isEmpty().withMessage('Should have a valid commentId'), | 130 | param('commentId').custom(isIdValid).not().isEmpty().withMessage('Should have a valid commentId'), |
122 | 131 | ||
123 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | 132 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { |
diff --git a/server/middlewares/validators/videos/video-live.ts b/server/middlewares/validators/videos/video-live.ts index b058ff5c1..7cfb935e3 100644 --- a/server/middlewares/validators/videos/video-live.ts +++ b/server/middlewares/validators/videos/video-live.ts | |||
@@ -1,5 +1,5 @@ | |||
1 | import * as express from 'express' | 1 | import * as express from 'express' |
2 | import { body, param } from 'express-validator' | 2 | import { body } from 'express-validator' |
3 | import { CONSTRAINTS_FIELDS } from '@server/initializers/constants' | 3 | import { CONSTRAINTS_FIELDS } from '@server/initializers/constants' |
4 | import { isLocalLiveVideoAccepted } from '@server/lib/moderation' | 4 | import { isLocalLiveVideoAccepted } from '@server/lib/moderation' |
5 | import { Hooks } from '@server/lib/plugins/hooks' | 5 | import { Hooks } from '@server/lib/plugins/hooks' |
@@ -7,16 +7,22 @@ import { VideoModel } from '@server/models/video/video' | |||
7 | import { VideoLiveModel } from '@server/models/video/video-live' | 7 | import { VideoLiveModel } from '@server/models/video/video-live' |
8 | import { HttpStatusCode } from '@shared/core-utils/miscs/http-error-codes' | 8 | import { HttpStatusCode } from '@shared/core-utils/miscs/http-error-codes' |
9 | import { ServerErrorCode, UserRight, VideoState } from '@shared/models' | 9 | import { ServerErrorCode, UserRight, VideoState } from '@shared/models' |
10 | import { isBooleanValid, isIdOrUUIDValid, isIdValid, toBooleanOrNull, toIntOrNull } from '../../../helpers/custom-validators/misc' | 10 | import { isBooleanValid, isIdValid, toBooleanOrNull, toIntOrNull } from '../../../helpers/custom-validators/misc' |
11 | import { isVideoNameValid } from '../../../helpers/custom-validators/videos' | 11 | import { isVideoNameValid } from '../../../helpers/custom-validators/videos' |
12 | import { cleanUpReqFiles } from '../../../helpers/express-utils' | 12 | import { cleanUpReqFiles } from '../../../helpers/express-utils' |
13 | import { logger } from '../../../helpers/logger' | 13 | import { logger } from '../../../helpers/logger' |
14 | import { CONFIG } from '../../../initializers/config' | 14 | import { CONFIG } from '../../../initializers/config' |
15 | import { areValidationErrors, checkUserCanManageVideo, doesVideoChannelOfAccountExist, doesVideoExist } from '../shared' | 15 | import { |
16 | areValidationErrors, | ||
17 | checkUserCanManageVideo, | ||
18 | doesVideoChannelOfAccountExist, | ||
19 | doesVideoExist, | ||
20 | isValidVideoIdParam | ||
21 | } from '../shared' | ||
16 | import { getCommonVideoEditAttributes } from './videos' | 22 | import { getCommonVideoEditAttributes } from './videos' |
17 | 23 | ||
18 | const videoLiveGetValidator = [ | 24 | const videoLiveGetValidator = [ |
19 | param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'), | 25 | isValidVideoIdParam('videoId'), |
20 | 26 | ||
21 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | 27 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { |
22 | logger.debug('Checking videoLiveGetValidator parameters', { parameters: req.params, user: res.locals.oauth.token.User.username }) | 28 | logger.debug('Checking videoLiveGetValidator parameters', { parameters: req.params, user: res.locals.oauth.token.User.username }) |
diff --git a/server/middlewares/validators/videos/video-ownership-changes.ts b/server/middlewares/validators/videos/video-ownership-changes.ts index 120b0469c..54ac46c99 100644 --- a/server/middlewares/validators/videos/video-ownership-changes.ts +++ b/server/middlewares/validators/videos/video-ownership-changes.ts | |||
@@ -1,6 +1,6 @@ | |||
1 | import * as express from 'express' | 1 | import * as express from 'express' |
2 | import { param } from 'express-validator' | 2 | import { param } from 'express-validator' |
3 | import { isIdOrUUIDValid } from '@server/helpers/custom-validators/misc' | 3 | import { isIdValid } from '@server/helpers/custom-validators/misc' |
4 | import { checkUserCanTerminateOwnershipChange } from '@server/helpers/custom-validators/video-ownership' | 4 | import { checkUserCanTerminateOwnershipChange } from '@server/helpers/custom-validators/video-ownership' |
5 | import { logger } from '@server/helpers/logger' | 5 | import { logger } from '@server/helpers/logger' |
6 | import { isAbleToUploadVideo } from '@server/lib/user' | 6 | import { isAbleToUploadVideo } from '@server/lib/user' |
@@ -13,11 +13,12 @@ import { | |||
13 | checkUserCanManageVideo, | 13 | checkUserCanManageVideo, |
14 | doesChangeVideoOwnershipExist, | 14 | doesChangeVideoOwnershipExist, |
15 | doesVideoChannelOfAccountExist, | 15 | doesVideoChannelOfAccountExist, |
16 | doesVideoExist | 16 | doesVideoExist, |
17 | isValidVideoIdParam | ||
17 | } from '../shared' | 18 | } from '../shared' |
18 | 19 | ||
19 | const videosChangeOwnershipValidator = [ | 20 | const videosChangeOwnershipValidator = [ |
20 | param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), | 21 | isValidVideoIdParam('videoId'), |
21 | 22 | ||
22 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | 23 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { |
23 | logger.debug('Checking changeOwnership parameters', { parameters: req.params }) | 24 | logger.debug('Checking changeOwnership parameters', { parameters: req.params }) |
@@ -40,7 +41,8 @@ const videosChangeOwnershipValidator = [ | |||
40 | ] | 41 | ] |
41 | 42 | ||
42 | const videosTerminateChangeOwnershipValidator = [ | 43 | const videosTerminateChangeOwnershipValidator = [ |
43 | param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), | 44 | param('id') |
45 | .custom(isIdValid).withMessage('Should have a valid id'), | ||
44 | 46 | ||
45 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | 47 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { |
46 | logger.debug('Checking changeOwnership parameters', { parameters: req.params }) | 48 | logger.debug('Checking changeOwnership parameters', { parameters: req.params }) |
diff --git a/server/middlewares/validators/videos/video-playlists.ts b/server/middlewares/validators/videos/video-playlists.ts index 0d2e6e90c..5ee7ee0ce 100644 --- a/server/middlewares/validators/videos/video-playlists.ts +++ b/server/middlewares/validators/videos/video-playlists.ts | |||
@@ -11,6 +11,7 @@ import { | |||
11 | isIdOrUUIDValid, | 11 | isIdOrUUIDValid, |
12 | isIdValid, | 12 | isIdValid, |
13 | isUUIDValid, | 13 | isUUIDValid, |
14 | toCompleteUUID, | ||
14 | toIntArray, | 15 | toIntArray, |
15 | toIntOrNull, | 16 | toIntOrNull, |
16 | toValueOrNull | 17 | toValueOrNull |
@@ -29,7 +30,14 @@ import { CONSTRAINTS_FIELDS } from '../../../initializers/constants' | |||
29 | import { VideoPlaylistElementModel } from '../../../models/video/video-playlist-element' | 30 | import { VideoPlaylistElementModel } from '../../../models/video/video-playlist-element' |
30 | import { MVideoPlaylist } from '../../../types/models/video/video-playlist' | 31 | import { MVideoPlaylist } from '../../../types/models/video/video-playlist' |
31 | import { authenticatePromiseIfNeeded } from '../../auth' | 32 | import { authenticatePromiseIfNeeded } from '../../auth' |
32 | import { areValidationErrors, doesVideoChannelIdExist, doesVideoExist, doesVideoPlaylistExist, VideoPlaylistFetchType } from '../shared' | 33 | import { |
34 | areValidationErrors, | ||
35 | doesVideoChannelIdExist, | ||
36 | doesVideoExist, | ||
37 | doesVideoPlaylistExist, | ||
38 | isValidPlaylistIdParam, | ||
39 | VideoPlaylistFetchType | ||
40 | } from '../shared' | ||
33 | 41 | ||
34 | const videoPlaylistsAddValidator = getCommonPlaylistEditAttributes().concat([ | 42 | const videoPlaylistsAddValidator = getCommonPlaylistEditAttributes().concat([ |
35 | body('displayName') | 43 | body('displayName') |
@@ -43,10 +51,13 @@ const videoPlaylistsAddValidator = getCommonPlaylistEditAttributes().concat([ | |||
43 | const body: VideoPlaylistCreate = req.body | 51 | const body: VideoPlaylistCreate = req.body |
44 | if (body.videoChannelId && !await doesVideoChannelIdExist(body.videoChannelId, res)) return cleanUpReqFiles(req) | 52 | if (body.videoChannelId && !await doesVideoChannelIdExist(body.videoChannelId, res)) return cleanUpReqFiles(req) |
45 | 53 | ||
46 | if (body.privacy === VideoPlaylistPrivacy.PUBLIC && !body.videoChannelId) { | 54 | if ( |
55 | !body.videoChannelId && | ||
56 | (body.privacy === VideoPlaylistPrivacy.PUBLIC || body.privacy === VideoPlaylistPrivacy.UNLISTED) | ||
57 | ) { | ||
47 | cleanUpReqFiles(req) | 58 | cleanUpReqFiles(req) |
48 | 59 | ||
49 | return res.fail({ message: 'Cannot set "public" a playlist that is not assigned to a channel.' }) | 60 | return res.fail({ message: 'Cannot set "public" or "unlisted" a playlist that is not assigned to a channel.' }) |
50 | } | 61 | } |
51 | 62 | ||
52 | return next() | 63 | return next() |
@@ -54,8 +65,7 @@ const videoPlaylistsAddValidator = getCommonPlaylistEditAttributes().concat([ | |||
54 | ]) | 65 | ]) |
55 | 66 | ||
56 | const videoPlaylistsUpdateValidator = getCommonPlaylistEditAttributes().concat([ | 67 | const videoPlaylistsUpdateValidator = getCommonPlaylistEditAttributes().concat([ |
57 | param('playlistId') | 68 | isValidPlaylistIdParam('playlistId'), |
58 | .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'), | ||
59 | 69 | ||
60 | body('displayName') | 70 | body('displayName') |
61 | .optional() | 71 | .optional() |
@@ -101,8 +111,7 @@ const videoPlaylistsUpdateValidator = getCommonPlaylistEditAttributes().concat([ | |||
101 | ]) | 111 | ]) |
102 | 112 | ||
103 | const videoPlaylistsDeleteValidator = [ | 113 | const videoPlaylistsDeleteValidator = [ |
104 | param('playlistId') | 114 | isValidPlaylistIdParam('playlistId'), |
105 | .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'), | ||
106 | 115 | ||
107 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | 116 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { |
108 | logger.debug('Checking videoPlaylistsDeleteValidator parameters', { parameters: req.params }) | 117 | logger.debug('Checking videoPlaylistsDeleteValidator parameters', { parameters: req.params }) |
@@ -126,8 +135,7 @@ const videoPlaylistsDeleteValidator = [ | |||
126 | 135 | ||
127 | const videoPlaylistsGetValidator = (fetchType: VideoPlaylistFetchType) => { | 136 | const videoPlaylistsGetValidator = (fetchType: VideoPlaylistFetchType) => { |
128 | return [ | 137 | return [ |
129 | param('playlistId') | 138 | isValidPlaylistIdParam('playlistId'), |
130 | .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'), | ||
131 | 139 | ||
132 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | 140 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { |
133 | logger.debug('Checking videoPlaylistsGetValidator parameters', { parameters: req.params }) | 141 | logger.debug('Checking videoPlaylistsGetValidator parameters', { parameters: req.params }) |
@@ -184,9 +192,10 @@ const videoPlaylistsSearchValidator = [ | |||
184 | ] | 192 | ] |
185 | 193 | ||
186 | const videoPlaylistsAddVideoValidator = [ | 194 | const videoPlaylistsAddVideoValidator = [ |
187 | param('playlistId') | 195 | isValidPlaylistIdParam('playlistId'), |
188 | .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'), | 196 | |
189 | body('videoId') | 197 | body('videoId') |
198 | .customSanitizer(toCompleteUUID) | ||
190 | .custom(isIdOrUUIDValid).withMessage('Should have a valid video id/uuid'), | 199 | .custom(isIdOrUUIDValid).withMessage('Should have a valid video id/uuid'), |
191 | body('startTimestamp') | 200 | body('startTimestamp') |
192 | .optional() | 201 | .optional() |
@@ -214,9 +223,9 @@ const videoPlaylistsAddVideoValidator = [ | |||
214 | ] | 223 | ] |
215 | 224 | ||
216 | const videoPlaylistsUpdateOrRemoveVideoValidator = [ | 225 | const videoPlaylistsUpdateOrRemoveVideoValidator = [ |
217 | param('playlistId') | 226 | isValidPlaylistIdParam('playlistId'), |
218 | .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'), | ||
219 | param('playlistElementId') | 227 | param('playlistElementId') |
228 | .customSanitizer(toCompleteUUID) | ||
220 | .custom(isIdValid).withMessage('Should have an element id/uuid'), | 229 | .custom(isIdValid).withMessage('Should have an element id/uuid'), |
221 | body('startTimestamp') | 230 | body('startTimestamp') |
222 | .optional() | 231 | .optional() |
@@ -251,8 +260,7 @@ const videoPlaylistsUpdateOrRemoveVideoValidator = [ | |||
251 | ] | 260 | ] |
252 | 261 | ||
253 | const videoPlaylistElementAPGetValidator = [ | 262 | const videoPlaylistElementAPGetValidator = [ |
254 | param('playlistId') | 263 | isValidPlaylistIdParam('playlistId'), |
255 | .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'), | ||
256 | param('playlistElementId') | 264 | param('playlistElementId') |
257 | .custom(isIdValid).withMessage('Should have an playlist element id'), | 265 | .custom(isIdValid).withMessage('Should have an playlist element id'), |
258 | 266 | ||
@@ -287,8 +295,7 @@ const videoPlaylistElementAPGetValidator = [ | |||
287 | ] | 295 | ] |
288 | 296 | ||
289 | const videoPlaylistsReorderVideosValidator = [ | 297 | const videoPlaylistsReorderVideosValidator = [ |
290 | param('playlistId') | 298 | isValidPlaylistIdParam('playlistId'), |
291 | .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'), | ||
292 | body('startPosition') | 299 | body('startPosition') |
293 | .isInt({ min: 1 }).withMessage('Should have a valid start position'), | 300 | .isInt({ min: 1 }).withMessage('Should have a valid start position'), |
294 | body('insertAfterPosition') | 301 | body('insertAfterPosition') |
diff --git a/server/middlewares/validators/videos/video-rates.ts b/server/middlewares/validators/videos/video-rates.ts index 4a802e75e..5d5dfb222 100644 --- a/server/middlewares/validators/videos/video-rates.ts +++ b/server/middlewares/validators/videos/video-rates.ts | |||
@@ -3,15 +3,16 @@ import { body, param, query } from 'express-validator' | |||
3 | import { HttpStatusCode } from '../../../../shared/core-utils/miscs/http-error-codes' | 3 | import { HttpStatusCode } from '../../../../shared/core-utils/miscs/http-error-codes' |
4 | import { VideoRateType } from '../../../../shared/models/videos' | 4 | import { VideoRateType } from '../../../../shared/models/videos' |
5 | import { isAccountNameValid } from '../../../helpers/custom-validators/accounts' | 5 | import { isAccountNameValid } from '../../../helpers/custom-validators/accounts' |
6 | import { isIdOrUUIDValid, isIdValid } from '../../../helpers/custom-validators/misc' | 6 | import { isIdValid } from '../../../helpers/custom-validators/misc' |
7 | import { isRatingValid } from '../../../helpers/custom-validators/video-rates' | 7 | import { isRatingValid } from '../../../helpers/custom-validators/video-rates' |
8 | import { isVideoRatingTypeValid } from '../../../helpers/custom-validators/videos' | 8 | import { isVideoRatingTypeValid } from '../../../helpers/custom-validators/videos' |
9 | import { logger } from '../../../helpers/logger' | 9 | import { logger } from '../../../helpers/logger' |
10 | import { AccountVideoRateModel } from '../../../models/account/account-video-rate' | 10 | import { AccountVideoRateModel } from '../../../models/account/account-video-rate' |
11 | import { areValidationErrors, doesVideoExist } from '../shared' | 11 | import { areValidationErrors, doesVideoExist, isValidVideoIdParam } from '../shared' |
12 | 12 | ||
13 | const videoUpdateRateValidator = [ | 13 | const videoUpdateRateValidator = [ |
14 | param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), | 14 | isValidVideoIdParam('id'), |
15 | |||
15 | body('rating').custom(isVideoRatingTypeValid).withMessage('Should have a valid rate type'), | 16 | body('rating').custom(isVideoRatingTypeValid).withMessage('Should have a valid rate type'), |
16 | 17 | ||
17 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | 18 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { |
diff --git a/server/middlewares/validators/videos/video-shares.ts b/server/middlewares/validators/videos/video-shares.ts index cc2f66e94..7e54b6fc0 100644 --- a/server/middlewares/validators/videos/video-shares.ts +++ b/server/middlewares/validators/videos/video-shares.ts | |||
@@ -1,14 +1,16 @@ | |||
1 | import * as express from 'express' | 1 | import * as express from 'express' |
2 | import { param } from 'express-validator' | 2 | import { param } from 'express-validator' |
3 | import { HttpStatusCode } from '../../../../shared/core-utils/miscs/http-error-codes' | 3 | import { HttpStatusCode } from '../../../../shared/core-utils/miscs/http-error-codes' |
4 | import { isIdOrUUIDValid, isIdValid } from '../../../helpers/custom-validators/misc' | 4 | import { isIdValid } from '../../../helpers/custom-validators/misc' |
5 | import { logger } from '../../../helpers/logger' | 5 | import { logger } from '../../../helpers/logger' |
6 | import { VideoShareModel } from '../../../models/video/video-share' | 6 | import { VideoShareModel } from '../../../models/video/video-share' |
7 | import { areValidationErrors, doesVideoExist } from '../shared' | 7 | import { areValidationErrors, doesVideoExist, isValidVideoIdParam } from '../shared' |
8 | 8 | ||
9 | const videosShareValidator = [ | 9 | const videosShareValidator = [ |
10 | param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), | 10 | isValidVideoIdParam('id'), |
11 | param('actorId').custom(isIdValid).not().isEmpty().withMessage('Should have a valid actor id'), | 11 | |
12 | param('actorId') | ||
13 | .custom(isIdValid).not().isEmpty().withMessage('Should have a valid actor id'), | ||
12 | 14 | ||
13 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | 15 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { |
14 | logger.debug('Checking videoShare parameters', { parameters: req.params }) | 16 | logger.debug('Checking videoShare parameters', { parameters: req.params }) |
diff --git a/server/middlewares/validators/videos/video-watch.ts b/server/middlewares/validators/videos/video-watch.ts index ef8b89ece..43306f7cd 100644 --- a/server/middlewares/validators/videos/video-watch.ts +++ b/server/middlewares/validators/videos/video-watch.ts | |||
@@ -1,12 +1,13 @@ | |||
1 | import * as express from 'express' | 1 | import * as express from 'express' |
2 | import { body, param } from 'express-validator' | 2 | import { body } from 'express-validator' |
3 | import { HttpStatusCode } from '../../../../shared/core-utils/miscs/http-error-codes' | 3 | import { HttpStatusCode } from '../../../../shared/core-utils/miscs/http-error-codes' |
4 | import { isIdOrUUIDValid, toIntOrNull } from '../../../helpers/custom-validators/misc' | 4 | import { toIntOrNull } from '../../../helpers/custom-validators/misc' |
5 | import { logger } from '../../../helpers/logger' | 5 | import { logger } from '../../../helpers/logger' |
6 | import { areValidationErrors, doesVideoExist } from '../shared' | 6 | import { areValidationErrors, doesVideoExist, isValidVideoIdParam } from '../shared' |
7 | 7 | ||
8 | const videoWatchingValidator = [ | 8 | const videoWatchingValidator = [ |
9 | param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), | 9 | isValidVideoIdParam('videoId'), |
10 | |||
10 | body('currentTime') | 11 | body('currentTime') |
11 | .customSanitizer(toIntOrNull) | 12 | .customSanitizer(toIntOrNull) |
12 | .isInt().withMessage('Should have correct current time'), | 13 | .isInt().withMessage('Should have correct current time'), |
diff --git a/server/middlewares/validators/videos/videos.ts b/server/middlewares/validators/videos/videos.ts index 8201e80c3..49e10e2b5 100644 --- a/server/middlewares/validators/videos/videos.ts +++ b/server/middlewares/validators/videos/videos.ts | |||
@@ -12,7 +12,6 @@ import { | |||
12 | isBooleanValid, | 12 | isBooleanValid, |
13 | isDateValid, | 13 | isDateValid, |
14 | isFileFieldValid, | 14 | isFileFieldValid, |
15 | isIdOrUUIDValid, | ||
16 | isIdValid, | 15 | isIdValid, |
17 | isUUIDValid, | 16 | isUUIDValid, |
18 | toArray, | 17 | toArray, |
@@ -53,7 +52,8 @@ import { | |||
53 | checkUserCanManageVideo, | 52 | checkUserCanManageVideo, |
54 | doesVideoChannelOfAccountExist, | 53 | doesVideoChannelOfAccountExist, |
55 | doesVideoExist, | 54 | doesVideoExist, |
56 | doesVideoFileOfVideoExist | 55 | doesVideoFileOfVideoExist, |
56 | isValidVideoIdParam | ||
57 | } from '../shared' | 57 | } from '../shared' |
58 | 58 | ||
59 | const videosAddLegacyValidator = getCommonVideoEditAttributes().concat([ | 59 | const videosAddLegacyValidator = getCommonVideoEditAttributes().concat([ |
@@ -195,7 +195,8 @@ const videosAddResumableInitValidator = getCommonVideoEditAttributes().concat([ | |||
195 | ]) | 195 | ]) |
196 | 196 | ||
197 | const videosUpdateValidator = getCommonVideoEditAttributes().concat([ | 197 | const videosUpdateValidator = getCommonVideoEditAttributes().concat([ |
198 | param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), | 198 | isValidVideoIdParam('id'), |
199 | |||
199 | body('name') | 200 | body('name') |
200 | .optional() | 201 | .optional() |
201 | .trim() | 202 | .trim() |
@@ -258,7 +259,7 @@ const videosCustomGetValidator = ( | |||
258 | authenticateInQuery = false | 259 | authenticateInQuery = false |
259 | ) => { | 260 | ) => { |
260 | return [ | 261 | return [ |
261 | param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), | 262 | isValidVideoIdParam('id'), |
262 | 263 | ||
263 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | 264 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { |
264 | logger.debug('Checking videosGet parameters', { parameters: req.params }) | 265 | logger.debug('Checking videosGet parameters', { parameters: req.params }) |
@@ -309,8 +310,10 @@ const videosGetValidator = videosCustomGetValidator('all') | |||
309 | const videosDownloadValidator = videosCustomGetValidator('all', true) | 310 | const videosDownloadValidator = videosCustomGetValidator('all', true) |
310 | 311 | ||
311 | const videoFileMetadataGetValidator = getCommonVideoEditAttributes().concat([ | 312 | const videoFileMetadataGetValidator = getCommonVideoEditAttributes().concat([ |
312 | param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), | 313 | isValidVideoIdParam('id'), |
313 | param('videoFileId').custom(isIdValid).not().isEmpty().withMessage('Should have a valid videoFileId'), | 314 | |
315 | param('videoFileId') | ||
316 | .custom(isIdValid).not().isEmpty().withMessage('Should have a valid videoFileId'), | ||
314 | 317 | ||
315 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | 318 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { |
316 | logger.debug('Checking videoFileMetadataGet parameters', { parameters: req.params }) | 319 | logger.debug('Checking videoFileMetadataGet parameters', { parameters: req.params }) |
@@ -323,7 +326,7 @@ const videoFileMetadataGetValidator = getCommonVideoEditAttributes().concat([ | |||
323 | ]) | 326 | ]) |
324 | 327 | ||
325 | const videosRemoveValidator = [ | 328 | const videosRemoveValidator = [ |
326 | param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), | 329 | isValidVideoIdParam('id'), |
327 | 330 | ||
328 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | 331 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { |
329 | logger.debug('Checking videosRemove parameters', { parameters: req.params }) | 332 | logger.debug('Checking videosRemove parameters', { parameters: req.params }) |