aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/middlewares
diff options
context:
space:
mode:
Diffstat (limited to 'server/middlewares')
-rw-r--r--server/middlewares/validators/users.ts2
-rw-r--r--server/middlewares/validators/video-captions.ts2
-rw-r--r--server/middlewares/validators/video-comments.ts6
-rw-r--r--server/middlewares/validators/videos.ts66
4 files changed, 40 insertions, 36 deletions
diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts
index d13c50c84..d3ba1ae23 100644
--- a/server/middlewares/validators/users.ts
+++ b/server/middlewares/validators/users.ts
@@ -172,7 +172,7 @@ const usersVideoRatingValidator = [
172 logger.debug('Checking usersVideoRating parameters', { parameters: req.params }) 172 logger.debug('Checking usersVideoRating parameters', { parameters: req.params })
173 173
174 if (areValidationErrors(req, res)) return 174 if (areValidationErrors(req, res)) return
175 if (!await isVideoExist(req.params.videoId, res)) return 175 if (!await isVideoExist(req.params.videoId, res, 'id')) return
176 176
177 return next() 177 return next()
178 } 178 }
diff --git a/server/middlewares/validators/video-captions.ts b/server/middlewares/validators/video-captions.ts
index 4f393ea84..51ffd7f3c 100644
--- a/server/middlewares/validators/video-captions.ts
+++ b/server/middlewares/validators/video-captions.ts
@@ -58,7 +58,7 @@ const listVideoCaptionsValidator = [
58 logger.debug('Checking listVideoCaptions parameters', { parameters: req.params }) 58 logger.debug('Checking listVideoCaptions parameters', { parameters: req.params })
59 59
60 if (areValidationErrors(req, res)) return 60 if (areValidationErrors(req, res)) return
61 if (!await isVideoExist(req.params.videoId, res)) return 61 if (!await isVideoExist(req.params.videoId, res, 'id')) return
62 62
63 return next() 63 return next()
64 } 64 }
diff --git a/server/middlewares/validators/video-comments.ts b/server/middlewares/validators/video-comments.ts
index 227bc1fca..693852499 100644
--- a/server/middlewares/validators/video-comments.ts
+++ b/server/middlewares/validators/video-comments.ts
@@ -17,7 +17,7 @@ const listVideoCommentThreadsValidator = [
17 logger.debug('Checking listVideoCommentThreads parameters.', { parameters: req.params }) 17 logger.debug('Checking listVideoCommentThreads parameters.', { parameters: req.params })
18 18
19 if (areValidationErrors(req, res)) return 19 if (areValidationErrors(req, res)) return
20 if (!await isVideoExist(req.params.videoId, res)) return 20 if (!await isVideoExist(req.params.videoId, res, 'only-video')) return
21 21
22 return next() 22 return next()
23 } 23 }
@@ -31,7 +31,7 @@ const listVideoThreadCommentsValidator = [
31 logger.debug('Checking listVideoThreadComments parameters.', { parameters: req.params }) 31 logger.debug('Checking listVideoThreadComments parameters.', { parameters: req.params })
32 32
33 if (areValidationErrors(req, res)) return 33 if (areValidationErrors(req, res)) return
34 if (!await isVideoExist(req.params.videoId, res)) return 34 if (!await isVideoExist(req.params.videoId, res, 'only-video')) return
35 if (!await isVideoCommentThreadExist(req.params.threadId, res.locals.video, res)) return 35 if (!await isVideoCommentThreadExist(req.params.threadId, res.locals.video, res)) return
36 36
37 return next() 37 return next()
@@ -78,7 +78,7 @@ const videoCommentGetValidator = [
78 logger.debug('Checking videoCommentGetValidator parameters.', { parameters: req.params }) 78 logger.debug('Checking videoCommentGetValidator parameters.', { parameters: req.params })
79 79
80 if (areValidationErrors(req, res)) return 80 if (areValidationErrors(req, res)) return
81 if (!await isVideoExist(req.params.videoId, res)) return 81 if (!await isVideoExist(req.params.videoId, res, 'id')) return
82 if (!await isVideoCommentExist(req.params.commentId, res.locals.video, res)) return 82 if (!await isVideoCommentExist(req.params.commentId, res.locals.video, res)) return
83 83
84 return next() 84 return next()
diff --git a/server/middlewares/validators/videos.ts b/server/middlewares/validators/videos.ts
index 9befbc9ee..67eabe468 100644
--- a/server/middlewares/validators/videos.ts
+++ b/server/middlewares/validators/videos.ts
@@ -41,6 +41,7 @@ import { checkUserCanTerminateOwnershipChange, doesChangeVideoOwnershipExist } f
41import { VideoChangeOwnershipAccept } from '../../../shared/models/videos/video-change-ownership-accept.model' 41import { VideoChangeOwnershipAccept } from '../../../shared/models/videos/video-change-ownership-accept.model'
42import { VideoChangeOwnershipModel } from '../../models/video/video-change-ownership' 42import { VideoChangeOwnershipModel } from '../../models/video/video-change-ownership'
43import { AccountModel } from '../../models/account/account' 43import { AccountModel } from '../../models/account/account'
44import { VideoFetchType } from '../../helpers/video'
44 45
45const videosAddValidator = getCommonVideoAttributes().concat([ 46const videosAddValidator = getCommonVideoAttributes().concat([
46 body('videofile') 47 body('videofile')
@@ -128,47 +129,49 @@ const videosUpdateValidator = getCommonVideoAttributes().concat([
128 } 129 }
129]) 130])
130 131
131const videosGetValidator = [ 132const videosCustomGetValidator = (fetchType: VideoFetchType) => {
132 param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), 133 return [
133 134 param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
134 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
135 logger.debug('Checking videosGet parameters', { parameters: req.params })
136 135
137 if (areValidationErrors(req, res)) return 136 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
138 if (!await isVideoExist(req.params.id, res)) return 137 logger.debug('Checking videosGet parameters', { parameters: req.params })
139 138
140 const video: VideoModel = res.locals.video 139 if (areValidationErrors(req, res)) return
140 if (!await isVideoExist(req.params.id, res, fetchType)) return
141 141
142 // Video private or blacklisted 142 const video: VideoModel = res.locals.video
143 if (video.privacy === VideoPrivacy.PRIVATE || video.VideoBlacklist) {
144 return authenticate(req, res, () => {
145 const user: UserModel = res.locals.oauth.token.User
146 143
147 // Only the owner or a user that have blacklist rights can see the video 144 // Video private or blacklisted
148 if (video.VideoChannel.Account.userId !== user.id && !user.hasRight(UserRight.MANAGE_VIDEO_BLACKLIST)) { 145 if (video.privacy === VideoPrivacy.PRIVATE || video.VideoBlacklist) {
149 return res.status(403) 146 return authenticate(req, res, () => {
150 .json({ error: 'Cannot get this private or blacklisted video.' }) 147 const user: UserModel = res.locals.oauth.token.User
151 .end()
152 }
153 148
154 return next() 149 // Only the owner or a user that have blacklist rights can see the video
155 }) 150 if (video.VideoChannel.Account.userId !== user.id && !user.hasRight(UserRight.MANAGE_VIDEO_BLACKLIST)) {
151 return res.status(403)
152 .json({ error: 'Cannot get this private or blacklisted video.' })
153 .end()
154 }
156 155
157 return 156 return next()
158 } 157 })
158 }
159 159
160 // Video is public, anyone can access it 160 // Video is public, anyone can access it
161 if (video.privacy === VideoPrivacy.PUBLIC) return next() 161 if (video.privacy === VideoPrivacy.PUBLIC) return next()
162 162
163 // Video is unlisted, check we used the uuid to fetch it 163 // Video is unlisted, check we used the uuid to fetch it
164 if (video.privacy === VideoPrivacy.UNLISTED) { 164 if (video.privacy === VideoPrivacy.UNLISTED) {
165 if (isUUIDValid(req.params.id)) return next() 165 if (isUUIDValid(req.params.id)) return next()
166 166
167 // Don't leak this unlisted video 167 // Don't leak this unlisted video
168 return res.status(404).end() 168 return res.status(404).end()
169 }
169 } 170 }
170 } 171 ]
171] 172}
173
174const videosGetValidator = videosCustomGetValidator('all')
172 175
173const videosRemoveValidator = [ 176const videosRemoveValidator = [
174 param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), 177 param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
@@ -366,6 +369,7 @@ export {
366 videosAddValidator, 369 videosAddValidator,
367 videosUpdateValidator, 370 videosUpdateValidator,
368 videosGetValidator, 371 videosGetValidator,
372 videosCustomGetValidator,
369 videosRemoveValidator, 373 videosRemoveValidator,
370 videosShareValidator, 374 videosShareValidator,
371 375