diff options
Diffstat (limited to 'server/middlewares')
-rw-r--r-- | server/middlewares/validators/users.ts | 2 | ||||
-rw-r--r-- | server/middlewares/validators/video-captions.ts | 2 | ||||
-rw-r--r-- | server/middlewares/validators/video-comments.ts | 6 | ||||
-rw-r--r-- | server/middlewares/validators/videos.ts | 66 |
4 files changed, 40 insertions, 36 deletions
diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts index d13c50c84..d3ba1ae23 100644 --- a/server/middlewares/validators/users.ts +++ b/server/middlewares/validators/users.ts | |||
@@ -172,7 +172,7 @@ const usersVideoRatingValidator = [ | |||
172 | logger.debug('Checking usersVideoRating parameters', { parameters: req.params }) | 172 | logger.debug('Checking usersVideoRating parameters', { parameters: req.params }) |
173 | 173 | ||
174 | if (areValidationErrors(req, res)) return | 174 | if (areValidationErrors(req, res)) return |
175 | if (!await isVideoExist(req.params.videoId, res)) return | 175 | if (!await isVideoExist(req.params.videoId, res, 'id')) return |
176 | 176 | ||
177 | return next() | 177 | return next() |
178 | } | 178 | } |
diff --git a/server/middlewares/validators/video-captions.ts b/server/middlewares/validators/video-captions.ts index 4f393ea84..51ffd7f3c 100644 --- a/server/middlewares/validators/video-captions.ts +++ b/server/middlewares/validators/video-captions.ts | |||
@@ -58,7 +58,7 @@ const listVideoCaptionsValidator = [ | |||
58 | logger.debug('Checking listVideoCaptions parameters', { parameters: req.params }) | 58 | logger.debug('Checking listVideoCaptions parameters', { parameters: req.params }) |
59 | 59 | ||
60 | if (areValidationErrors(req, res)) return | 60 | if (areValidationErrors(req, res)) return |
61 | if (!await isVideoExist(req.params.videoId, res)) return | 61 | if (!await isVideoExist(req.params.videoId, res, 'id')) return |
62 | 62 | ||
63 | return next() | 63 | return next() |
64 | } | 64 | } |
diff --git a/server/middlewares/validators/video-comments.ts b/server/middlewares/validators/video-comments.ts index 227bc1fca..693852499 100644 --- a/server/middlewares/validators/video-comments.ts +++ b/server/middlewares/validators/video-comments.ts | |||
@@ -17,7 +17,7 @@ const listVideoCommentThreadsValidator = [ | |||
17 | logger.debug('Checking listVideoCommentThreads parameters.', { parameters: req.params }) | 17 | logger.debug('Checking listVideoCommentThreads parameters.', { parameters: req.params }) |
18 | 18 | ||
19 | if (areValidationErrors(req, res)) return | 19 | if (areValidationErrors(req, res)) return |
20 | if (!await isVideoExist(req.params.videoId, res)) return | 20 | if (!await isVideoExist(req.params.videoId, res, 'only-video')) return |
21 | 21 | ||
22 | return next() | 22 | return next() |
23 | } | 23 | } |
@@ -31,7 +31,7 @@ const listVideoThreadCommentsValidator = [ | |||
31 | logger.debug('Checking listVideoThreadComments parameters.', { parameters: req.params }) | 31 | logger.debug('Checking listVideoThreadComments parameters.', { parameters: req.params }) |
32 | 32 | ||
33 | if (areValidationErrors(req, res)) return | 33 | if (areValidationErrors(req, res)) return |
34 | if (!await isVideoExist(req.params.videoId, res)) return | 34 | if (!await isVideoExist(req.params.videoId, res, 'only-video')) return |
35 | if (!await isVideoCommentThreadExist(req.params.threadId, res.locals.video, res)) return | 35 | if (!await isVideoCommentThreadExist(req.params.threadId, res.locals.video, res)) return |
36 | 36 | ||
37 | return next() | 37 | return next() |
@@ -78,7 +78,7 @@ const videoCommentGetValidator = [ | |||
78 | logger.debug('Checking videoCommentGetValidator parameters.', { parameters: req.params }) | 78 | logger.debug('Checking videoCommentGetValidator parameters.', { parameters: req.params }) |
79 | 79 | ||
80 | if (areValidationErrors(req, res)) return | 80 | if (areValidationErrors(req, res)) return |
81 | if (!await isVideoExist(req.params.videoId, res)) return | 81 | if (!await isVideoExist(req.params.videoId, res, 'id')) return |
82 | if (!await isVideoCommentExist(req.params.commentId, res.locals.video, res)) return | 82 | if (!await isVideoCommentExist(req.params.commentId, res.locals.video, res)) return |
83 | 83 | ||
84 | return next() | 84 | return next() |
diff --git a/server/middlewares/validators/videos.ts b/server/middlewares/validators/videos.ts index 9befbc9ee..67eabe468 100644 --- a/server/middlewares/validators/videos.ts +++ b/server/middlewares/validators/videos.ts | |||
@@ -41,6 +41,7 @@ import { checkUserCanTerminateOwnershipChange, doesChangeVideoOwnershipExist } f | |||
41 | import { VideoChangeOwnershipAccept } from '../../../shared/models/videos/video-change-ownership-accept.model' | 41 | import { VideoChangeOwnershipAccept } from '../../../shared/models/videos/video-change-ownership-accept.model' |
42 | import { VideoChangeOwnershipModel } from '../../models/video/video-change-ownership' | 42 | import { VideoChangeOwnershipModel } from '../../models/video/video-change-ownership' |
43 | import { AccountModel } from '../../models/account/account' | 43 | import { AccountModel } from '../../models/account/account' |
44 | import { VideoFetchType } from '../../helpers/video' | ||
44 | 45 | ||
45 | const videosAddValidator = getCommonVideoAttributes().concat([ | 46 | const videosAddValidator = getCommonVideoAttributes().concat([ |
46 | body('videofile') | 47 | body('videofile') |
@@ -128,47 +129,49 @@ const videosUpdateValidator = getCommonVideoAttributes().concat([ | |||
128 | } | 129 | } |
129 | ]) | 130 | ]) |
130 | 131 | ||
131 | const videosGetValidator = [ | 132 | const videosCustomGetValidator = (fetchType: VideoFetchType) => { |
132 | param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), | 133 | return [ |
133 | 134 | param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), | |
134 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | ||
135 | logger.debug('Checking videosGet parameters', { parameters: req.params }) | ||
136 | 135 | ||
137 | if (areValidationErrors(req, res)) return | 136 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { |
138 | if (!await isVideoExist(req.params.id, res)) return | 137 | logger.debug('Checking videosGet parameters', { parameters: req.params }) |
139 | 138 | ||
140 | const video: VideoModel = res.locals.video | 139 | if (areValidationErrors(req, res)) return |
140 | if (!await isVideoExist(req.params.id, res, fetchType)) return | ||
141 | 141 | ||
142 | // Video private or blacklisted | 142 | const video: VideoModel = res.locals.video |
143 | if (video.privacy === VideoPrivacy.PRIVATE || video.VideoBlacklist) { | ||
144 | return authenticate(req, res, () => { | ||
145 | const user: UserModel = res.locals.oauth.token.User | ||
146 | 143 | ||
147 | // Only the owner or a user that have blacklist rights can see the video | 144 | // Video private or blacklisted |
148 | if (video.VideoChannel.Account.userId !== user.id && !user.hasRight(UserRight.MANAGE_VIDEO_BLACKLIST)) { | 145 | if (video.privacy === VideoPrivacy.PRIVATE || video.VideoBlacklist) { |
149 | return res.status(403) | 146 | return authenticate(req, res, () => { |
150 | .json({ error: 'Cannot get this private or blacklisted video.' }) | 147 | const user: UserModel = res.locals.oauth.token.User |
151 | .end() | ||
152 | } | ||
153 | 148 | ||
154 | return next() | 149 | // Only the owner or a user that have blacklist rights can see the video |
155 | }) | 150 | if (video.VideoChannel.Account.userId !== user.id && !user.hasRight(UserRight.MANAGE_VIDEO_BLACKLIST)) { |
151 | return res.status(403) | ||
152 | .json({ error: 'Cannot get this private or blacklisted video.' }) | ||
153 | .end() | ||
154 | } | ||
156 | 155 | ||
157 | return | 156 | return next() |
158 | } | 157 | }) |
158 | } | ||
159 | 159 | ||
160 | // Video is public, anyone can access it | 160 | // Video is public, anyone can access it |
161 | if (video.privacy === VideoPrivacy.PUBLIC) return next() | 161 | if (video.privacy === VideoPrivacy.PUBLIC) return next() |
162 | 162 | ||
163 | // Video is unlisted, check we used the uuid to fetch it | 163 | // Video is unlisted, check we used the uuid to fetch it |
164 | if (video.privacy === VideoPrivacy.UNLISTED) { | 164 | if (video.privacy === VideoPrivacy.UNLISTED) { |
165 | if (isUUIDValid(req.params.id)) return next() | 165 | if (isUUIDValid(req.params.id)) return next() |
166 | 166 | ||
167 | // Don't leak this unlisted video | 167 | // Don't leak this unlisted video |
168 | return res.status(404).end() | 168 | return res.status(404).end() |
169 | } | ||
169 | } | 170 | } |
170 | } | 171 | ] |
171 | ] | 172 | } |
173 | |||
174 | const videosGetValidator = videosCustomGetValidator('all') | ||
172 | 175 | ||
173 | const videosRemoveValidator = [ | 176 | const videosRemoveValidator = [ |
174 | param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), | 177 | param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), |
@@ -366,6 +369,7 @@ export { | |||
366 | videosAddValidator, | 369 | videosAddValidator, |
367 | videosUpdateValidator, | 370 | videosUpdateValidator, |
368 | videosGetValidator, | 371 | videosGetValidator, |
372 | videosCustomGetValidator, | ||
369 | videosRemoveValidator, | 373 | videosRemoveValidator, |
370 | videosShareValidator, | 374 | videosShareValidator, |
371 | 375 | ||