diff options
Diffstat (limited to 'server/middlewares')
-rw-r--r-- | server/middlewares/validators/oembed.ts | 36 |
1 files changed, 21 insertions, 15 deletions
diff --git a/server/middlewares/validators/oembed.ts b/server/middlewares/validators/oembed.ts index 32dd05271..fc1a294e0 100644 --- a/server/middlewares/validators/oembed.ts +++ b/server/middlewares/validators/oembed.ts | |||
@@ -6,7 +6,7 @@ import { VideoPlaylistModel } from '@server/models/video/video-playlist' | |||
6 | import { VideoPlaylistPrivacy, VideoPrivacy } from '@shared/models' | 6 | import { VideoPlaylistPrivacy, VideoPrivacy } from '@shared/models' |
7 | import { HttpStatusCode } from '../../../shared/models/http/http-error-codes' | 7 | import { HttpStatusCode } from '../../../shared/models/http/http-error-codes' |
8 | import { isTestInstance } from '../../helpers/core-utils' | 8 | import { isTestInstance } from '../../helpers/core-utils' |
9 | import { isIdOrUUIDValid, toCompleteUUID } from '../../helpers/custom-validators/misc' | 9 | import { isIdOrUUIDValid, isUUIDValid, toCompleteUUID } from '../../helpers/custom-validators/misc' |
10 | import { logger } from '../../helpers/logger' | 10 | import { logger } from '../../helpers/logger' |
11 | import { WEBSERVER } from '../../initializers/constants' | 11 | import { WEBSERVER } from '../../initializers/constants' |
12 | import { areValidationErrors } from './shared' | 12 | import { areValidationErrors } from './shared' |
@@ -107,15 +107,18 @@ const oembedValidator = [ | |||
107 | }) | 107 | }) |
108 | } | 108 | } |
109 | 109 | ||
110 | if (video.privacy !== VideoPrivacy.PUBLIC) { | 110 | if ( |
111 | return res.fail({ | 111 | video.privacy === VideoPrivacy.PUBLIC || |
112 | status: HttpStatusCode.FORBIDDEN_403, | 112 | (video.privacy === VideoPrivacy.UNLISTED && isUUIDValid(elementId) === true) |
113 | message: 'Video is not public' | 113 | ) { |
114 | }) | 114 | res.locals.videoAll = video |
115 | return next() | ||
115 | } | 116 | } |
116 | 117 | ||
117 | res.locals.videoAll = video | 118 | return res.fail({ |
118 | return next() | 119 | status: HttpStatusCode.FORBIDDEN_403, |
120 | message: 'Video is not publicly available' | ||
121 | }) | ||
119 | } | 122 | } |
120 | 123 | ||
121 | // Is playlist | 124 | // Is playlist |
@@ -128,15 +131,18 @@ const oembedValidator = [ | |||
128 | }) | 131 | }) |
129 | } | 132 | } |
130 | 133 | ||
131 | if (videoPlaylist.privacy !== VideoPlaylistPrivacy.PUBLIC) { | 134 | if ( |
132 | return res.fail({ | 135 | videoPlaylist.privacy === VideoPlaylistPrivacy.PUBLIC || |
133 | status: HttpStatusCode.FORBIDDEN_403, | 136 | (videoPlaylist.privacy === VideoPlaylistPrivacy.UNLISTED && isUUIDValid(elementId)) |
134 | message: 'Playlist is not public' | 137 | ) { |
135 | }) | 138 | res.locals.videoPlaylistSummary = videoPlaylist |
139 | return next() | ||
136 | } | 140 | } |
137 | 141 | ||
138 | res.locals.videoPlaylistSummary = videoPlaylist | 142 | return res.fail({ |
139 | return next() | 143 | status: HttpStatusCode.FORBIDDEN_403, |
144 | message: 'Playlist is not public' | ||
145 | }) | ||
140 | } | 146 | } |
141 | 147 | ||
142 | ] | 148 | ] |