aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/middlewares
diff options
context:
space:
mode:
Diffstat (limited to 'server/middlewares')
-rw-r--r--server/middlewares/validators/oembed.ts36
1 files changed, 21 insertions, 15 deletions
diff --git a/server/middlewares/validators/oembed.ts b/server/middlewares/validators/oembed.ts
index 32dd05271..fc1a294e0 100644
--- a/server/middlewares/validators/oembed.ts
+++ b/server/middlewares/validators/oembed.ts
@@ -6,7 +6,7 @@ import { VideoPlaylistModel } from '@server/models/video/video-playlist'
6import { VideoPlaylistPrivacy, VideoPrivacy } from '@shared/models' 6import { VideoPlaylistPrivacy, VideoPrivacy } from '@shared/models'
7import { HttpStatusCode } from '../../../shared/models/http/http-error-codes' 7import { HttpStatusCode } from '../../../shared/models/http/http-error-codes'
8import { isTestInstance } from '../../helpers/core-utils' 8import { isTestInstance } from '../../helpers/core-utils'
9import { isIdOrUUIDValid, toCompleteUUID } from '../../helpers/custom-validators/misc' 9import { isIdOrUUIDValid, isUUIDValid, toCompleteUUID } from '../../helpers/custom-validators/misc'
10import { logger } from '../../helpers/logger' 10import { logger } from '../../helpers/logger'
11import { WEBSERVER } from '../../initializers/constants' 11import { WEBSERVER } from '../../initializers/constants'
12import { areValidationErrors } from './shared' 12import { areValidationErrors } from './shared'
@@ -107,15 +107,18 @@ const oembedValidator = [
107 }) 107 })
108 } 108 }
109 109
110 if (video.privacy !== VideoPrivacy.PUBLIC) { 110 if (
111 return res.fail({ 111 video.privacy === VideoPrivacy.PUBLIC ||
112 status: HttpStatusCode.FORBIDDEN_403, 112 (video.privacy === VideoPrivacy.UNLISTED && isUUIDValid(elementId) === true)
113 message: 'Video is not public' 113 ) {
114 }) 114 res.locals.videoAll = video
115 return next()
115 } 116 }
116 117
117 res.locals.videoAll = video 118 return res.fail({
118 return next() 119 status: HttpStatusCode.FORBIDDEN_403,
120 message: 'Video is not publicly available'
121 })
119 } 122 }
120 123
121 // Is playlist 124 // Is playlist
@@ -128,15 +131,18 @@ const oembedValidator = [
128 }) 131 })
129 } 132 }
130 133
131 if (videoPlaylist.privacy !== VideoPlaylistPrivacy.PUBLIC) { 134 if (
132 return res.fail({ 135 videoPlaylist.privacy === VideoPlaylistPrivacy.PUBLIC ||
133 status: HttpStatusCode.FORBIDDEN_403, 136 (videoPlaylist.privacy === VideoPlaylistPrivacy.UNLISTED && isUUIDValid(elementId))
134 message: 'Playlist is not public' 137 ) {
135 }) 138 res.locals.videoPlaylistSummary = videoPlaylist
139 return next()
136 } 140 }
137 141
138 res.locals.videoPlaylistSummary = videoPlaylist 142 return res.fail({
139 return next() 143 status: HttpStatusCode.FORBIDDEN_403,
144 message: 'Playlist is not public'
145 })
140 } 146 }
141 147
142] 148]