aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/middlewares
diff options
context:
space:
mode:
Diffstat (limited to 'server/middlewares')
-rw-r--r--server/middlewares/validators/account.ts4
-rw-r--r--server/middlewares/validators/sort.ts5
-rw-r--r--server/middlewares/validators/videos/video-channels.ts14
-rw-r--r--server/middlewares/validators/videos/video-imports.ts4
-rw-r--r--server/middlewares/validators/videos/video-playlists.ts302
-rw-r--r--server/middlewares/validators/videos/videos.ts8
6 files changed, 314 insertions, 23 deletions
diff --git a/server/middlewares/validators/account.ts b/server/middlewares/validators/account.ts
index b3a51e631..88c57eaa1 100644
--- a/server/middlewares/validators/account.ts
+++ b/server/middlewares/validators/account.ts
@@ -17,7 +17,7 @@ const localAccountValidator = [
17 } 17 }
18] 18]
19 19
20const accountsNameWithHostGetValidator = [ 20const accountNameWithHostGetValidator = [
21 param('accountName').exists().withMessage('Should have an account name with host'), 21 param('accountName').exists().withMessage('Should have an account name with host'),
22 22
23 async (req: express.Request, res: express.Response, next: express.NextFunction) => { 23 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
@@ -34,5 +34,5 @@ const accountsNameWithHostGetValidator = [
34 34
35export { 35export {
36 localAccountValidator, 36 localAccountValidator,
37 accountsNameWithHostGetValidator 37 accountNameWithHostGetValidator
38} 38}
diff --git a/server/middlewares/validators/sort.ts b/server/middlewares/validators/sort.ts
index 5ceda845f..ea59fbf73 100644
--- a/server/middlewares/validators/sort.ts
+++ b/server/middlewares/validators/sort.ts
@@ -19,6 +19,7 @@ const SORTABLE_USER_SUBSCRIPTIONS_COLUMNS = createSortableColumns(SORTABLE_COLUM
19const SORTABLE_ACCOUNTS_BLOCKLIST_COLUMNS = createSortableColumns(SORTABLE_COLUMNS.ACCOUNTS_BLOCKLIST) 19const SORTABLE_ACCOUNTS_BLOCKLIST_COLUMNS = createSortableColumns(SORTABLE_COLUMNS.ACCOUNTS_BLOCKLIST)
20const SORTABLE_SERVERS_BLOCKLIST_COLUMNS = createSortableColumns(SORTABLE_COLUMNS.SERVERS_BLOCKLIST) 20const SORTABLE_SERVERS_BLOCKLIST_COLUMNS = createSortableColumns(SORTABLE_COLUMNS.SERVERS_BLOCKLIST)
21const SORTABLE_USER_NOTIFICATIONS_COLUMNS = createSortableColumns(SORTABLE_COLUMNS.USER_NOTIFICATIONS) 21const SORTABLE_USER_NOTIFICATIONS_COLUMNS = createSortableColumns(SORTABLE_COLUMNS.USER_NOTIFICATIONS)
22const SORTABLE_VIDEO_PLAYLISTS_COLUMNS = createSortableColumns(SORTABLE_COLUMNS.VIDEO_PLAYLISTS)
22 23
23const usersSortValidator = checkSort(SORTABLE_USERS_COLUMNS) 24const usersSortValidator = checkSort(SORTABLE_USERS_COLUMNS)
24const accountsSortValidator = checkSort(SORTABLE_ACCOUNTS_COLUMNS) 25const accountsSortValidator = checkSort(SORTABLE_ACCOUNTS_COLUMNS)
@@ -37,6 +38,7 @@ const userSubscriptionsSortValidator = checkSort(SORTABLE_USER_SUBSCRIPTIONS_COL
37const accountsBlocklistSortValidator = checkSort(SORTABLE_ACCOUNTS_BLOCKLIST_COLUMNS) 38const accountsBlocklistSortValidator = checkSort(SORTABLE_ACCOUNTS_BLOCKLIST_COLUMNS)
38const serversBlocklistSortValidator = checkSort(SORTABLE_SERVERS_BLOCKLIST_COLUMNS) 39const serversBlocklistSortValidator = checkSort(SORTABLE_SERVERS_BLOCKLIST_COLUMNS)
39const userNotificationsSortValidator = checkSort(SORTABLE_USER_NOTIFICATIONS_COLUMNS) 40const userNotificationsSortValidator = checkSort(SORTABLE_USER_NOTIFICATIONS_COLUMNS)
41const videoPlaylistsSortValidator = checkSort(SORTABLE_VIDEO_PLAYLISTS_COLUMNS)
40 42
41// --------------------------------------------------------------------------- 43// ---------------------------------------------------------------------------
42 44
@@ -57,5 +59,6 @@ export {
57 videoChannelsSearchSortValidator, 59 videoChannelsSearchSortValidator,
58 accountsBlocklistSortValidator, 60 accountsBlocklistSortValidator,
59 serversBlocklistSortValidator, 61 serversBlocklistSortValidator,
60 userNotificationsSortValidator 62 userNotificationsSortValidator,
63 videoPlaylistsSortValidator
61} 64}
diff --git a/server/middlewares/validators/videos/video-channels.ts b/server/middlewares/validators/videos/video-channels.ts
index f039794e0..c2763ce51 100644
--- a/server/middlewares/validators/videos/video-channels.ts
+++ b/server/middlewares/validators/videos/video-channels.ts
@@ -16,19 +16,6 @@ import { areValidationErrors } from '../utils'
16import { isActorPreferredUsernameValid } from '../../../helpers/custom-validators/activitypub/actor' 16import { isActorPreferredUsernameValid } from '../../../helpers/custom-validators/activitypub/actor'
17import { ActorModel } from '../../../models/activitypub/actor' 17import { ActorModel } from '../../../models/activitypub/actor'
18 18
19const listVideoAccountChannelsValidator = [
20 param('accountName').exists().withMessage('Should have a valid account name'),
21
22 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
23 logger.debug('Checking listVideoAccountChannelsValidator parameters', { parameters: req.body })
24
25 if (areValidationErrors(req, res)) return
26 if (!await isAccountNameWithHostExist(req.params.accountName, res)) return
27
28 return next()
29 }
30]
31
32const videoChannelsAddValidator = [ 19const videoChannelsAddValidator = [
33 body('name').custom(isActorPreferredUsernameValid).withMessage('Should have a valid channel name'), 20 body('name').custom(isActorPreferredUsernameValid).withMessage('Should have a valid channel name'),
34 body('displayName').custom(isVideoChannelNameValid).withMessage('Should have a valid display name'), 21 body('displayName').custom(isVideoChannelNameValid).withMessage('Should have a valid display name'),
@@ -127,7 +114,6 @@ const localVideoChannelValidator = [
127// --------------------------------------------------------------------------- 114// ---------------------------------------------------------------------------
128 115
129export { 116export {
130 listVideoAccountChannelsValidator,
131 videoChannelsAddValidator, 117 videoChannelsAddValidator,
132 videoChannelsUpdateValidator, 118 videoChannelsUpdateValidator,
133 videoChannelsRemoveValidator, 119 videoChannelsRemoveValidator,
diff --git a/server/middlewares/validators/videos/video-imports.ts b/server/middlewares/validators/videos/video-imports.ts
index 48d20f904..121df36b6 100644
--- a/server/middlewares/validators/videos/video-imports.ts
+++ b/server/middlewares/validators/videos/video-imports.ts
@@ -3,14 +3,14 @@ import { body } from 'express-validator/check'
3import { isIdValid } from '../../../helpers/custom-validators/misc' 3import { isIdValid } from '../../../helpers/custom-validators/misc'
4import { logger } from '../../../helpers/logger' 4import { logger } from '../../../helpers/logger'
5import { areValidationErrors } from '../utils' 5import { areValidationErrors } from '../utils'
6import { getCommonVideoAttributes } from './videos' 6import { getCommonVideoEditAttributes } from './videos'
7import { isVideoImportTargetUrlValid, isVideoImportTorrentFile } from '../../../helpers/custom-validators/video-imports' 7import { isVideoImportTargetUrlValid, isVideoImportTorrentFile } from '../../../helpers/custom-validators/video-imports'
8import { cleanUpReqFiles } from '../../../helpers/express-utils' 8import { cleanUpReqFiles } from '../../../helpers/express-utils'
9import { isVideoChannelOfAccountExist, isVideoMagnetUriValid, isVideoNameValid } from '../../../helpers/custom-validators/videos' 9import { isVideoChannelOfAccountExist, isVideoMagnetUriValid, isVideoNameValid } from '../../../helpers/custom-validators/videos'
10import { CONFIG } from '../../../initializers/constants' 10import { CONFIG } from '../../../initializers/constants'
11import { CONSTRAINTS_FIELDS } from '../../../initializers' 11import { CONSTRAINTS_FIELDS } from '../../../initializers'
12 12
13const videoImportAddValidator = getCommonVideoAttributes().concat([ 13const videoImportAddValidator = getCommonVideoEditAttributes().concat([
14 body('channelId') 14 body('channelId')
15 .toInt() 15 .toInt()
16 .custom(isIdValid).withMessage('Should have correct video channel id'), 16 .custom(isIdValid).withMessage('Should have correct video channel id'),
diff --git a/server/middlewares/validators/videos/video-playlists.ts b/server/middlewares/validators/videos/video-playlists.ts
new file mode 100644
index 000000000..ef8d0b851
--- /dev/null
+++ b/server/middlewares/validators/videos/video-playlists.ts
@@ -0,0 +1,302 @@
1import * as express from 'express'
2import { body, param, ValidationChain } from 'express-validator/check'
3import { UserRight, VideoPrivacy } from '../../../../shared'
4import { logger } from '../../../helpers/logger'
5import { UserModel } from '../../../models/account/user'
6import { areValidationErrors } from '../utils'
7import { isVideoExist, isVideoImage } from '../../../helpers/custom-validators/videos'
8import { CONSTRAINTS_FIELDS } from '../../../initializers'
9import { isIdOrUUIDValid, toValueOrNull } from '../../../helpers/custom-validators/misc'
10import {
11 isVideoPlaylistDescriptionValid,
12 isVideoPlaylistExist,
13 isVideoPlaylistNameValid,
14 isVideoPlaylistPrivacyValid
15} from '../../../helpers/custom-validators/video-playlists'
16import { VideoPlaylistModel } from '../../../models/video/video-playlist'
17import { cleanUpReqFiles } from '../../../helpers/express-utils'
18import { isVideoChannelIdExist } from '../../../helpers/custom-validators/video-channels'
19import { VideoPlaylistElementModel } from '../../../models/video/video-playlist-element'
20import { VideoModel } from '../../../models/video/video'
21import { authenticatePromiseIfNeeded } from '../../oauth'
22import { VideoPlaylistPrivacy } from '../../../../shared/models/videos/playlist/video-playlist-privacy.model'
23
24const videoPlaylistsAddValidator = getCommonPlaylistEditAttributes().concat([
25 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
26 logger.debug('Checking videoPlaylistsAddValidator parameters', { parameters: req.body })
27
28 if (areValidationErrors(req, res)) return cleanUpReqFiles(req)
29
30 if (req.body.videoChannelId && !await isVideoChannelIdExist(req.body.videoChannelId, res)) return cleanUpReqFiles(req)
31
32 return next()
33 }
34])
35
36const videoPlaylistsUpdateValidator = getCommonPlaylistEditAttributes().concat([
37 param('playlistId')
38 .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
39
40 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
41 logger.debug('Checking videoPlaylistsUpdateValidator parameters', { parameters: req.body })
42
43 if (areValidationErrors(req, res)) return cleanUpReqFiles(req)
44
45 if (!await isVideoPlaylistExist(req.params.playlistId, res)) return cleanUpReqFiles(req)
46 if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, res.locals.videoPlaylist, UserRight.REMOVE_ANY_VIDEO_PLAYLIST, res)) {
47 return cleanUpReqFiles(req)
48 }
49
50 if (req.body.videoChannelId && !await isVideoChannelIdExist(req.body.videoChannelId, res)) return cleanUpReqFiles(req)
51
52 return next()
53 }
54])
55
56const videoPlaylistsDeleteValidator = [
57 param('playlistId')
58 .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
59
60 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
61 logger.debug('Checking videoPlaylistsDeleteValidator parameters', { parameters: req.params })
62
63 if (areValidationErrors(req, res)) return
64
65 if (!await isVideoPlaylistExist(req.params.playlistId, res)) return
66 if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, res.locals.videoPlaylist, UserRight.REMOVE_ANY_VIDEO_PLAYLIST, res)) {
67 return
68 }
69
70 return next()
71 }
72]
73
74const videoPlaylistsGetValidator = [
75 param('playlistId')
76 .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
77
78 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
79 logger.debug('Checking videoPlaylistsGetValidator parameters', { parameters: req.params })
80
81 if (areValidationErrors(req, res)) return
82
83 if (!await isVideoPlaylistExist(req.params.playlistId, res)) return
84
85 const videoPlaylist: VideoPlaylistModel = res.locals.videoPlaylist
86 if (videoPlaylist.privacy === VideoPlaylistPrivacy.PRIVATE) {
87 await authenticatePromiseIfNeeded(req, res)
88
89 const user: UserModel = res.locals.oauth ? res.locals.oauth.token.User : null
90
91 if (
92 !user ||
93 (videoPlaylist.OwnerAccount.userId !== user.id && !user.hasRight(UserRight.UPDATE_ANY_VIDEO_PLAYLIST))
94 ) {
95 return res.status(403)
96 .json({ error: 'Cannot get this private video playlist.' })
97 }
98
99 return next()
100 }
101
102 return next()
103 }
104]
105
106const videoPlaylistsAddVideoValidator = [
107 param('playlistId')
108 .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
109 body('videoId')
110 .custom(isIdOrUUIDValid).withMessage('Should have a valid video id/uuid'),
111 body('startTimestamp')
112 .optional()
113 .isInt({ min: 0 }).withMessage('Should have a valid start timestamp'),
114 body('stopTimestamp')
115 .optional()
116 .isInt({ min: 0 }).withMessage('Should have a valid stop timestamp'),
117
118 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
119 logger.debug('Checking videoPlaylistsAddVideoValidator parameters', { parameters: req.params })
120
121 if (areValidationErrors(req, res)) return
122
123 if (!await isVideoPlaylistExist(req.params.playlistId, res)) return
124 if (!await isVideoExist(req.body.videoId, res, 'id')) return
125
126 const videoPlaylist: VideoPlaylistModel = res.locals.videoPlaylist
127 const video: VideoModel = res.locals.video
128
129 const videoPlaylistElement = await VideoPlaylistElementModel.loadByPlaylistAndVideo(videoPlaylist.id, video.id)
130 if (videoPlaylistElement) {
131 res.status(409)
132 .json({ error: 'This video in this playlist already exists' })
133 .end()
134
135 return
136 }
137
138 if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, res.locals.videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) {
139 return
140 }
141
142 return next()
143 }
144]
145
146const videoPlaylistsUpdateOrRemoveVideoValidator = [
147 param('playlistId')
148 .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
149 param('videoId')
150 .custom(isIdOrUUIDValid).withMessage('Should have an video id/uuid'),
151 body('startTimestamp')
152 .optional()
153 .isInt({ min: 0 }).withMessage('Should have a valid start timestamp'),
154 body('stopTimestamp')
155 .optional()
156 .isInt({ min: 0 }).withMessage('Should have a valid stop timestamp'),
157
158 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
159 logger.debug('Checking videoPlaylistsRemoveVideoValidator parameters', { parameters: req.params })
160
161 if (areValidationErrors(req, res)) return
162
163 if (!await isVideoPlaylistExist(req.params.playlistId, res)) return
164 if (!await isVideoExist(req.params.playlistId, res, 'id')) return
165
166 const videoPlaylist: VideoPlaylistModel = res.locals.videoPlaylist
167 const video: VideoModel = res.locals.video
168
169 const videoPlaylistElement = await VideoPlaylistElementModel.loadByPlaylistAndVideo(videoPlaylist.id, video.id)
170 if (!videoPlaylistElement) {
171 res.status(404)
172 .json({ error: 'Video playlist element not found' })
173 .end()
174
175 return
176 }
177 res.locals.videoPlaylistElement = videoPlaylistElement
178
179 if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) return
180
181 return next()
182 }
183]
184
185const videoPlaylistElementAPGetValidator = [
186 param('playlistId')
187 .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
188 param('videoId')
189 .custom(isIdOrUUIDValid).withMessage('Should have an video id/uuid'),
190
191 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
192 logger.debug('Checking videoPlaylistElementAPGetValidator parameters', { parameters: req.params })
193
194 if (areValidationErrors(req, res)) return
195
196 const videoPlaylistElement = await VideoPlaylistElementModel.loadByPlaylistAndVideoForAP(req.params.playlistId, req.params.videoId)
197 if (!videoPlaylistElement) {
198 res.status(404)
199 .json({ error: 'Video playlist element not found' })
200 .end()
201
202 return
203 }
204
205 if (videoPlaylistElement.VideoPlaylist.privacy === VideoPlaylistPrivacy.PRIVATE) {
206 return res.status(403).end()
207 }
208
209 res.locals.videoPlaylistElement = videoPlaylistElement
210
211 return next()
212 }
213]
214
215const videoPlaylistsReorderVideosValidator = [
216 param('playlistId')
217 .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
218 body('startPosition')
219 .isInt({ min: 1 }).withMessage('Should have a valid start position'),
220 body('insertAfterPosition')
221 .isInt({ min: 0 }).withMessage('Should have a valid insert after position'),
222 body('reorderLength')
223 .optional()
224 .isInt({ min: 1 }).withMessage('Should have a valid range length'),
225
226 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
227 logger.debug('Checking videoPlaylistsReorderVideosValidator parameters', { parameters: req.params })
228
229 if (areValidationErrors(req, res)) return
230
231 if (!await isVideoPlaylistExist(req.params.playlistId, res)) return
232
233 const videoPlaylist: VideoPlaylistModel = res.locals.videoPlaylist
234 if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) return
235
236 return next()
237 }
238]
239
240// ---------------------------------------------------------------------------
241
242export {
243 videoPlaylistsAddValidator,
244 videoPlaylistsUpdateValidator,
245 videoPlaylistsDeleteValidator,
246 videoPlaylistsGetValidator,
247
248 videoPlaylistsAddVideoValidator,
249 videoPlaylistsUpdateOrRemoveVideoValidator,
250 videoPlaylistsReorderVideosValidator,
251
252 videoPlaylistElementAPGetValidator
253}
254
255// ---------------------------------------------------------------------------
256
257function getCommonPlaylistEditAttributes () {
258 return [
259 body('thumbnailfile')
260 .custom((value, { req }) => isVideoImage(req.files, 'thumbnailfile')).withMessage(
261 'This thumbnail file is not supported or too large. Please, make sure it is of the following type: '
262 + CONSTRAINTS_FIELDS.VIDEO_PLAYLISTS.IMAGE.EXTNAME.join(', ')
263 ),
264
265 body('displayName')
266 .custom(isVideoPlaylistNameValid).withMessage('Should have a valid display name'),
267 body('description')
268 .optional()
269 .customSanitizer(toValueOrNull)
270 .custom(isVideoPlaylistDescriptionValid).withMessage('Should have a valid description'),
271 body('privacy')
272 .optional()
273 .toInt()
274 .custom(isVideoPlaylistPrivacyValid).withMessage('Should have correct playlist privacy'),
275 body('videoChannelId')
276 .optional()
277 .toInt()
278 ] as (ValidationChain | express.Handler)[]
279}
280
281function checkUserCanManageVideoPlaylist (user: UserModel, videoPlaylist: VideoPlaylistModel, right: UserRight, res: express.Response) {
282 if (videoPlaylist.isOwned() === false) {
283 res.status(403)
284 .json({ error: 'Cannot manage video playlist of another server.' })
285 .end()
286
287 return false
288 }
289
290 // Check if the user can manage the video playlist
291 // The user can delete it if s/he is an admin
292 // Or if s/he is the video playlist's owner
293 if (user.hasRight(right) === false && videoPlaylist.ownerAccountId !== user.Account.id) {
294 res.status(403)
295 .json({ error: 'Cannot manage video playlist of another user' })
296 .end()
297
298 return false
299 }
300
301 return true
302}
diff --git a/server/middlewares/validators/videos/videos.ts b/server/middlewares/validators/videos/videos.ts
index 159727e28..a5e3ed0dc 100644
--- a/server/middlewares/validators/videos/videos.ts
+++ b/server/middlewares/validators/videos/videos.ts
@@ -46,7 +46,7 @@ import { VideoFetchType } from '../../../helpers/video'
46import { isNSFWQueryValid, isNumberArray, isStringArray } from '../../../helpers/custom-validators/search' 46import { isNSFWQueryValid, isNumberArray, isStringArray } from '../../../helpers/custom-validators/search'
47import { getServerActor } from '../../../helpers/utils' 47import { getServerActor } from '../../../helpers/utils'
48 48
49const videosAddValidator = getCommonVideoAttributes().concat([ 49const videosAddValidator = getCommonVideoEditAttributes().concat([
50 body('videofile') 50 body('videofile')
51 .custom((value, { req }) => isVideoFile(req.files)).withMessage( 51 .custom((value, { req }) => isVideoFile(req.files)).withMessage(
52 'This file is not supported or too large. Please, make sure it is of the following type: ' 52 'This file is not supported or too large. Please, make sure it is of the following type: '
@@ -94,7 +94,7 @@ const videosAddValidator = getCommonVideoAttributes().concat([
94 } 94 }
95]) 95])
96 96
97const videosUpdateValidator = getCommonVideoAttributes().concat([ 97const videosUpdateValidator = getCommonVideoEditAttributes().concat([
98 param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), 98 param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
99 body('name') 99 body('name')
100 .optional() 100 .optional()
@@ -288,7 +288,7 @@ const videosAcceptChangeOwnershipValidator = [
288 } 288 }
289] 289]
290 290
291function getCommonVideoAttributes () { 291function getCommonVideoEditAttributes () {
292 return [ 292 return [
293 body('thumbnailfile') 293 body('thumbnailfile')
294 .custom((value, { req }) => isVideoImage(req.files, 'thumbnailfile')).withMessage( 294 .custom((value, { req }) => isVideoImage(req.files, 'thumbnailfile')).withMessage(
@@ -421,7 +421,7 @@ export {
421 videosTerminateChangeOwnershipValidator, 421 videosTerminateChangeOwnershipValidator,
422 videosAcceptChangeOwnershipValidator, 422 videosAcceptChangeOwnershipValidator,
423 423
424 getCommonVideoAttributes, 424 getCommonVideoEditAttributes,
425 425
426 commonVideosFiltersValidator 426 commonVideosFiltersValidator
427} 427}