aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/middlewares
diff options
context:
space:
mode:
Diffstat (limited to 'server/middlewares')
-rw-r--r--server/middlewares/validators/video-channels.ts25
1 files changed, 0 insertions, 25 deletions
diff --git a/server/middlewares/validators/video-channels.ts b/server/middlewares/validators/video-channels.ts
index 9e6f459cf..a70f196df 100644
--- a/server/middlewares/validators/video-channels.ts
+++ b/server/middlewares/validators/video-channels.ts
@@ -27,7 +27,6 @@ const listVideoAccountChannelsValidator = [
27] 27]
28 28
29const videoChannelsAddValidator = [ 29const videoChannelsAddValidator = [
30 param('accountId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid account id'),
31 body('name').custom(isVideoChannelNameValid).withMessage('Should have a valid name'), 30 body('name').custom(isVideoChannelNameValid).withMessage('Should have a valid name'),
32 body('description').optional().custom(isVideoChannelDescriptionValid).withMessage('Should have a valid description'), 31 body('description').optional().custom(isVideoChannelDescriptionValid).withMessage('Should have a valid description'),
33 body('support').optional().custom(isVideoChannelSupportValid).withMessage('Should have a valid support text'), 32 body('support').optional().custom(isVideoChannelSupportValid).withMessage('Should have a valid support text'),
@@ -43,7 +42,6 @@ const videoChannelsAddValidator = [
43 42
44const videoChannelsUpdateValidator = [ 43const videoChannelsUpdateValidator = [
45 param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), 44 param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
46 param('accountId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid account id'),
47 body('name').optional().custom(isVideoChannelNameValid).withMessage('Should have a valid name'), 45 body('name').optional().custom(isVideoChannelNameValid).withMessage('Should have a valid name'),
48 body('description').optional().custom(isVideoChannelDescriptionValid).withMessage('Should have a valid description'), 46 body('description').optional().custom(isVideoChannelDescriptionValid).withMessage('Should have a valid description'),
49 body('support').optional().custom(isVideoChannelSupportValid).withMessage('Should have a valid support text'), 47 body('support').optional().custom(isVideoChannelSupportValid).withMessage('Should have a valid support text'),
@@ -52,9 +50,7 @@ const videoChannelsUpdateValidator = [
52 logger.debug('Checking videoChannelsUpdate parameters', { parameters: req.body }) 50 logger.debug('Checking videoChannelsUpdate parameters', { parameters: req.body })
53 51
54 if (areValidationErrors(req, res)) return 52 if (areValidationErrors(req, res)) return
55 if (!await isAccountIdExist(req.params.accountId, res)) return
56 if (!await isVideoChannelExist(req.params.id, res)) return 53 if (!await isVideoChannelExist(req.params.id, res)) return
57 if (!checkAccountOwnsVideoChannel(res.locals.account, res.locals.videoChannel, res)) return
58 54
59 // We need to make additional checks 55 // We need to make additional checks
60 if (res.locals.videoChannel.Actor.isOwned() === false) { 56 if (res.locals.videoChannel.Actor.isOwned() === false) {
@@ -75,17 +71,13 @@ const videoChannelsUpdateValidator = [
75 71
76const videoChannelsRemoveValidator = [ 72const videoChannelsRemoveValidator = [
77 param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), 73 param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
78 param('accountId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid account id'),
79 74
80 async (req: express.Request, res: express.Response, next: express.NextFunction) => { 75 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
81 logger.debug('Checking videoChannelsRemove parameters', { parameters: req.params }) 76 logger.debug('Checking videoChannelsRemove parameters', { parameters: req.params })
82 77
83 if (areValidationErrors(req, res)) return 78 if (areValidationErrors(req, res)) return
84 if (!await isAccountIdExist(req.params.accountId, res)) return
85 if (!await isVideoChannelExist(req.params.id, res)) return 79 if (!await isVideoChannelExist(req.params.id, res)) return
86 80
87 if (!checkAccountOwnsVideoChannel(res.locals.account, res.locals.videoChannel, res)) return
88 // Check if the user who did the request is able to delete the video
89 if (!checkUserCanDeleteVideoChannel(res.locals.oauth.token.User, res.locals.videoChannel, res)) return 81 if (!checkUserCanDeleteVideoChannel(res.locals.oauth.token.User, res.locals.videoChannel, res)) return
90 if (!await checkVideoChannelIsNotTheLastOne(res)) return 82 if (!await checkVideoChannelIsNotTheLastOne(res)) return
91 83
@@ -95,19 +87,14 @@ const videoChannelsRemoveValidator = [
95 87
96const videoChannelsGetValidator = [ 88const videoChannelsGetValidator = [
97 param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), 89 param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
98 param('accountId').optional().custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid account id'),
99 90
100 async (req: express.Request, res: express.Response, next: express.NextFunction) => { 91 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
101 logger.debug('Checking videoChannelsGet parameters', { parameters: req.params }) 92 logger.debug('Checking videoChannelsGet parameters', { parameters: req.params })
102 93
103 if (areValidationErrors(req, res)) return 94 if (areValidationErrors(req, res)) return
104 95
105 // On some routes, accountId is optional (for example in the ActivityPub route)
106 if (req.params.accountId && !await isAccountIdExist(req.params.accountId, res)) return
107 if (!await isVideoChannelExist(req.params.id, res)) return 96 if (!await isVideoChannelExist(req.params.id, res)) return
108 97
109 if (res.locals.account && !checkAccountOwnsVideoChannel(res.locals.account, res.locals.videoChannel, res)) return
110
111 return next() 98 return next()
112 } 99 }
113] 100]
@@ -160,15 +147,3 @@ async function checkVideoChannelIsNotTheLastOne (res: express.Response) {
160 147
161 return true 148 return true
162} 149}
163
164function checkAccountOwnsVideoChannel (account: AccountModel, videoChannel: VideoChannelModel, res: express.Response) {
165 if (videoChannel.Account.id !== account.id) {
166 res.status(400)
167 .json({ error: 'This account does not own this video channel' })
168 .end()
169
170 return false
171 }
172
173 return true
174}