diff options
Diffstat (limited to 'server/middlewares')
-rw-r--r-- | server/middlewares/validators/video-channels.ts | 25 |
1 files changed, 0 insertions, 25 deletions
diff --git a/server/middlewares/validators/video-channels.ts b/server/middlewares/validators/video-channels.ts index 9e6f459cf..a70f196df 100644 --- a/server/middlewares/validators/video-channels.ts +++ b/server/middlewares/validators/video-channels.ts | |||
@@ -27,7 +27,6 @@ const listVideoAccountChannelsValidator = [ | |||
27 | ] | 27 | ] |
28 | 28 | ||
29 | const videoChannelsAddValidator = [ | 29 | const videoChannelsAddValidator = [ |
30 | param('accountId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid account id'), | ||
31 | body('name').custom(isVideoChannelNameValid).withMessage('Should have a valid name'), | 30 | body('name').custom(isVideoChannelNameValid).withMessage('Should have a valid name'), |
32 | body('description').optional().custom(isVideoChannelDescriptionValid).withMessage('Should have a valid description'), | 31 | body('description').optional().custom(isVideoChannelDescriptionValid).withMessage('Should have a valid description'), |
33 | body('support').optional().custom(isVideoChannelSupportValid).withMessage('Should have a valid support text'), | 32 | body('support').optional().custom(isVideoChannelSupportValid).withMessage('Should have a valid support text'), |
@@ -43,7 +42,6 @@ const videoChannelsAddValidator = [ | |||
43 | 42 | ||
44 | const videoChannelsUpdateValidator = [ | 43 | const videoChannelsUpdateValidator = [ |
45 | param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), | 44 | param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), |
46 | param('accountId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid account id'), | ||
47 | body('name').optional().custom(isVideoChannelNameValid).withMessage('Should have a valid name'), | 45 | body('name').optional().custom(isVideoChannelNameValid).withMessage('Should have a valid name'), |
48 | body('description').optional().custom(isVideoChannelDescriptionValid).withMessage('Should have a valid description'), | 46 | body('description').optional().custom(isVideoChannelDescriptionValid).withMessage('Should have a valid description'), |
49 | body('support').optional().custom(isVideoChannelSupportValid).withMessage('Should have a valid support text'), | 47 | body('support').optional().custom(isVideoChannelSupportValid).withMessage('Should have a valid support text'), |
@@ -52,9 +50,7 @@ const videoChannelsUpdateValidator = [ | |||
52 | logger.debug('Checking videoChannelsUpdate parameters', { parameters: req.body }) | 50 | logger.debug('Checking videoChannelsUpdate parameters', { parameters: req.body }) |
53 | 51 | ||
54 | if (areValidationErrors(req, res)) return | 52 | if (areValidationErrors(req, res)) return |
55 | if (!await isAccountIdExist(req.params.accountId, res)) return | ||
56 | if (!await isVideoChannelExist(req.params.id, res)) return | 53 | if (!await isVideoChannelExist(req.params.id, res)) return |
57 | if (!checkAccountOwnsVideoChannel(res.locals.account, res.locals.videoChannel, res)) return | ||
58 | 54 | ||
59 | // We need to make additional checks | 55 | // We need to make additional checks |
60 | if (res.locals.videoChannel.Actor.isOwned() === false) { | 56 | if (res.locals.videoChannel.Actor.isOwned() === false) { |
@@ -75,17 +71,13 @@ const videoChannelsUpdateValidator = [ | |||
75 | 71 | ||
76 | const videoChannelsRemoveValidator = [ | 72 | const videoChannelsRemoveValidator = [ |
77 | param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), | 73 | param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), |
78 | param('accountId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid account id'), | ||
79 | 74 | ||
80 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | 75 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { |
81 | logger.debug('Checking videoChannelsRemove parameters', { parameters: req.params }) | 76 | logger.debug('Checking videoChannelsRemove parameters', { parameters: req.params }) |
82 | 77 | ||
83 | if (areValidationErrors(req, res)) return | 78 | if (areValidationErrors(req, res)) return |
84 | if (!await isAccountIdExist(req.params.accountId, res)) return | ||
85 | if (!await isVideoChannelExist(req.params.id, res)) return | 79 | if (!await isVideoChannelExist(req.params.id, res)) return |
86 | 80 | ||
87 | if (!checkAccountOwnsVideoChannel(res.locals.account, res.locals.videoChannel, res)) return | ||
88 | // Check if the user who did the request is able to delete the video | ||
89 | if (!checkUserCanDeleteVideoChannel(res.locals.oauth.token.User, res.locals.videoChannel, res)) return | 81 | if (!checkUserCanDeleteVideoChannel(res.locals.oauth.token.User, res.locals.videoChannel, res)) return |
90 | if (!await checkVideoChannelIsNotTheLastOne(res)) return | 82 | if (!await checkVideoChannelIsNotTheLastOne(res)) return |
91 | 83 | ||
@@ -95,19 +87,14 @@ const videoChannelsRemoveValidator = [ | |||
95 | 87 | ||
96 | const videoChannelsGetValidator = [ | 88 | const videoChannelsGetValidator = [ |
97 | param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), | 89 | param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), |
98 | param('accountId').optional().custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid account id'), | ||
99 | 90 | ||
100 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | 91 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { |
101 | logger.debug('Checking videoChannelsGet parameters', { parameters: req.params }) | 92 | logger.debug('Checking videoChannelsGet parameters', { parameters: req.params }) |
102 | 93 | ||
103 | if (areValidationErrors(req, res)) return | 94 | if (areValidationErrors(req, res)) return |
104 | 95 | ||
105 | // On some routes, accountId is optional (for example in the ActivityPub route) | ||
106 | if (req.params.accountId && !await isAccountIdExist(req.params.accountId, res)) return | ||
107 | if (!await isVideoChannelExist(req.params.id, res)) return | 96 | if (!await isVideoChannelExist(req.params.id, res)) return |
108 | 97 | ||
109 | if (res.locals.account && !checkAccountOwnsVideoChannel(res.locals.account, res.locals.videoChannel, res)) return | ||
110 | |||
111 | return next() | 98 | return next() |
112 | } | 99 | } |
113 | ] | 100 | ] |
@@ -160,15 +147,3 @@ async function checkVideoChannelIsNotTheLastOne (res: express.Response) { | |||
160 | 147 | ||
161 | return true | 148 | return true |
162 | } | 149 | } |
163 | |||
164 | function checkAccountOwnsVideoChannel (account: AccountModel, videoChannel: VideoChannelModel, res: express.Response) { | ||
165 | if (videoChannel.Account.id !== account.id) { | ||
166 | res.status(400) | ||
167 | .json({ error: 'This account does not own this video channel' }) | ||
168 | .end() | ||
169 | |||
170 | return false | ||
171 | } | ||
172 | |||
173 | return true | ||
174 | } | ||