From 3e753302d8c911b59971c16a8018df0e1ab78465 Mon Sep 17 00:00:00 2001
From: Chocobozzz <me@florianbigard.com>
Date: Tue, 23 Jul 2019 10:40:39 +0200
Subject: Refactor middleware helpers

---
 server/helpers/middlewares/videos.ts | 82 ++++++++++++++++++++++++++++++++++++
 1 file changed, 82 insertions(+)
 create mode 100644 server/helpers/middlewares/videos.ts

(limited to 'server/helpers/middlewares/videos.ts')

diff --git a/server/helpers/middlewares/videos.ts b/server/helpers/middlewares/videos.ts
new file mode 100644
index 000000000..ceb1058ec
--- /dev/null
+++ b/server/helpers/middlewares/videos.ts
@@ -0,0 +1,82 @@
+import { Response } from 'express'
+import { fetchVideo, VideoFetchType } from '../video'
+import { UserModel } from '../../models/account/user'
+import { UserRight } from '../../../shared/models/users'
+import { VideoChannelModel } from '../../models/video/video-channel'
+import { VideoModel } from '../../models/video/video'
+
+async function doesVideoExist (id: number | string, res: Response, fetchType: VideoFetchType = 'all') {
+  const userId = res.locals.oauth ? res.locals.oauth.token.User.id : undefined
+
+  const video = await fetchVideo(id, fetchType, userId)
+
+  if (video === null) {
+    res.status(404)
+       .json({ error: 'Video not found' })
+       .end()
+
+    return false
+  }
+
+  if (fetchType !== 'none') res.locals.video = video
+  return true
+}
+
+async function doesVideoChannelOfAccountExist (channelId: number, user: UserModel, res: Response) {
+  if (user.hasRight(UserRight.UPDATE_ANY_VIDEO) === true) {
+    const videoChannel = await VideoChannelModel.loadAndPopulateAccount(channelId)
+    if (videoChannel === null) {
+      res.status(400)
+         .json({ error: 'Unknown video `video channel` on this instance.' })
+         .end()
+
+      return false
+    }
+
+    res.locals.videoChannel = videoChannel
+    return true
+  }
+
+  const videoChannel = await VideoChannelModel.loadByIdAndAccount(channelId, user.Account.id)
+  if (videoChannel === null) {
+    res.status(400)
+       .json({ error: 'Unknown video `video channel` for this account.' })
+       .end()
+
+    return false
+  }
+
+  res.locals.videoChannel = videoChannel
+  return true
+}
+
+function checkUserCanManageVideo (user: UserModel, video: VideoModel, right: UserRight, res: Response) {
+  // Retrieve the user who did the request
+  if (video.isOwned() === false) {
+    res.status(403)
+       .json({ error: 'Cannot manage a video of another server.' })
+       .end()
+    return false
+  }
+
+  // Check if the user can delete the video
+  // The user can delete it if he has the right
+  // Or if s/he is the video's account
+  const account = video.VideoChannel.Account
+  if (user.hasRight(right) === false && account.userId !== user.id) {
+    res.status(403)
+       .json({ error: 'Cannot manage a video of another user.' })
+       .end()
+    return false
+  }
+
+  return true
+}
+
+// ---------------------------------------------------------------------------
+
+export {
+  doesVideoChannelOfAccountExist,
+  doesVideoExist,
+  checkUserCanManageVideo
+}
-- 
cgit v1.2.3