From d4a8e7a65f97bb3257facc13e1ae8ffdbad61ddb Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Mon, 28 Jun 2021 17:30:59 +0200 Subject: Support short uuid for GET video/playlist --- server/middlewares/validators/abuse.ts | 3 +- server/middlewares/validators/feeds.ts | 8 +++-- server/middlewares/validators/index.ts | 2 +- server/middlewares/validators/oembed.ts | 4 +-- server/middlewares/validators/redundancy.ts | 23 ++++++++---- server/middlewares/validators/shared/utils.ts | 19 ++++++++-- server/middlewares/validators/users.ts | 6 ++-- .../validators/videos/video-blacklist.ts | 14 ++++---- .../validators/videos/video-captions.ts | 18 ++++++---- .../validators/videos/video-comments.ts | 31 ++++++++++------ server/middlewares/validators/videos/video-live.ts | 14 +++++--- .../validators/videos/video-ownership-changes.ts | 10 +++--- .../validators/videos/video-playlists.ts | 41 +++++++++++++--------- .../middlewares/validators/videos/video-rates.ts | 7 ++-- .../middlewares/validators/videos/video-shares.ts | 10 +++--- .../middlewares/validators/videos/video-watch.ts | 9 ++--- server/middlewares/validators/videos/videos.ts | 17 +++++---- 17 files changed, 151 insertions(+), 85 deletions(-) (limited to 'server/middlewares/validators') diff --git a/server/middlewares/validators/abuse.ts b/server/middlewares/validators/abuse.ts index 56c97747c..c048bc6af 100644 --- a/server/middlewares/validators/abuse.ts +++ b/server/middlewares/validators/abuse.ts @@ -12,7 +12,7 @@ import { isAbuseTimestampValid, isAbuseVideoIsValid } from '@server/helpers/custom-validators/abuses' -import { exists, isIdOrUUIDValid, isIdValid, toIntOrNull } from '@server/helpers/custom-validators/misc' +import { exists, isIdOrUUIDValid, isIdValid, toCompleteUUID, toIntOrNull } from '@server/helpers/custom-validators/misc' import { logger } from '@server/helpers/logger' import { AbuseMessageModel } from '@server/models/abuse/abuse-message' import { AbuseCreate, UserRight } from '@shared/models' @@ -27,6 +27,7 @@ const abuseReportValidator = [ body('video.id') .optional() + .customSanitizer(toCompleteUUID) .custom(isIdOrUUIDValid) .withMessage('Should have a valid videoId'), body('video.startAt') diff --git a/server/middlewares/validators/feeds.ts b/server/middlewares/validators/feeds.ts index 51e6d6fff..51b8fdd19 100644 --- a/server/middlewares/validators/feeds.ts +++ b/server/middlewares/validators/feeds.ts @@ -1,8 +1,9 @@ import * as express from 'express' import { param, query } from 'express-validator' + import { HttpStatusCode } from '../../../shared/core-utils/miscs/http-error-codes' import { isValidRSSFeed } from '../../helpers/custom-validators/feeds' -import { exists, isIdOrUUIDValid, isIdValid } from '../../helpers/custom-validators/misc' +import { exists, isIdOrUUIDValid, isIdValid, toCompleteUUID } from '../../helpers/custom-validators/misc' import { logger } from '../../helpers/logger' import { areValidationErrors, @@ -98,7 +99,10 @@ const videoSubscriptionFeedsValidator = [ ] const videoCommentsFeedsValidator = [ - query('videoId').optional().custom(isIdOrUUIDValid), + query('videoId') + .customSanitizer(toCompleteUUID) + .optional() + .custom(isIdOrUUIDValid), async (req: express.Request, res: express.Response, next: express.NextFunction) => { logger.debug('Checking feeds parameters', { parameters: req.query }) diff --git a/server/middlewares/validators/index.ts b/server/middlewares/validators/index.ts index 24faeea3e..94a3c2dea 100644 --- a/server/middlewares/validators/index.ts +++ b/server/middlewares/validators/index.ts @@ -11,7 +11,7 @@ export * from './sort' export * from './users' export * from './user-subscriptions' export * from './videos' -export * from './webfinger' export * from './search' export * from './server' export * from './user-history' +export * from './webfinger' diff --git a/server/middlewares/validators/oembed.ts b/server/middlewares/validators/oembed.ts index e1015d7fd..0a82e6932 100644 --- a/server/middlewares/validators/oembed.ts +++ b/server/middlewares/validators/oembed.ts @@ -6,7 +6,7 @@ import { VideoPlaylistModel } from '@server/models/video/video-playlist' import { VideoPlaylistPrivacy, VideoPrivacy } from '@shared/models' import { HttpStatusCode } from '../../../shared/core-utils/miscs/http-error-codes' import { isTestInstance } from '../../helpers/core-utils' -import { isIdOrUUIDValid } from '../../helpers/custom-validators/misc' +import { isIdOrUUIDValid, toCompleteUUID } from '../../helpers/custom-validators/misc' import { logger } from '../../helpers/logger' import { WEBSERVER } from '../../initializers/constants' import { areValidationErrors } from './shared' @@ -79,7 +79,7 @@ const oembedValidator = [ }) } - const elementId = matches[1] + const elementId = toCompleteUUID(matches[1]) if (isIdOrUUIDValid(elementId) === false) { return res.fail({ message: 'Invalid video or playlist id.' }) } diff --git a/server/middlewares/validators/redundancy.ts b/server/middlewares/validators/redundancy.ts index da24f4c9b..116c8c611 100644 --- a/server/middlewares/validators/redundancy.ts +++ b/server/middlewares/validators/redundancy.ts @@ -2,15 +2,24 @@ import * as express from 'express' import { body, param, query } from 'express-validator' import { isVideoRedundancyTarget } from '@server/helpers/custom-validators/video-redundancies' import { HttpStatusCode } from '../../../shared/core-utils/miscs/http-error-codes' -import { exists, isBooleanValid, isIdOrUUIDValid, isIdValid, toBooleanOrNull, toIntOrNull } from '../../helpers/custom-validators/misc' +import { + exists, + isBooleanValid, + isIdOrUUIDValid, + isIdValid, + toBooleanOrNull, + toCompleteUUID, + toIntOrNull +} from '../../helpers/custom-validators/misc' import { isHostValid } from '../../helpers/custom-validators/servers' import { logger } from '../../helpers/logger' import { VideoRedundancyModel } from '../../models/redundancy/video-redundancy' import { ServerModel } from '../../models/server/server' -import { areValidationErrors, doesVideoExist } from './shared' +import { areValidationErrors, doesVideoExist, isValidVideoIdParam } from './shared' const videoFileRedundancyGetValidator = [ - param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid video id'), + isValidVideoIdParam('videoId'), + param('resolution') .customSanitizer(toIntOrNull) .custom(exists).withMessage('Should have a valid resolution'), @@ -56,9 +65,8 @@ const videoFileRedundancyGetValidator = [ ] const videoPlaylistRedundancyGetValidator = [ - param('videoId') - .custom(isIdOrUUIDValid) - .not().isEmpty().withMessage('Should have a valid video id'), + isValidVideoIdParam('videoId'), + param('streamingPlaylistType') .customSanitizer(toIntOrNull) .custom(exists).withMessage('Should have a valid streaming playlist type'), @@ -135,7 +143,8 @@ const listVideoRedundanciesValidator = [ const addVideoRedundancyValidator = [ body('videoId') - .custom(isIdValid) + .customSanitizer(toCompleteUUID) + .custom(isIdOrUUIDValid) .withMessage('Should have a valid video id'), async (req: express.Request, res: express.Response, next: express.NextFunction) => { diff --git a/server/middlewares/validators/shared/utils.ts b/server/middlewares/validators/shared/utils.ts index d3e4870a9..4f08560af 100644 --- a/server/middlewares/validators/shared/utils.ts +++ b/server/middlewares/validators/shared/utils.ts @@ -1,5 +1,6 @@ import * as express from 'express' -import { query, validationResult } from 'express-validator' +import { param, query, validationResult } from 'express-validator' +import { isIdOrUUIDValid, toCompleteUUID } from '@server/helpers/custom-validators/misc' import { logger } from '../../../helpers/logger' function areValidationErrors (req: express.Request, res: express.Response) { @@ -41,10 +42,24 @@ function createSortableColumns (sortableColumns: string[]) { return sortableColumns.concat(sortableColumnDesc) } +function isValidVideoIdParam (paramName: string) { + return param(paramName) + .customSanitizer(toCompleteUUID) + .custom(isIdOrUUIDValid).withMessage('Should have a valid video id') +} + +function isValidPlaylistIdParam (paramName: string) { + return param(paramName) + .customSanitizer(toCompleteUUID) + .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id') +} + // --------------------------------------------------------------------------- export { areValidationErrors, checkSort, - createSortableColumns + createSortableColumns, + isValidVideoIdParam, + isValidPlaylistIdParam } diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts index 218633b8d..698d7d814 100644 --- a/server/middlewares/validators/users.ts +++ b/server/middlewares/validators/users.ts @@ -7,7 +7,7 @@ import { HttpStatusCode } from '../../../shared/core-utils/miscs/http-error-code import { UserRole } from '../../../shared/models/users' import { UserRegister } from '../../../shared/models/users/user-register.model' import { isActorPreferredUsernameValid } from '../../helpers/custom-validators/activitypub/actor' -import { isIdOrUUIDValid, toBooleanOrNull, toIntOrNull } from '../../helpers/custom-validators/misc' +import { toBooleanOrNull, toIntOrNull } from '../../helpers/custom-validators/misc' import { isThemeNameValid } from '../../helpers/custom-validators/plugins' import { isNoInstanceConfigWarningModal, @@ -35,7 +35,7 @@ import { Redis } from '../../lib/redis' import { isSignupAllowed, isSignupAllowedForCurrentIP } from '../../lib/signup' import { ActorModel } from '../../models/actor/actor' import { UserModel } from '../../models/user/user' -import { areValidationErrors, doesVideoExist } from './shared' +import { areValidationErrors, doesVideoExist, isValidVideoIdParam } from './shared' const usersListValidator = [ query('blocked') @@ -302,7 +302,7 @@ const usersGetValidator = [ ] const usersVideoRatingValidator = [ - param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid video id'), + isValidVideoIdParam('videoId'), async (req: express.Request, res: express.Response, next: express.NextFunction) => { logger.debug('Checking usersVideoRating parameters', { parameters: req.params }) diff --git a/server/middlewares/validators/videos/video-blacklist.ts b/server/middlewares/validators/videos/video-blacklist.ts index 7374ba774..21141d84d 100644 --- a/server/middlewares/validators/videos/video-blacklist.ts +++ b/server/middlewares/validators/videos/video-blacklist.ts @@ -1,13 +1,13 @@ import * as express from 'express' -import { body, param, query } from 'express-validator' +import { body, query } from 'express-validator' import { HttpStatusCode } from '../../../../shared/core-utils/miscs/http-error-codes' -import { isBooleanValid, isIdOrUUIDValid, toBooleanOrNull, toIntOrNull } from '../../../helpers/custom-validators/misc' +import { isBooleanValid, toBooleanOrNull, toIntOrNull } from '../../../helpers/custom-validators/misc' import { isVideoBlacklistReasonValid, isVideoBlacklistTypeValid } from '../../../helpers/custom-validators/video-blacklist' import { logger } from '../../../helpers/logger' -import { areValidationErrors, doesVideoBlacklistExist, doesVideoExist } from '../shared' +import { areValidationErrors, doesVideoBlacklistExist, doesVideoExist, isValidVideoIdParam } from '../shared' const videosBlacklistRemoveValidator = [ - param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'), + isValidVideoIdParam('videoId'), async (req: express.Request, res: express.Response, next: express.NextFunction) => { logger.debug('Checking blacklistRemove parameters.', { parameters: req.params }) @@ -21,7 +21,8 @@ const videosBlacklistRemoveValidator = [ ] const videosBlacklistAddValidator = [ - param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'), + isValidVideoIdParam('videoId'), + body('unfederate') .optional() .customSanitizer(toBooleanOrNull) @@ -49,7 +50,8 @@ const videosBlacklistAddValidator = [ ] const videosBlacklistUpdateValidator = [ - param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'), + isValidVideoIdParam('videoId'), + body('reason') .optional() .custom(isVideoBlacklistReasonValid).withMessage('Should have a valid reason'), diff --git a/server/middlewares/validators/videos/video-captions.ts b/server/middlewares/validators/videos/video-captions.ts index 2295e049a..2946f3e15 100644 --- a/server/middlewares/validators/videos/video-captions.ts +++ b/server/middlewares/validators/videos/video-captions.ts @@ -1,16 +1,18 @@ import * as express from 'express' import { body, param } from 'express-validator' import { UserRight } from '../../../../shared' -import { isIdOrUUIDValid } from '../../../helpers/custom-validators/misc' import { isVideoCaptionFile, isVideoCaptionLanguageValid } from '../../../helpers/custom-validators/video-captions' import { cleanUpReqFiles } from '../../../helpers/express-utils' import { logger } from '../../../helpers/logger' import { CONSTRAINTS_FIELDS, MIMETYPES } from '../../../initializers/constants' -import { areValidationErrors, checkUserCanManageVideo, doesVideoCaptionExist, doesVideoExist } from '../shared' +import { areValidationErrors, checkUserCanManageVideo, doesVideoCaptionExist, doesVideoExist, isValidVideoIdParam } from '../shared' const addVideoCaptionValidator = [ - param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid video id'), - param('captionLanguage').custom(isVideoCaptionLanguageValid).not().isEmpty().withMessage('Should have a valid caption language'), + isValidVideoIdParam('videoId'), + + param('captionLanguage') + .custom(isVideoCaptionLanguageValid).not().isEmpty().withMessage('Should have a valid caption language'), + body('captionfile') .custom((_, { req }) => isVideoCaptionFile(req.files, 'captionfile')) .withMessage( @@ -34,8 +36,10 @@ const addVideoCaptionValidator = [ ] const deleteVideoCaptionValidator = [ - param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid video id'), - param('captionLanguage').custom(isVideoCaptionLanguageValid).not().isEmpty().withMessage('Should have a valid caption language'), + isValidVideoIdParam('videoId'), + + param('captionLanguage') + .custom(isVideoCaptionLanguageValid).not().isEmpty().withMessage('Should have a valid caption language'), async (req: express.Request, res: express.Response, next: express.NextFunction) => { logger.debug('Checking deleteVideoCaption parameters', { parameters: req.params }) @@ -53,7 +57,7 @@ const deleteVideoCaptionValidator = [ ] const listVideoCaptionsValidator = [ - param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid video id'), + isValidVideoIdParam('videoId'), async (req: express.Request, res: express.Response, next: express.NextFunction) => { logger.debug('Checking listVideoCaptions parameters', { parameters: req.params }) diff --git a/server/middlewares/validators/videos/video-comments.ts b/server/middlewares/validators/videos/video-comments.ts index 1451ab988..885506ebe 100644 --- a/server/middlewares/validators/videos/video-comments.ts +++ b/server/middlewares/validators/videos/video-comments.ts @@ -3,13 +3,13 @@ import { body, param, query } from 'express-validator' import { MUserAccountUrl } from '@server/types/models' import { UserRight } from '../../../../shared' import { HttpStatusCode } from '../../../../shared/core-utils/miscs/http-error-codes' -import { exists, isBooleanValid, isIdOrUUIDValid, isIdValid, toBooleanOrNull } from '../../../helpers/custom-validators/misc' +import { exists, isBooleanValid, isIdValid, toBooleanOrNull } from '../../../helpers/custom-validators/misc' import { isValidVideoCommentText } from '../../../helpers/custom-validators/video-comments' import { logger } from '../../../helpers/logger' import { AcceptResult, isLocalVideoCommentReplyAccepted, isLocalVideoThreadAccepted } from '../../../lib/moderation' import { Hooks } from '../../../lib/plugins/hooks' import { MCommentOwnerVideoReply, MVideo, MVideoFullLight } from '../../../types/models/video' -import { areValidationErrors, doesVideoCommentExist, doesVideoCommentThreadExist, doesVideoExist } from '../shared' +import { areValidationErrors, doesVideoCommentExist, doesVideoCommentThreadExist, doesVideoExist, isValidVideoIdParam } from '../shared' const listVideoCommentsValidator = [ query('isLocal') @@ -40,7 +40,7 @@ const listVideoCommentsValidator = [ ] const listVideoCommentThreadsValidator = [ - param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'), + isValidVideoIdParam('videoId'), async (req: express.Request, res: express.Response, next: express.NextFunction) => { logger.debug('Checking listVideoCommentThreads parameters.', { parameters: req.params }) @@ -53,8 +53,10 @@ const listVideoCommentThreadsValidator = [ ] const listVideoThreadCommentsValidator = [ - param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'), - param('threadId').custom(isIdValid).not().isEmpty().withMessage('Should have a valid threadId'), + isValidVideoIdParam('videoId'), + + param('threadId') + .custom(isIdValid).not().isEmpty().withMessage('Should have a valid threadId'), async (req: express.Request, res: express.Response, next: express.NextFunction) => { logger.debug('Checking listVideoThreadComments parameters.', { parameters: req.params }) @@ -68,8 +70,10 @@ const listVideoThreadCommentsValidator = [ ] const addVideoCommentThreadValidator = [ - param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'), - body('text').custom(isValidVideoCommentText).not().isEmpty().withMessage('Should have a valid comment text'), + isValidVideoIdParam('videoId'), + + body('text') + .custom(isValidVideoCommentText).not().isEmpty().withMessage('Should have a valid comment text'), async (req: express.Request, res: express.Response, next: express.NextFunction) => { logger.debug('Checking addVideoCommentThread parameters.', { parameters: req.params, body: req.body }) @@ -84,8 +88,10 @@ const addVideoCommentThreadValidator = [ ] const addVideoCommentReplyValidator = [ - param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'), + isValidVideoIdParam('videoId'), + param('commentId').custom(isIdValid).not().isEmpty().withMessage('Should have a valid commentId'), + body('text').custom(isValidVideoCommentText).not().isEmpty().withMessage('Should have a valid comment text'), async (req: express.Request, res: express.Response, next: express.NextFunction) => { @@ -102,8 +108,10 @@ const addVideoCommentReplyValidator = [ ] const videoCommentGetValidator = [ - param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'), - param('commentId').custom(isIdValid).not().isEmpty().withMessage('Should have a valid commentId'), + isValidVideoIdParam('videoId'), + + param('commentId') + .custom(isIdValid).not().isEmpty().withMessage('Should have a valid commentId'), async (req: express.Request, res: express.Response, next: express.NextFunction) => { logger.debug('Checking videoCommentGetValidator parameters.', { parameters: req.params }) @@ -117,7 +125,8 @@ const videoCommentGetValidator = [ ] const removeVideoCommentValidator = [ - param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'), + isValidVideoIdParam('videoId'), + param('commentId').custom(isIdValid).not().isEmpty().withMessage('Should have a valid commentId'), async (req: express.Request, res: express.Response, next: express.NextFunction) => { diff --git a/server/middlewares/validators/videos/video-live.ts b/server/middlewares/validators/videos/video-live.ts index b058ff5c1..7cfb935e3 100644 --- a/server/middlewares/validators/videos/video-live.ts +++ b/server/middlewares/validators/videos/video-live.ts @@ -1,5 +1,5 @@ import * as express from 'express' -import { body, param } from 'express-validator' +import { body } from 'express-validator' import { CONSTRAINTS_FIELDS } from '@server/initializers/constants' import { isLocalLiveVideoAccepted } from '@server/lib/moderation' import { Hooks } from '@server/lib/plugins/hooks' @@ -7,16 +7,22 @@ import { VideoModel } from '@server/models/video/video' import { VideoLiveModel } from '@server/models/video/video-live' import { HttpStatusCode } from '@shared/core-utils/miscs/http-error-codes' import { ServerErrorCode, UserRight, VideoState } from '@shared/models' -import { isBooleanValid, isIdOrUUIDValid, isIdValid, toBooleanOrNull, toIntOrNull } from '../../../helpers/custom-validators/misc' +import { isBooleanValid, isIdValid, toBooleanOrNull, toIntOrNull } from '../../../helpers/custom-validators/misc' import { isVideoNameValid } from '../../../helpers/custom-validators/videos' import { cleanUpReqFiles } from '../../../helpers/express-utils' import { logger } from '../../../helpers/logger' import { CONFIG } from '../../../initializers/config' -import { areValidationErrors, checkUserCanManageVideo, doesVideoChannelOfAccountExist, doesVideoExist } from '../shared' +import { + areValidationErrors, + checkUserCanManageVideo, + doesVideoChannelOfAccountExist, + doesVideoExist, + isValidVideoIdParam +} from '../shared' import { getCommonVideoEditAttributes } from './videos' const videoLiveGetValidator = [ - param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'), + isValidVideoIdParam('videoId'), async (req: express.Request, res: express.Response, next: express.NextFunction) => { logger.debug('Checking videoLiveGetValidator parameters', { parameters: req.params, user: res.locals.oauth.token.User.username }) diff --git a/server/middlewares/validators/videos/video-ownership-changes.ts b/server/middlewares/validators/videos/video-ownership-changes.ts index 120b0469c..54ac46c99 100644 --- a/server/middlewares/validators/videos/video-ownership-changes.ts +++ b/server/middlewares/validators/videos/video-ownership-changes.ts @@ -1,6 +1,6 @@ import * as express from 'express' import { param } from 'express-validator' -import { isIdOrUUIDValid } from '@server/helpers/custom-validators/misc' +import { isIdValid } from '@server/helpers/custom-validators/misc' import { checkUserCanTerminateOwnershipChange } from '@server/helpers/custom-validators/video-ownership' import { logger } from '@server/helpers/logger' import { isAbleToUploadVideo } from '@server/lib/user' @@ -13,11 +13,12 @@ import { checkUserCanManageVideo, doesChangeVideoOwnershipExist, doesVideoChannelOfAccountExist, - doesVideoExist + doesVideoExist, + isValidVideoIdParam } from '../shared' const videosChangeOwnershipValidator = [ - param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), + isValidVideoIdParam('videoId'), async (req: express.Request, res: express.Response, next: express.NextFunction) => { logger.debug('Checking changeOwnership parameters', { parameters: req.params }) @@ -40,7 +41,8 @@ const videosChangeOwnershipValidator = [ ] const videosTerminateChangeOwnershipValidator = [ - param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), + param('id') + .custom(isIdValid).withMessage('Should have a valid id'), async (req: express.Request, res: express.Response, next: express.NextFunction) => { logger.debug('Checking changeOwnership parameters', { parameters: req.params }) diff --git a/server/middlewares/validators/videos/video-playlists.ts b/server/middlewares/validators/videos/video-playlists.ts index 0d2e6e90c..5ee7ee0ce 100644 --- a/server/middlewares/validators/videos/video-playlists.ts +++ b/server/middlewares/validators/videos/video-playlists.ts @@ -11,6 +11,7 @@ import { isIdOrUUIDValid, isIdValid, isUUIDValid, + toCompleteUUID, toIntArray, toIntOrNull, toValueOrNull @@ -29,7 +30,14 @@ import { CONSTRAINTS_FIELDS } from '../../../initializers/constants' import { VideoPlaylistElementModel } from '../../../models/video/video-playlist-element' import { MVideoPlaylist } from '../../../types/models/video/video-playlist' import { authenticatePromiseIfNeeded } from '../../auth' -import { areValidationErrors, doesVideoChannelIdExist, doesVideoExist, doesVideoPlaylistExist, VideoPlaylistFetchType } from '../shared' +import { + areValidationErrors, + doesVideoChannelIdExist, + doesVideoExist, + doesVideoPlaylistExist, + isValidPlaylistIdParam, + VideoPlaylistFetchType +} from '../shared' const videoPlaylistsAddValidator = getCommonPlaylistEditAttributes().concat([ body('displayName') @@ -43,10 +51,13 @@ const videoPlaylistsAddValidator = getCommonPlaylistEditAttributes().concat([ const body: VideoPlaylistCreate = req.body if (body.videoChannelId && !await doesVideoChannelIdExist(body.videoChannelId, res)) return cleanUpReqFiles(req) - if (body.privacy === VideoPlaylistPrivacy.PUBLIC && !body.videoChannelId) { + if ( + !body.videoChannelId && + (body.privacy === VideoPlaylistPrivacy.PUBLIC || body.privacy === VideoPlaylistPrivacy.UNLISTED) + ) { cleanUpReqFiles(req) - return res.fail({ message: 'Cannot set "public" a playlist that is not assigned to a channel.' }) + return res.fail({ message: 'Cannot set "public" or "unlisted" a playlist that is not assigned to a channel.' }) } return next() @@ -54,8 +65,7 @@ const videoPlaylistsAddValidator = getCommonPlaylistEditAttributes().concat([ ]) const videoPlaylistsUpdateValidator = getCommonPlaylistEditAttributes().concat([ - param('playlistId') - .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'), + isValidPlaylistIdParam('playlistId'), body('displayName') .optional() @@ -101,8 +111,7 @@ const videoPlaylistsUpdateValidator = getCommonPlaylistEditAttributes().concat([ ]) const videoPlaylistsDeleteValidator = [ - param('playlistId') - .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'), + isValidPlaylistIdParam('playlistId'), async (req: express.Request, res: express.Response, next: express.NextFunction) => { logger.debug('Checking videoPlaylistsDeleteValidator parameters', { parameters: req.params }) @@ -126,8 +135,7 @@ const videoPlaylistsDeleteValidator = [ const videoPlaylistsGetValidator = (fetchType: VideoPlaylistFetchType) => { return [ - param('playlistId') - .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'), + isValidPlaylistIdParam('playlistId'), async (req: express.Request, res: express.Response, next: express.NextFunction) => { logger.debug('Checking videoPlaylistsGetValidator parameters', { parameters: req.params }) @@ -184,9 +192,10 @@ const videoPlaylistsSearchValidator = [ ] const videoPlaylistsAddVideoValidator = [ - param('playlistId') - .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'), + isValidPlaylistIdParam('playlistId'), + body('videoId') + .customSanitizer(toCompleteUUID) .custom(isIdOrUUIDValid).withMessage('Should have a valid video id/uuid'), body('startTimestamp') .optional() @@ -214,9 +223,9 @@ const videoPlaylistsAddVideoValidator = [ ] const videoPlaylistsUpdateOrRemoveVideoValidator = [ - param('playlistId') - .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'), + isValidPlaylistIdParam('playlistId'), param('playlistElementId') + .customSanitizer(toCompleteUUID) .custom(isIdValid).withMessage('Should have an element id/uuid'), body('startTimestamp') .optional() @@ -251,8 +260,7 @@ const videoPlaylistsUpdateOrRemoveVideoValidator = [ ] const videoPlaylistElementAPGetValidator = [ - param('playlistId') - .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'), + isValidPlaylistIdParam('playlistId'), param('playlistElementId') .custom(isIdValid).withMessage('Should have an playlist element id'), @@ -287,8 +295,7 @@ const videoPlaylistElementAPGetValidator = [ ] const videoPlaylistsReorderVideosValidator = [ - param('playlistId') - .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'), + isValidPlaylistIdParam('playlistId'), body('startPosition') .isInt({ min: 1 }).withMessage('Should have a valid start position'), body('insertAfterPosition') diff --git a/server/middlewares/validators/videos/video-rates.ts b/server/middlewares/validators/videos/video-rates.ts index 4a802e75e..5d5dfb222 100644 --- a/server/middlewares/validators/videos/video-rates.ts +++ b/server/middlewares/validators/videos/video-rates.ts @@ -3,15 +3,16 @@ import { body, param, query } from 'express-validator' import { HttpStatusCode } from '../../../../shared/core-utils/miscs/http-error-codes' import { VideoRateType } from '../../../../shared/models/videos' import { isAccountNameValid } from '../../../helpers/custom-validators/accounts' -import { isIdOrUUIDValid, isIdValid } from '../../../helpers/custom-validators/misc' +import { isIdValid } from '../../../helpers/custom-validators/misc' import { isRatingValid } from '../../../helpers/custom-validators/video-rates' import { isVideoRatingTypeValid } from '../../../helpers/custom-validators/videos' import { logger } from '../../../helpers/logger' import { AccountVideoRateModel } from '../../../models/account/account-video-rate' -import { areValidationErrors, doesVideoExist } from '../shared' +import { areValidationErrors, doesVideoExist, isValidVideoIdParam } from '../shared' const videoUpdateRateValidator = [ - param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), + isValidVideoIdParam('id'), + body('rating').custom(isVideoRatingTypeValid).withMessage('Should have a valid rate type'), async (req: express.Request, res: express.Response, next: express.NextFunction) => { diff --git a/server/middlewares/validators/videos/video-shares.ts b/server/middlewares/validators/videos/video-shares.ts index cc2f66e94..7e54b6fc0 100644 --- a/server/middlewares/validators/videos/video-shares.ts +++ b/server/middlewares/validators/videos/video-shares.ts @@ -1,14 +1,16 @@ import * as express from 'express' import { param } from 'express-validator' import { HttpStatusCode } from '../../../../shared/core-utils/miscs/http-error-codes' -import { isIdOrUUIDValid, isIdValid } from '../../../helpers/custom-validators/misc' +import { isIdValid } from '../../../helpers/custom-validators/misc' import { logger } from '../../../helpers/logger' import { VideoShareModel } from '../../../models/video/video-share' -import { areValidationErrors, doesVideoExist } from '../shared' +import { areValidationErrors, doesVideoExist, isValidVideoIdParam } from '../shared' const videosShareValidator = [ - param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), - param('actorId').custom(isIdValid).not().isEmpty().withMessage('Should have a valid actor id'), + isValidVideoIdParam('id'), + + param('actorId') + .custom(isIdValid).not().isEmpty().withMessage('Should have a valid actor id'), async (req: express.Request, res: express.Response, next: express.NextFunction) => { logger.debug('Checking videoShare parameters', { parameters: req.params }) diff --git a/server/middlewares/validators/videos/video-watch.ts b/server/middlewares/validators/videos/video-watch.ts index ef8b89ece..43306f7cd 100644 --- a/server/middlewares/validators/videos/video-watch.ts +++ b/server/middlewares/validators/videos/video-watch.ts @@ -1,12 +1,13 @@ import * as express from 'express' -import { body, param } from 'express-validator' +import { body } from 'express-validator' import { HttpStatusCode } from '../../../../shared/core-utils/miscs/http-error-codes' -import { isIdOrUUIDValid, toIntOrNull } from '../../../helpers/custom-validators/misc' +import { toIntOrNull } from '../../../helpers/custom-validators/misc' import { logger } from '../../../helpers/logger' -import { areValidationErrors, doesVideoExist } from '../shared' +import { areValidationErrors, doesVideoExist, isValidVideoIdParam } from '../shared' const videoWatchingValidator = [ - param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), + isValidVideoIdParam('videoId'), + body('currentTime') .customSanitizer(toIntOrNull) .isInt().withMessage('Should have correct current time'), diff --git a/server/middlewares/validators/videos/videos.ts b/server/middlewares/validators/videos/videos.ts index 8201e80c3..49e10e2b5 100644 --- a/server/middlewares/validators/videos/videos.ts +++ b/server/middlewares/validators/videos/videos.ts @@ -12,7 +12,6 @@ import { isBooleanValid, isDateValid, isFileFieldValid, - isIdOrUUIDValid, isIdValid, isUUIDValid, toArray, @@ -53,7 +52,8 @@ import { checkUserCanManageVideo, doesVideoChannelOfAccountExist, doesVideoExist, - doesVideoFileOfVideoExist + doesVideoFileOfVideoExist, + isValidVideoIdParam } from '../shared' const videosAddLegacyValidator = getCommonVideoEditAttributes().concat([ @@ -195,7 +195,8 @@ const videosAddResumableInitValidator = getCommonVideoEditAttributes().concat([ ]) const videosUpdateValidator = getCommonVideoEditAttributes().concat([ - param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), + isValidVideoIdParam('id'), + body('name') .optional() .trim() @@ -258,7 +259,7 @@ const videosCustomGetValidator = ( authenticateInQuery = false ) => { return [ - param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), + isValidVideoIdParam('id'), async (req: express.Request, res: express.Response, next: express.NextFunction) => { logger.debug('Checking videosGet parameters', { parameters: req.params }) @@ -309,8 +310,10 @@ const videosGetValidator = videosCustomGetValidator('all') const videosDownloadValidator = videosCustomGetValidator('all', true) const videoFileMetadataGetValidator = getCommonVideoEditAttributes().concat([ - param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), - param('videoFileId').custom(isIdValid).not().isEmpty().withMessage('Should have a valid videoFileId'), + isValidVideoIdParam('id'), + + param('videoFileId') + .custom(isIdValid).not().isEmpty().withMessage('Should have a valid videoFileId'), async (req: express.Request, res: express.Response, next: express.NextFunction) => { logger.debug('Checking videoFileMetadataGet parameters', { parameters: req.params }) @@ -323,7 +326,7 @@ const videoFileMetadataGetValidator = getCommonVideoEditAttributes().concat([ ]) const videosRemoveValidator = [ - param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), + isValidVideoIdParam('id'), async (req: express.Request, res: express.Response, next: express.NextFunction) => { logger.debug('Checking videosRemove parameters', { parameters: req.params }) -- cgit v1.2.3