From 453e83ea5d81d203ba34bc43cd5c2c750ba40568 Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Thu, 15 Aug 2019 11:53:26 +0200 Subject: Stronger model typings --- server/middlewares/validators/follows.ts | 3 +- server/middlewares/validators/redundancy.ts | 4 +- server/middlewares/validators/users.ts | 5 +- .../middlewares/validators/videos/video-abuses.ts | 4 +- .../validators/videos/video-blacklist.ts | 6 +- .../validators/videos/video-captions.ts | 6 +- .../validators/videos/video-channels.ts | 5 +- .../validators/videos/video-comments.ts | 40 +++++------ .../validators/videos/video-playlists.ts | 84 ++++++++++++---------- .../middlewares/validators/videos/video-shares.ts | 2 +- server/middlewares/validators/videos/videos.ts | 20 +++--- server/middlewares/validators/webfinger.ts | 3 +- 12 files changed, 97 insertions(+), 85 deletions(-) (limited to 'server/middlewares') diff --git a/server/middlewares/validators/follows.ts b/server/middlewares/validators/follows.ts index c3d772297..788735663 100644 --- a/server/middlewares/validators/follows.ts +++ b/server/middlewares/validators/follows.ts @@ -10,6 +10,7 @@ import { areValidationErrors } from './utils' import { ActorModel } from '../../models/activitypub/actor' import { loadActorUrlOrGetFromWebfinger } from '../../helpers/webfinger' import { isValidActorHandle } from '../../helpers/custom-validators/activitypub/actor' +import { MActorFollowActorsDefault } from '@server/typings/models' const followValidator = [ body('hosts').custom(isEachUniqueHostValid).withMessage('Should have an array of unique hosts'), @@ -65,7 +66,7 @@ const getFollowerValidator = [ if (areValidationErrors(req, res)) return - let follow: ActorFollowModel + let follow: MActorFollowActorsDefault try { const actorUrl = await loadActorUrlOrGetFromWebfinger(req.params.nameWithHost) const actor = await ActorModel.loadByUrl(actorUrl) diff --git a/server/middlewares/validators/redundancy.ts b/server/middlewares/validators/redundancy.ts index 1fdac0e4e..e65d3b8d3 100644 --- a/server/middlewares/validators/redundancy.ts +++ b/server/middlewares/validators/redundancy.ts @@ -24,7 +24,7 @@ const videoFileRedundancyGetValidator = [ if (areValidationErrors(req, res)) return if (!await doesVideoExist(req.params.videoId, res)) return - const video = res.locals.video + const video = res.locals.videoAll const videoFile = video.VideoFiles.find(f => { return f.resolution === req.params.resolution && (!req.params.fps || f.fps === req.params.fps) }) @@ -50,7 +50,7 @@ const videoPlaylistRedundancyGetValidator = [ if (areValidationErrors(req, res)) return if (!await doesVideoExist(req.params.videoId, res)) return - const video = res.locals.video + const video = res.locals.videoAll const videoStreamingPlaylist = video.VideoStreamingPlaylists.find(p => p === req.params.streamingPlaylistType) if (!videoStreamingPlaylist) return res.status(404).json({ error: 'Video playlist not found.' }) diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts index 16d297047..40dd0f0e9 100644 --- a/server/middlewares/validators/users.ts +++ b/server/middlewares/validators/users.ts @@ -2,7 +2,7 @@ import * as Bluebird from 'bluebird' import * as express from 'express' import { body, param } from 'express-validator' import { omit } from 'lodash' -import { isIdOrUUIDValid, toBooleanOrNull, toIntOrNull } from '../../helpers/custom-validators/misc' +import { isIdOrUUIDValid, toBooleanOrNull } from '../../helpers/custom-validators/misc' import { isUserAdminFlagsValid, isUserAutoPlayVideoValid, @@ -31,6 +31,7 @@ import { isThemeNameValid } from '../../helpers/custom-validators/plugins' import { isThemeRegistered } from '../../lib/plugins/theme-utils' import { doesVideoExist } from '../../helpers/middlewares' import { UserRole } from '../../../shared/models/users' +import { MUserDefault } from '@server/typings/models' const usersAddValidator = [ body('username').custom(isUserUsernameValid).withMessage('Should have a valid username (lowercase alphanumeric characters)'), @@ -457,7 +458,7 @@ async function checkUserNameOrEmailDoesNotAlreadyExist (username: string, email: return true } -async function checkUserExist (finder: () => Bluebird, res: express.Response, abortResponse = true) { +async function checkUserExist (finder: () => Bluebird, res: express.Response, abortResponse = true) { const user = await finder() if (!user) { diff --git a/server/middlewares/validators/videos/video-abuses.ts b/server/middlewares/validators/videos/video-abuses.ts index e27d91bb1..a4aef4024 100644 --- a/server/middlewares/validators/videos/video-abuses.ts +++ b/server/middlewares/validators/videos/video-abuses.ts @@ -33,7 +33,7 @@ const videoAbuseGetValidator = [ if (areValidationErrors(req, res)) return if (!await doesVideoExist(req.params.videoId, res)) return - if (!await doesVideoAbuseExist(req.params.id, res.locals.video.id, res)) return + if (!await doesVideoAbuseExist(req.params.id, res.locals.videoAll.id, res)) return return next() } @@ -54,7 +54,7 @@ const videoAbuseUpdateValidator = [ if (areValidationErrors(req, res)) return if (!await doesVideoExist(req.params.videoId, res)) return - if (!await doesVideoAbuseExist(req.params.id, res.locals.video.id, res)) return + if (!await doesVideoAbuseExist(req.params.id, res.locals.videoAll.id, res)) return return next() } diff --git a/server/middlewares/validators/videos/video-blacklist.ts b/server/middlewares/validators/videos/video-blacklist.ts index 3e8c5b30c..5440e57e7 100644 --- a/server/middlewares/validators/videos/video-blacklist.ts +++ b/server/middlewares/validators/videos/video-blacklist.ts @@ -14,7 +14,7 @@ const videosBlacklistRemoveValidator = [ if (areValidationErrors(req, res)) return if (!await doesVideoExist(req.params.videoId, res)) return - if (!await doesVideoBlacklistExist(res.locals.video.id, res)) return + if (!await doesVideoBlacklistExist(res.locals.videoAll.id, res)) return return next() } @@ -36,7 +36,7 @@ const videosBlacklistAddValidator = [ if (areValidationErrors(req, res)) return if (!await doesVideoExist(req.params.videoId, res)) return - const video = res.locals.video + const video = res.locals.videoAll if (req.body.unfederate === true && video.remote === true) { return res .status(409) @@ -59,7 +59,7 @@ const videosBlacklistUpdateValidator = [ if (areValidationErrors(req, res)) return if (!await doesVideoExist(req.params.videoId, res)) return - if (!await doesVideoBlacklistExist(res.locals.video.id, res)) return + if (!await doesVideoBlacklistExist(res.locals.videoAll.id, res)) return return next() } diff --git a/server/middlewares/validators/videos/video-captions.ts b/server/middlewares/validators/videos/video-captions.ts index f5610222a..2fb1da5ce 100644 --- a/server/middlewares/validators/videos/video-captions.ts +++ b/server/middlewares/validators/videos/video-captions.ts @@ -26,7 +26,7 @@ const addVideoCaptionValidator = [ // Check if the user who did the request is able to update the video const user = res.locals.oauth.token.User - if (!checkUserCanManageVideo(user, res.locals.video, UserRight.UPDATE_ANY_VIDEO, res)) return cleanUpReqFiles(req) + if (!checkUserCanManageVideo(user, res.locals.videoAll, UserRight.UPDATE_ANY_VIDEO, res)) return cleanUpReqFiles(req) return next() } @@ -41,11 +41,11 @@ const deleteVideoCaptionValidator = [ if (areValidationErrors(req, res)) return if (!await doesVideoExist(req.params.videoId, res)) return - if (!await doesVideoCaptionExist(res.locals.video, req.params.captionLanguage, res)) return + if (!await doesVideoCaptionExist(res.locals.videoAll, req.params.captionLanguage, res)) return // Check if the user who did the request is able to update the video const user = res.locals.oauth.token.User - if (!checkUserCanManageVideo(user, res.locals.video, UserRight.UPDATE_ANY_VIDEO, res)) return + if (!checkUserCanManageVideo(user, res.locals.videoAll, UserRight.UPDATE_ANY_VIDEO, res)) return return next() } diff --git a/server/middlewares/validators/videos/video-channels.ts b/server/middlewares/validators/videos/video-channels.ts index 3ee5064fc..a0df03f7e 100644 --- a/server/middlewares/validators/videos/video-channels.ts +++ b/server/middlewares/validators/videos/video-channels.ts @@ -7,13 +7,14 @@ import { isVideoChannelSupportValid } from '../../../helpers/custom-validators/video-channels' import { logger } from '../../../helpers/logger' -import { UserModel } from '../../../models/account/user' import { VideoChannelModel } from '../../../models/video/video-channel' import { areValidationErrors } from '../utils' import { isActorPreferredUsernameValid } from '../../../helpers/custom-validators/activitypub/actor' import { ActorModel } from '../../../models/activitypub/actor' import { isBooleanValid } from '../../../helpers/custom-validators/misc' import { doesLocalVideoChannelNameExist, doesVideoChannelNameWithHostExist } from '../../../helpers/middlewares' +import { MChannelActorAccountDefault } from '../../../typings/models/video' +import { MUser } from '@server/typings/models' const videoChannelsAddValidator = [ body('name').custom(isActorPreferredUsernameValid).withMessage('Should have a valid channel name'), @@ -131,7 +132,7 @@ export { // --------------------------------------------------------------------------- -function checkUserCanDeleteVideoChannel (user: UserModel, videoChannel: VideoChannelModel, res: express.Response) { +function checkUserCanDeleteVideoChannel (user: MUser, videoChannel: MChannelActorAccountDefault, res: express.Response) { if (videoChannel.Actor.isOwned() === false) { res.status(403) .json({ error: 'Cannot remove video channel of another server.' }) diff --git a/server/middlewares/validators/videos/video-comments.ts b/server/middlewares/validators/videos/video-comments.ts index 83a0c24b0..8adbb02ba 100644 --- a/server/middlewares/validators/videos/video-comments.ts +++ b/server/middlewares/validators/videos/video-comments.ts @@ -4,13 +4,13 @@ import { UserRight } from '../../../../shared' import { isIdOrUUIDValid, isIdValid } from '../../../helpers/custom-validators/misc' import { isValidVideoCommentText } from '../../../helpers/custom-validators/video-comments' import { logger } from '../../../helpers/logger' -import { UserModel } from '../../../models/account/user' -import { VideoModel } from '../../../models/video/video' import { VideoCommentModel } from '../../../models/video/video-comment' import { areValidationErrors } from '../utils' import { Hooks } from '../../../lib/plugins/hooks' -import { isLocalVideoThreadAccepted, isLocalVideoCommentReplyAccepted, AcceptResult } from '../../../lib/moderation' +import { AcceptResult, isLocalVideoCommentReplyAccepted, isLocalVideoThreadAccepted } from '../../../lib/moderation' import { doesVideoExist } from '../../../helpers/middlewares' +import { MCommentOwner, MVideo, MVideoFullLight, MVideoId } from '../../../typings/models/video' +import { MUser } from '@server/typings/models' const listVideoCommentThreadsValidator = [ param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'), @@ -34,7 +34,7 @@ const listVideoThreadCommentsValidator = [ if (areValidationErrors(req, res)) return if (!await doesVideoExist(req.params.videoId, res, 'only-video')) return - if (!await doesVideoCommentThreadExist(req.params.threadId, res.locals.video, res)) return + if (!await doesVideoCommentThreadExist(req.params.threadId, res.locals.onlyVideo, res)) return return next() } @@ -49,8 +49,8 @@ const addVideoCommentThreadValidator = [ if (areValidationErrors(req, res)) return if (!await doesVideoExist(req.params.videoId, res)) return - if (!isVideoCommentsEnabled(res.locals.video, res)) return - if (!await isVideoCommentAccepted(req, res, false)) return + if (!isVideoCommentsEnabled(res.locals.videoAll, res)) return + if (!await isVideoCommentAccepted(req, res, res.locals.videoAll,false)) return return next() } @@ -66,9 +66,9 @@ const addVideoCommentReplyValidator = [ if (areValidationErrors(req, res)) return if (!await doesVideoExist(req.params.videoId, res)) return - if (!isVideoCommentsEnabled(res.locals.video, res)) return - if (!await doesVideoCommentExist(req.params.commentId, res.locals.video, res)) return - if (!await isVideoCommentAccepted(req, res, true)) return + if (!isVideoCommentsEnabled(res.locals.videoAll, res)) return + if (!await doesVideoCommentExist(req.params.commentId, res.locals.videoAll, res)) return + if (!await isVideoCommentAccepted(req, res, res.locals.videoAll, true)) return return next() } @@ -83,7 +83,7 @@ const videoCommentGetValidator = [ if (areValidationErrors(req, res)) return if (!await doesVideoExist(req.params.videoId, res, 'id')) return - if (!await doesVideoCommentExist(req.params.commentId, res.locals.video, res)) return + if (!await doesVideoCommentExist(req.params.commentId, res.locals.videoId, res)) return return next() } @@ -98,10 +98,10 @@ const removeVideoCommentValidator = [ if (areValidationErrors(req, res)) return if (!await doesVideoExist(req.params.videoId, res)) return - if (!await doesVideoCommentExist(req.params.commentId, res.locals.video, res)) return + if (!await doesVideoCommentExist(req.params.commentId, res.locals.videoAll, res)) return // Check if the user who did the request is able to delete the video - if (!checkUserCanDeleteVideoComment(res.locals.oauth.token.User, res.locals.videoComment, res)) return + if (!checkUserCanDeleteVideoComment(res.locals.oauth.token.User, res.locals.videoCommentFull, res)) return return next() } @@ -120,7 +120,7 @@ export { // --------------------------------------------------------------------------- -async function doesVideoCommentThreadExist (id: number, video: VideoModel, res: express.Response) { +async function doesVideoCommentThreadExist (id: number, video: MVideoId, res: express.Response) { const videoComment = await VideoCommentModel.loadById(id) if (!videoComment) { @@ -151,7 +151,7 @@ async function doesVideoCommentThreadExist (id: number, video: VideoModel, res: return true } -async function doesVideoCommentExist (id: number, video: VideoModel, res: express.Response) { +async function doesVideoCommentExist (id: number, video: MVideoId, res: express.Response) { const videoComment = await VideoCommentModel.loadByIdAndPopulateVideoAndAccountAndReply(id) if (!videoComment) { @@ -170,11 +170,11 @@ async function doesVideoCommentExist (id: number, video: VideoModel, res: expres return false } - res.locals.videoComment = videoComment + res.locals.videoCommentFull = videoComment return true } -function isVideoCommentsEnabled (video: VideoModel, res: express.Response) { +function isVideoCommentsEnabled (video: MVideo, res: express.Response) { if (video.commentsEnabled !== true) { res.status(409) .json({ error: 'Video comments are disabled for this video.' }) @@ -186,7 +186,7 @@ function isVideoCommentsEnabled (video: VideoModel, res: express.Response) { return true } -function checkUserCanDeleteVideoComment (user: UserModel, videoComment: VideoCommentModel, res: express.Response) { +function checkUserCanDeleteVideoComment (user: MUser, videoComment: MCommentOwner, res: express.Response) { const account = videoComment.Account if (user.hasRight(UserRight.REMOVE_ANY_VIDEO_COMMENT) === false && account.userId !== user.id) { res.status(403) @@ -198,9 +198,9 @@ function checkUserCanDeleteVideoComment (user: UserModel, videoComment: VideoCom return true } -async function isVideoCommentAccepted (req: express.Request, res: express.Response, isReply: boolean) { +async function isVideoCommentAccepted (req: express.Request, res: express.Response, video: MVideoFullLight, isReply: boolean) { const acceptParameters = { - video: res.locals.video, + video, commentBody: req.body, user: res.locals.oauth.token.User } @@ -208,7 +208,7 @@ async function isVideoCommentAccepted (req: express.Request, res: express.Respon let acceptedResult: AcceptResult if (isReply) { - const acceptReplyParameters = Object.assign(acceptParameters, { parentComment: res.locals.videoComment }) + const acceptReplyParameters = Object.assign(acceptParameters, { parentComment: res.locals.videoCommentFull }) acceptedResult = await Hooks.wrapFun( isLocalVideoCommentReplyAccepted, diff --git a/server/middlewares/validators/videos/video-playlists.ts b/server/middlewares/validators/videos/video-playlists.ts index 5823795be..ca36d419a 100644 --- a/server/middlewares/validators/videos/video-playlists.ts +++ b/server/middlewares/validators/videos/video-playlists.ts @@ -2,7 +2,6 @@ import * as express from 'express' import { body, param, query, ValidationChain } from 'express-validator' import { UserRight, VideoPlaylistCreate, VideoPlaylistUpdate } from '../../../../shared' import { logger } from '../../../helpers/logger' -import { UserModel } from '../../../models/account/user' import { areValidationErrors } from '../utils' import { isVideoImage } from '../../../helpers/custom-validators/videos' import { CONSTRAINTS_FIELDS } from '../../../initializers/constants' @@ -22,13 +21,14 @@ import { isVideoPlaylistTimestampValid, isVideoPlaylistTypeValid } from '../../../helpers/custom-validators/video-playlists' -import { VideoPlaylistModel } from '../../../models/video/video-playlist' import { cleanUpReqFiles } from '../../../helpers/express-utils' import { VideoPlaylistElementModel } from '../../../models/video/video-playlist-element' import { authenticatePromiseIfNeeded } from '../../oauth' import { VideoPlaylistPrivacy } from '../../../../shared/models/videos/playlist/video-playlist-privacy.model' import { VideoPlaylistType } from '../../../../shared/models/videos/playlist/video-playlist-type.model' -import { doesVideoChannelIdExist, doesVideoExist, doesVideoPlaylistExist } from '../../../helpers/middlewares' +import { doesVideoChannelIdExist, doesVideoExist, doesVideoPlaylistExist, VideoPlaylistFetchType } from '../../../helpers/middlewares' +import { MVideoPlaylist } from '../../../typings/models/video/video-playlist' +import { MUserAccountId } from '@server/typings/models' const videoPlaylistsAddValidator = getCommonPlaylistEditAttributes().concat([ body('displayName') @@ -67,9 +67,9 @@ const videoPlaylistsUpdateValidator = getCommonPlaylistEditAttributes().concat([ if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return cleanUpReqFiles(req) - const videoPlaylist = res.locals.videoPlaylist + const videoPlaylist = getPlaylist(res) - if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, res.locals.videoPlaylist, UserRight.REMOVE_ANY_VIDEO_PLAYLIST, res)) { + if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.REMOVE_ANY_VIDEO_PLAYLIST, res)) { return cleanUpReqFiles(req) } @@ -110,13 +110,13 @@ const videoPlaylistsDeleteValidator = [ if (!await doesVideoPlaylistExist(req.params.playlistId, res)) return - const videoPlaylist = res.locals.videoPlaylist + const videoPlaylist = getPlaylist(res) if (videoPlaylist.type === VideoPlaylistType.WATCH_LATER) { return res.status(400) .json({ error: 'Cannot delete a watch later playlist.' }) } - if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, res.locals.videoPlaylist, UserRight.REMOVE_ANY_VIDEO_PLAYLIST, res)) { + if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.REMOVE_ANY_VIDEO_PLAYLIST, res)) { return } @@ -124,45 +124,47 @@ const videoPlaylistsDeleteValidator = [ } ] -const videoPlaylistsGetValidator = [ - param('playlistId') - .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'), +const videoPlaylistsGetValidator = (fetchType: VideoPlaylistFetchType) => { + return [ + param('playlistId') + .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'), - async (req: express.Request, res: express.Response, next: express.NextFunction) => { - logger.debug('Checking videoPlaylistsGetValidator parameters', { parameters: req.params }) + async (req: express.Request, res: express.Response, next: express.NextFunction) => { + logger.debug('Checking videoPlaylistsGetValidator parameters', { parameters: req.params }) - if (areValidationErrors(req, res)) return + if (areValidationErrors(req, res)) return - if (!await doesVideoPlaylistExist(req.params.playlistId, res)) return + if (!await doesVideoPlaylistExist(req.params.playlistId, res, fetchType)) return - const videoPlaylist = res.locals.videoPlaylist + const videoPlaylist = res.locals.videoPlaylistFull || res.locals.videoPlaylistSummary - // Video is unlisted, check we used the uuid to fetch it - if (videoPlaylist.privacy === VideoPlaylistPrivacy.UNLISTED) { - if (isUUIDValid(req.params.playlistId)) return next() + // Video is unlisted, check we used the uuid to fetch it + if (videoPlaylist.privacy === VideoPlaylistPrivacy.UNLISTED) { + if (isUUIDValid(req.params.playlistId)) return next() - return res.status(404).end() - } + return res.status(404).end() + } - if (videoPlaylist.privacy === VideoPlaylistPrivacy.PRIVATE) { - await authenticatePromiseIfNeeded(req, res) + if (videoPlaylist.privacy === VideoPlaylistPrivacy.PRIVATE) { + await authenticatePromiseIfNeeded(req, res) - const user = res.locals.oauth ? res.locals.oauth.token.User : null + const user = res.locals.oauth ? res.locals.oauth.token.User : null - if ( - !user || - (videoPlaylist.OwnerAccount.id !== user.Account.id && !user.hasRight(UserRight.UPDATE_ANY_VIDEO_PLAYLIST)) - ) { - return res.status(403) - .json({ error: 'Cannot get this private video playlist.' }) + if ( + !user || + (videoPlaylist.OwnerAccount.id !== user.Account.id && !user.hasRight(UserRight.UPDATE_ANY_VIDEO_PLAYLIST)) + ) { + return res.status(403) + .json({ error: 'Cannot get this private video playlist.' }) + } + + return next() } return next() } - - return next() - } -] + ] +} const videoPlaylistsAddVideoValidator = [ param('playlistId') @@ -184,8 +186,8 @@ const videoPlaylistsAddVideoValidator = [ if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return if (!await doesVideoExist(req.body.videoId, res, 'only-video')) return - const videoPlaylist = res.locals.videoPlaylist - const video = res.locals.video + const videoPlaylist = getPlaylist(res) + const video = res.locals.onlyVideo const videoPlaylistElement = await VideoPlaylistElementModel.loadByPlaylistAndVideo(videoPlaylist.id, video.id) if (videoPlaylistElement) { @@ -196,7 +198,7 @@ const videoPlaylistsAddVideoValidator = [ return } - if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, res.locals.videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) { + if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) { return } @@ -223,7 +225,7 @@ const videoPlaylistsUpdateOrRemoveVideoValidator = [ if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return - const videoPlaylist = res.locals.videoPlaylist + const videoPlaylist = getPlaylist(res) const videoPlaylistElement = await VideoPlaylistElementModel.loadById(req.params.playlistElementId) if (!videoPlaylistElement) { @@ -289,7 +291,7 @@ const videoPlaylistsReorderVideosValidator = [ if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return - const videoPlaylist = res.locals.videoPlaylist + const videoPlaylist = getPlaylist(res) if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) return const nextPosition = await VideoPlaylistElementModel.getNextPositionOf(videoPlaylist.id) @@ -388,7 +390,7 @@ function getCommonPlaylistEditAttributes () { ] as (ValidationChain | express.Handler)[] } -function checkUserCanManageVideoPlaylist (user: UserModel, videoPlaylist: VideoPlaylistModel, right: UserRight, res: express.Response) { +function checkUserCanManageVideoPlaylist (user: MUserAccountId, videoPlaylist: MVideoPlaylist, right: UserRight, res: express.Response) { if (videoPlaylist.isOwned() === false) { res.status(403) .json({ error: 'Cannot manage video playlist of another server.' }) @@ -410,3 +412,7 @@ function checkUserCanManageVideoPlaylist (user: UserModel, videoPlaylist: VideoP return true } + +function getPlaylist (res: express.Response) { + return res.locals.videoPlaylistFull || res.locals.videoPlaylistSummary +} diff --git a/server/middlewares/validators/videos/video-shares.ts b/server/middlewares/validators/videos/video-shares.ts index ace62be5c..20fc96243 100644 --- a/server/middlewares/validators/videos/video-shares.ts +++ b/server/middlewares/validators/videos/video-shares.ts @@ -16,7 +16,7 @@ const videosShareValidator = [ if (areValidationErrors(req, res)) return if (!await doesVideoExist(req.params.id, res)) return - const video = res.locals.video + const video = res.locals.videoAll const share = await VideoShareModel.load(req.params.actorId, video.id) if (!share) { diff --git a/server/middlewares/validators/videos/videos.ts b/server/middlewares/validators/videos/videos.ts index af06f3c62..a194d14b3 100644 --- a/server/middlewares/validators/videos/videos.ts +++ b/server/middlewares/validators/videos/videos.ts @@ -37,13 +37,14 @@ import { VideoModel } from '../../../models/video/video' import { checkUserCanTerminateOwnershipChange, doesChangeVideoOwnershipExist } from '../../../helpers/custom-validators/video-ownership' import { VideoChangeOwnershipAccept } from '../../../../shared/models/videos/video-change-ownership-accept.model' import { AccountModel } from '../../../models/account/account' -import { VideoFetchType } from '../../../helpers/video' import { isNSFWQueryValid, isNumberArray, isStringArray } from '../../../helpers/custom-validators/search' import { getServerActor } from '../../../helpers/utils' import { CONFIG } from '../../../initializers/config' import { isLocalVideoAccepted } from '../../../lib/moderation' import { Hooks } from '../../../lib/plugins/hooks' import { checkUserCanManageVideo, doesVideoChannelOfAccountExist, doesVideoExist } from '../../../helpers/middlewares' +import { MVideoFullLight } from '@server/typings/models' +import { getVideo } from '../../../helpers/video' const videosAddValidator = getCommonVideoEditAttributes().concat([ body('videofile') @@ -113,7 +114,7 @@ const videosUpdateValidator = getCommonVideoEditAttributes().concat([ // Check if the user who did the request is able to update the video const user = res.locals.oauth.token.User - if (!checkUserCanManageVideo(user, res.locals.video, UserRight.UPDATE_ANY_VIDEO, res)) return cleanUpReqFiles(req) + if (!checkUserCanManageVideo(user, res.locals.videoAll, UserRight.UPDATE_ANY_VIDEO, res)) return cleanUpReqFiles(req) if (req.body.channelId && !await doesVideoChannelOfAccountExist(req.body.channelId, user, res)) return cleanUpReqFiles(req) @@ -122,7 +123,7 @@ const videosUpdateValidator = getCommonVideoEditAttributes().concat([ ]) async function checkVideoFollowConstraints (req: express.Request, res: express.Response, next: express.NextFunction) { - const video = res.locals.video + const video = getVideo(res) // Anybody can watch local videos if (video.isOwned() === true) return next() @@ -146,7 +147,7 @@ async function checkVideoFollowConstraints (req: express.Request, res: express.R }) } -const videosCustomGetValidator = (fetchType: VideoFetchType) => { +const videosCustomGetValidator = (fetchType: 'all' | 'only-video' | 'only-video-with-rights') => { return [ param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), @@ -156,10 +157,11 @@ const videosCustomGetValidator = (fetchType: VideoFetchType) => { if (areValidationErrors(req, res)) return if (!await doesVideoExist(req.params.id, res, fetchType)) return - const video = res.locals.video + const video = getVideo(res) + const videoAll = video as MVideoFullLight // Video private or blacklisted - if (video.privacy === VideoPrivacy.PRIVATE || video.VideoBlacklist) { + if (video.privacy === VideoPrivacy.PRIVATE || videoAll.VideoBlacklist) { await authenticatePromiseIfNeeded(req, res) const user = res.locals.oauth ? res.locals.oauth.token.User : null @@ -167,7 +169,7 @@ const videosCustomGetValidator = (fetchType: VideoFetchType) => { // Only the owner or a user that have blacklist rights can see the video if ( !user || - (video.VideoChannel.Account.userId !== user.id && !user.hasRight(UserRight.MANAGE_VIDEO_BLACKLIST)) + (videoAll.VideoChannel && videoAll.VideoChannel.Account.userId !== user.id && !user.hasRight(UserRight.MANAGE_VIDEO_BLACKLIST)) ) { return res.status(403) .json({ error: 'Cannot get this private or blacklisted video.' }) @@ -202,7 +204,7 @@ const videosRemoveValidator = [ if (!await doesVideoExist(req.params.id, res)) return // Check if the user who did the request is able to delete the video - if (!checkUserCanManageVideo(res.locals.oauth.token.User, res.locals.video, UserRight.REMOVE_ANY_VIDEO, res)) return + if (!checkUserCanManageVideo(res.locals.oauth.token.User, res.locals.videoAll, UserRight.REMOVE_ANY_VIDEO, res)) return return next() } @@ -218,7 +220,7 @@ const videosChangeOwnershipValidator = [ if (!await doesVideoExist(req.params.videoId, res)) return // Check if the user who did the request is able to change the ownership of the video - if (!checkUserCanManageVideo(res.locals.oauth.token.User, res.locals.video, UserRight.CHANGE_VIDEO_OWNERSHIP, res)) return + if (!checkUserCanManageVideo(res.locals.oauth.token.User, res.locals.videoAll, UserRight.CHANGE_VIDEO_OWNERSHIP, res)) return const nextOwner = await AccountModel.loadLocalByName(req.body.username) if (!nextOwner) { diff --git a/server/middlewares/validators/webfinger.ts b/server/middlewares/validators/webfinger.ts index d7cfe17f0..d50e6527f 100644 --- a/server/middlewares/validators/webfinger.ts +++ b/server/middlewares/validators/webfinger.ts @@ -18,6 +18,7 @@ const webfingerValidator = [ const nameWithHost = getHostWithPort(req.query.resource.substr(5)) const [ name ] = nameWithHost.split('@') + // FIXME: we don't need the full actor const actor = await ActorModel.loadLocalByName(name) if (!actor) { return res.status(404) @@ -25,7 +26,7 @@ const webfingerValidator = [ .end() } - res.locals.actor = actor + res.locals.actorFull = actor return next() } ] -- cgit v1.2.3