PeerTube/server/middlewares/validators/videos/video-playlists.ts

420 lines
13 KiB
TypeScript
Raw Normal View History

2021-08-27 14:32:44 +02:00
import express from 'express'
2019-07-25 16:23:44 +02:00
import { body, param, query, ValidationChain } from 'express-validator'
import { ExpressPromiseHandler } from '@server/types/express-handler'
2021-02-03 09:33:05 +01:00
import { MUserAccountId } from '@server/types/models'
import { forceNumber } from '@shared/core-utils'
2021-12-24 10:14:47 +01:00
import {
HttpStatusCode,
UserRight,
VideoPlaylistCreate,
VideoPlaylistPrivacy,
VideoPlaylistType,
VideoPlaylistUpdate
} from '@shared/models'
2019-07-25 16:23:44 +02:00
import {
isArrayOf,
isIdOrUUIDValid,
isIdValid,
isUUIDValid,
toCompleteUUID,
2019-07-25 16:23:44 +02:00
toIntArray,
toIntOrNull,
toValueOrNull
} from '../../../helpers/custom-validators/misc'
2019-02-26 10:55:40 +01:00
import {
2019-03-19 14:13:53 +01:00
isVideoPlaylistDescriptionValid,
2019-02-26 10:55:40 +01:00
isVideoPlaylistNameValid,
2019-03-05 10:58:44 +01:00
isVideoPlaylistPrivacyValid,
isVideoPlaylistTimestampValid,
isVideoPlaylistTypeValid
2019-02-26 10:55:40 +01:00
} from '../../../helpers/custom-validators/video-playlists'
2022-02-11 10:51:33 +01:00
import { isVideoImageValid } from '../../../helpers/custom-validators/videos'
2019-02-26 10:55:40 +01:00
import { cleanUpReqFiles } from '../../../helpers/express-utils'
2021-02-03 09:33:05 +01:00
import { CONSTRAINTS_FIELDS } from '../../../initializers/constants'
import { VideoPlaylistElementModel } from '../../../models/video/video-playlist-element'
2020-06-18 10:45:25 +02:00
import { MVideoPlaylist } from '../../../types/models/video/video-playlist'
2022-06-22 14:03:50 +02:00
import { authenticatePromise } from '../../auth'
import {
areValidationErrors,
doesVideoChannelIdExist,
doesVideoExist,
doesVideoPlaylistExist,
isValidPlaylistIdParam,
VideoPlaylistFetchType
} from '../shared'
2019-02-26 10:55:40 +01:00
const videoPlaylistsAddValidator = getCommonPlaylistEditAttributes().concat([
body('displayName')
.custom(isVideoPlaylistNameValid),
2019-02-26 10:55:40 +01:00
async (req: express.Request, res: express.Response, next: express.NextFunction) => {
if (areValidationErrors(req, res)) return cleanUpReqFiles(req)
const body: VideoPlaylistCreate = req.body
2019-03-19 09:26:50 +01:00
if (body.videoChannelId && !await doesVideoChannelIdExist(body.videoChannelId, res)) return cleanUpReqFiles(req)
if (
!body.videoChannelId &&
(body.privacy === VideoPlaylistPrivacy.PUBLIC || body.privacy === VideoPlaylistPrivacy.UNLISTED)
) {
cleanUpReqFiles(req)
return res.fail({ message: 'Cannot set "public" or "unlisted" a playlist that is not assigned to a channel.' })
}
2019-02-26 10:55:40 +01:00
return next()
}
])
const videoPlaylistsUpdateValidator = getCommonPlaylistEditAttributes().concat([
isValidPlaylistIdParam('playlistId'),
2019-02-26 10:55:40 +01:00
body('displayName')
.optional()
.custom(isVideoPlaylistNameValid),
2019-02-26 10:55:40 +01:00
async (req: express.Request, res: express.Response, next: express.NextFunction) => {
if (areValidationErrors(req, res)) return cleanUpReqFiles(req)
2019-03-19 09:26:50 +01:00
if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return cleanUpReqFiles(req)
2019-02-28 11:14:26 +01:00
2019-08-15 11:53:26 +02:00
const videoPlaylist = getPlaylist(res)
2019-02-28 11:14:26 +01:00
2019-08-15 11:53:26 +02:00
if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.REMOVE_ANY_VIDEO_PLAYLIST, res)) {
2019-02-26 10:55:40 +01:00
return cleanUpReqFiles(req)
}
const body: VideoPlaylistUpdate = req.body
const newPrivacy = body.privacy || videoPlaylist.privacy
if (newPrivacy === VideoPlaylistPrivacy.PUBLIC &&
(
(!videoPlaylist.videoChannelId && !body.videoChannelId) ||
body.videoChannelId === null
)
) {
cleanUpReqFiles(req)
return res.fail({ message: 'Cannot set "public" a playlist that is not assigned to a channel.' })
}
2019-03-05 10:58:44 +01:00
if (videoPlaylist.type === VideoPlaylistType.WATCH_LATER) {
cleanUpReqFiles(req)
return res.fail({ message: 'Cannot update a watch later playlist.' })
2019-03-05 10:58:44 +01:00
}
2019-03-19 09:26:50 +01:00
if (body.videoChannelId && !await doesVideoChannelIdExist(body.videoChannelId, res)) return cleanUpReqFiles(req)
2019-02-26 10:55:40 +01:00
return next()
}
])
const videoPlaylistsDeleteValidator = [
isValidPlaylistIdParam('playlistId'),
2019-02-26 10:55:40 +01:00
async (req: express.Request, res: express.Response, next: express.NextFunction) => {
if (areValidationErrors(req, res)) return
2019-03-19 09:26:50 +01:00
if (!await doesVideoPlaylistExist(req.params.playlistId, res)) return
2019-03-05 10:58:44 +01:00
2019-08-15 11:53:26 +02:00
const videoPlaylist = getPlaylist(res)
2019-03-05 10:58:44 +01:00
if (videoPlaylist.type === VideoPlaylistType.WATCH_LATER) {
return res.fail({ message: 'Cannot delete a watch later playlist.' })
2019-03-05 10:58:44 +01:00
}
2019-08-15 11:53:26 +02:00
if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.REMOVE_ANY_VIDEO_PLAYLIST, res)) {
2019-02-26 10:55:40 +01:00
return
}
return next()
}
]
2019-08-15 11:53:26 +02:00
const videoPlaylistsGetValidator = (fetchType: VideoPlaylistFetchType) => {
return [
isValidPlaylistIdParam('playlistId'),
2019-02-26 10:55:40 +01:00
2019-08-15 11:53:26 +02:00
async (req: express.Request, res: express.Response, next: express.NextFunction) => {
if (areValidationErrors(req, res)) return
2019-02-26 10:55:40 +01:00
2019-08-15 11:53:26 +02:00
if (!await doesVideoPlaylistExist(req.params.playlistId, res, fetchType)) return
2019-02-26 10:55:40 +01:00
2019-08-15 11:53:26 +02:00
const videoPlaylist = res.locals.videoPlaylistFull || res.locals.videoPlaylistSummary
2019-02-28 11:14:26 +01:00
2023-02-23 15:39:09 +01:00
// Playlist is unlisted, check we used the uuid to fetch it
2019-08-15 11:53:26 +02:00
if (videoPlaylist.privacy === VideoPlaylistPrivacy.UNLISTED) {
if (isUUIDValid(req.params.playlistId)) return next()
2019-02-28 11:14:26 +01:00
return res.fail({
status: HttpStatusCode.NOT_FOUND_404,
message: 'Playlist not found'
})
2019-08-15 11:53:26 +02:00
}
2019-02-28 11:14:26 +01:00
2019-08-15 11:53:26 +02:00
if (videoPlaylist.privacy === VideoPlaylistPrivacy.PRIVATE) {
2022-06-22 14:03:50 +02:00
await authenticatePromise(req, res)
2019-02-26 10:55:40 +01:00
2019-08-15 11:53:26 +02:00
const user = res.locals.oauth ? res.locals.oauth.token.User : null
2019-05-28 09:50:27 +02:00
2019-08-15 11:53:26 +02:00
if (
!user ||
(videoPlaylist.OwnerAccount.id !== user.Account.id && !user.hasRight(UserRight.UPDATE_ANY_VIDEO_PLAYLIST))
) {
return res.fail({
status: HttpStatusCode.FORBIDDEN_403,
message: 'Cannot get this private video playlist.'
})
2019-08-15 11:53:26 +02:00
}
return next()
2019-02-26 10:55:40 +01:00
}
return next()
}
2019-08-15 11:53:26 +02:00
]
}
2019-02-26 10:55:40 +01:00
const videoPlaylistsSearchValidator = [
query('search')
.optional()
.not().isEmpty(),
(req: express.Request, res: express.Response, next: express.NextFunction) => {
if (areValidationErrors(req, res)) return
return next()
}
]
2019-02-26 10:55:40 +01:00
const videoPlaylistsAddVideoValidator = [
isValidPlaylistIdParam('playlistId'),
2019-02-26 10:55:40 +01:00
body('videoId')
.customSanitizer(toCompleteUUID)
.custom(isIdOrUUIDValid).withMessage('Should have a valid video id/uuid/short uuid'),
2019-02-26 10:55:40 +01:00
body('startTimestamp')
.optional()
.custom(isVideoPlaylistTimestampValid),
2019-02-26 10:55:40 +01:00
body('stopTimestamp')
.optional()
.custom(isVideoPlaylistTimestampValid),
2019-02-26 10:55:40 +01:00
async (req: express.Request, res: express.Response, next: express.NextFunction) => {
if (areValidationErrors(req, res)) return
2019-03-19 09:26:50 +01:00
if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return
if (!await doesVideoExist(req.body.videoId, res, 'only-video')) return
2019-02-26 10:55:40 +01:00
2019-08-15 11:53:26 +02:00
const videoPlaylist = getPlaylist(res)
2019-02-26 10:55:40 +01:00
2019-08-15 11:53:26 +02:00
if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) {
2019-02-26 10:55:40 +01:00
return
}
return next()
}
]
const videoPlaylistsUpdateOrRemoveVideoValidator = [
isValidPlaylistIdParam('playlistId'),
2019-07-31 15:57:32 +02:00
param('playlistElementId')
.customSanitizer(toCompleteUUID)
.custom(isIdValid).withMessage('Should have an element id/uuid/short uuid'),
2019-02-26 10:55:40 +01:00
body('startTimestamp')
.optional()
.custom(isVideoPlaylistTimestampValid),
2019-02-26 10:55:40 +01:00
body('stopTimestamp')
.optional()
.custom(isVideoPlaylistTimestampValid),
2019-02-26 10:55:40 +01:00
async (req: express.Request, res: express.Response, next: express.NextFunction) => {
if (areValidationErrors(req, res)) return
2019-03-19 09:26:50 +01:00
if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return
2019-02-26 10:55:40 +01:00
2019-08-15 11:53:26 +02:00
const videoPlaylist = getPlaylist(res)
2019-02-26 10:55:40 +01:00
2019-07-31 15:57:32 +02:00
const videoPlaylistElement = await VideoPlaylistElementModel.loadById(req.params.playlistElementId)
2019-02-26 10:55:40 +01:00
if (!videoPlaylistElement) {
res.fail({
status: HttpStatusCode.NOT_FOUND_404,
message: 'Video playlist element not found'
})
2019-02-26 10:55:40 +01:00
return
}
res.locals.videoPlaylistElement = videoPlaylistElement
if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) return
return next()
}
]
const videoPlaylistElementAPGetValidator = [
isValidPlaylistIdParam('playlistId'),
param('playlistElementId')
.custom(isIdValid),
2019-02-26 10:55:40 +01:00
async (req: express.Request, res: express.Response, next: express.NextFunction) => {
if (areValidationErrors(req, res)) return
const playlistElementId = forceNumber(req.params.playlistElementId)
const playlistId = req.params.playlistId
const videoPlaylistElement = await VideoPlaylistElementModel.loadByPlaylistAndElementIdForAP(playlistId, playlistElementId)
2019-02-26 10:55:40 +01:00
if (!videoPlaylistElement) {
res.fail({
status: HttpStatusCode.NOT_FOUND_404,
message: 'Video playlist element not found'
})
2019-02-26 10:55:40 +01:00
return
}
if (videoPlaylistElement.VideoPlaylist.privacy === VideoPlaylistPrivacy.PRIVATE) {
return res.fail({
status: HttpStatusCode.FORBIDDEN_403,
message: 'Cannot get this private video playlist.'
})
2019-02-26 10:55:40 +01:00
}
2019-08-21 14:31:57 +02:00
res.locals.videoPlaylistElementAP = videoPlaylistElement
2019-02-26 10:55:40 +01:00
return next()
}
]
const videoPlaylistsReorderVideosValidator = [
isValidPlaylistIdParam('playlistId'),
2019-02-26 10:55:40 +01:00
body('startPosition')
.isInt({ min: 1 }),
2019-02-26 10:55:40 +01:00
body('insertAfterPosition')
.isInt({ min: 0 }),
2019-02-26 10:55:40 +01:00
body('reorderLength')
.optional()
.isInt({ min: 1 }),
2019-02-26 10:55:40 +01:00
async (req: express.Request, res: express.Response, next: express.NextFunction) => {
if (areValidationErrors(req, res)) return
2019-03-19 09:26:50 +01:00
if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return
2019-02-26 10:55:40 +01:00
2019-08-15 11:53:26 +02:00
const videoPlaylist = getPlaylist(res)
2019-02-26 10:55:40 +01:00
if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) return
2019-02-28 11:14:26 +01:00
const nextPosition = await VideoPlaylistElementModel.getNextPositionOf(videoPlaylist.id)
const startPosition: number = req.body.startPosition
const insertAfterPosition: number = req.body.insertAfterPosition
const reorderLength: number = req.body.reorderLength
if (startPosition >= nextPosition || insertAfterPosition >= nextPosition) {
res.fail({ message: `Start position or insert after position exceed the playlist limits (max: ${nextPosition - 1})` })
2019-02-28 11:14:26 +01:00
return
}
if (reorderLength && reorderLength + startPosition > nextPosition) {
res.fail({ message: `Reorder length with this start position exceeds the playlist limits (max: ${nextPosition - startPosition})` })
2019-02-28 11:14:26 +01:00
return
}
2019-02-26 10:55:40 +01:00
return next()
}
]
2019-03-05 10:58:44 +01:00
const commonVideoPlaylistFiltersValidator = [
query('playlistType')
.optional()
.custom(isVideoPlaylistTypeValid),
2019-03-05 10:58:44 +01:00
(req: express.Request, res: express.Response, next: express.NextFunction) => {
if (areValidationErrors(req, res)) return
return next()
}
]
2019-03-07 17:06:00 +01:00
const doVideosInPlaylistExistValidator = [
query('videoIds')
.customSanitizer(toIntArray)
.custom(v => isArrayOf(v, isIdValid)).withMessage('Should have a valid video ids array'),
(req: express.Request, res: express.Response, next: express.NextFunction) => {
if (areValidationErrors(req, res)) return
return next()
}
]
2019-02-26 10:55:40 +01:00
// ---------------------------------------------------------------------------
export {
videoPlaylistsAddValidator,
videoPlaylistsUpdateValidator,
videoPlaylistsDeleteValidator,
videoPlaylistsGetValidator,
videoPlaylistsSearchValidator,
2019-02-26 10:55:40 +01:00
videoPlaylistsAddVideoValidator,
videoPlaylistsUpdateOrRemoveVideoValidator,
videoPlaylistsReorderVideosValidator,
2019-03-05 10:58:44 +01:00
videoPlaylistElementAPGetValidator,
2019-03-07 17:06:00 +01:00
commonVideoPlaylistFiltersValidator,
doVideosInPlaylistExistValidator
2019-02-26 10:55:40 +01:00
}
// ---------------------------------------------------------------------------
function getCommonPlaylistEditAttributes () {
return [
body('thumbnailfile')
2022-02-11 10:51:33 +01:00
.custom((value, { req }) => isVideoImageValid(req.files, 'thumbnailfile'))
2020-01-31 16:56:52 +01:00
.withMessage(
'This thumbnail file is not supported or too large. Please, make sure it is of the following type: ' +
CONSTRAINTS_FIELDS.VIDEO_PLAYLISTS.IMAGE.EXTNAME.join(', ')
),
2019-02-26 10:55:40 +01:00
body('description')
.optional()
.customSanitizer(toValueOrNull)
.custom(isVideoPlaylistDescriptionValid),
2019-02-26 10:55:40 +01:00
body('privacy')
.optional()
2019-07-25 16:23:44 +02:00
.customSanitizer(toIntOrNull)
.custom(isVideoPlaylistPrivacyValid),
2019-02-26 10:55:40 +01:00
body('videoChannelId')
.optional()
2019-07-25 16:23:44 +02:00
.customSanitizer(toIntOrNull)
2021-02-03 09:33:05 +01:00
] as (ValidationChain | ExpressPromiseHandler)[]
2019-02-26 10:55:40 +01:00
}
2019-08-15 11:53:26 +02:00
function checkUserCanManageVideoPlaylist (user: MUserAccountId, videoPlaylist: MVideoPlaylist, right: UserRight, res: express.Response) {
2019-02-26 10:55:40 +01:00
if (videoPlaylist.isOwned() === false) {
res.fail({
status: HttpStatusCode.FORBIDDEN_403,
message: 'Cannot manage video playlist of another server.'
})
2019-02-26 10:55:40 +01:00
return false
}
// Check if the user can manage the video playlist
// The user can delete it if s/he is an admin
// Or if s/he is the video playlist's owner
if (user.hasRight(right) === false && videoPlaylist.ownerAccountId !== user.Account.id) {
res.fail({
status: HttpStatusCode.FORBIDDEN_403,
message: 'Cannot manage video playlist of another user'
})
2019-02-26 10:55:40 +01:00
return false
}
return true
}
2019-08-15 11:53:26 +02:00
function getPlaylist (res: express.Response) {
return res.locals.videoPlaylistFull || res.locals.videoPlaylistSummary
}