mirror of https://github.com/Chocobozzz/PeerTube
420 lines
13 KiB
TypeScript
420 lines
13 KiB
TypeScript
import express from 'express'
|
|
import { body, param, query, ValidationChain } from 'express-validator'
|
|
import { ExpressPromiseHandler } from '@server/types/express-handler'
|
|
import { MUserAccountId } from '@server/types/models'
|
|
import { forceNumber } from '@shared/core-utils'
|
|
import {
|
|
HttpStatusCode,
|
|
UserRight,
|
|
VideoPlaylistCreate,
|
|
VideoPlaylistPrivacy,
|
|
VideoPlaylistType,
|
|
VideoPlaylistUpdate
|
|
} from '@shared/models'
|
|
import {
|
|
isArrayOf,
|
|
isIdOrUUIDValid,
|
|
isIdValid,
|
|
isUUIDValid,
|
|
toCompleteUUID,
|
|
toIntArray,
|
|
toIntOrNull,
|
|
toValueOrNull
|
|
} from '../../../helpers/custom-validators/misc'
|
|
import {
|
|
isVideoPlaylistDescriptionValid,
|
|
isVideoPlaylistNameValid,
|
|
isVideoPlaylistPrivacyValid,
|
|
isVideoPlaylistTimestampValid,
|
|
isVideoPlaylistTypeValid
|
|
} from '../../../helpers/custom-validators/video-playlists'
|
|
import { isVideoImageValid } from '../../../helpers/custom-validators/videos'
|
|
import { cleanUpReqFiles } from '../../../helpers/express-utils'
|
|
import { CONSTRAINTS_FIELDS } from '../../../initializers/constants'
|
|
import { VideoPlaylistElementModel } from '../../../models/video/video-playlist-element'
|
|
import { MVideoPlaylist } from '../../../types/models/video/video-playlist'
|
|
import { authenticatePromise } from '../../auth'
|
|
import {
|
|
areValidationErrors,
|
|
doesVideoChannelIdExist,
|
|
doesVideoExist,
|
|
doesVideoPlaylistExist,
|
|
isValidPlaylistIdParam,
|
|
VideoPlaylistFetchType
|
|
} from '../shared'
|
|
|
|
const videoPlaylistsAddValidator = getCommonPlaylistEditAttributes().concat([
|
|
body('displayName')
|
|
.custom(isVideoPlaylistNameValid),
|
|
|
|
async (req: express.Request, res: express.Response, next: express.NextFunction) => {
|
|
if (areValidationErrors(req, res)) return cleanUpReqFiles(req)
|
|
|
|
const body: VideoPlaylistCreate = req.body
|
|
if (body.videoChannelId && !await doesVideoChannelIdExist(body.videoChannelId, res)) return cleanUpReqFiles(req)
|
|
|
|
if (
|
|
!body.videoChannelId &&
|
|
(body.privacy === VideoPlaylistPrivacy.PUBLIC || body.privacy === VideoPlaylistPrivacy.UNLISTED)
|
|
) {
|
|
cleanUpReqFiles(req)
|
|
|
|
return res.fail({ message: 'Cannot set "public" or "unlisted" a playlist that is not assigned to a channel.' })
|
|
}
|
|
|
|
return next()
|
|
}
|
|
])
|
|
|
|
const videoPlaylistsUpdateValidator = getCommonPlaylistEditAttributes().concat([
|
|
isValidPlaylistIdParam('playlistId'),
|
|
|
|
body('displayName')
|
|
.optional()
|
|
.custom(isVideoPlaylistNameValid),
|
|
|
|
async (req: express.Request, res: express.Response, next: express.NextFunction) => {
|
|
if (areValidationErrors(req, res)) return cleanUpReqFiles(req)
|
|
|
|
if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return cleanUpReqFiles(req)
|
|
|
|
const videoPlaylist = getPlaylist(res)
|
|
|
|
if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.REMOVE_ANY_VIDEO_PLAYLIST, res)) {
|
|
return cleanUpReqFiles(req)
|
|
}
|
|
|
|
const body: VideoPlaylistUpdate = req.body
|
|
|
|
const newPrivacy = body.privacy || videoPlaylist.privacy
|
|
if (newPrivacy === VideoPlaylistPrivacy.PUBLIC &&
|
|
(
|
|
(!videoPlaylist.videoChannelId && !body.videoChannelId) ||
|
|
body.videoChannelId === null
|
|
)
|
|
) {
|
|
cleanUpReqFiles(req)
|
|
|
|
return res.fail({ message: 'Cannot set "public" a playlist that is not assigned to a channel.' })
|
|
}
|
|
|
|
if (videoPlaylist.type === VideoPlaylistType.WATCH_LATER) {
|
|
cleanUpReqFiles(req)
|
|
|
|
return res.fail({ message: 'Cannot update a watch later playlist.' })
|
|
}
|
|
|
|
if (body.videoChannelId && !await doesVideoChannelIdExist(body.videoChannelId, res)) return cleanUpReqFiles(req)
|
|
|
|
return next()
|
|
}
|
|
])
|
|
|
|
const videoPlaylistsDeleteValidator = [
|
|
isValidPlaylistIdParam('playlistId'),
|
|
|
|
async (req: express.Request, res: express.Response, next: express.NextFunction) => {
|
|
if (areValidationErrors(req, res)) return
|
|
|
|
if (!await doesVideoPlaylistExist(req.params.playlistId, res)) return
|
|
|
|
const videoPlaylist = getPlaylist(res)
|
|
if (videoPlaylist.type === VideoPlaylistType.WATCH_LATER) {
|
|
return res.fail({ message: 'Cannot delete a watch later playlist.' })
|
|
}
|
|
|
|
if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.REMOVE_ANY_VIDEO_PLAYLIST, res)) {
|
|
return
|
|
}
|
|
|
|
return next()
|
|
}
|
|
]
|
|
|
|
const videoPlaylistsGetValidator = (fetchType: VideoPlaylistFetchType) => {
|
|
return [
|
|
isValidPlaylistIdParam('playlistId'),
|
|
|
|
async (req: express.Request, res: express.Response, next: express.NextFunction) => {
|
|
if (areValidationErrors(req, res)) return
|
|
|
|
if (!await doesVideoPlaylistExist(req.params.playlistId, res, fetchType)) return
|
|
|
|
const videoPlaylist = res.locals.videoPlaylistFull || res.locals.videoPlaylistSummary
|
|
|
|
// Video is unlisted, check we used the uuid to fetch it
|
|
if (videoPlaylist.privacy === VideoPlaylistPrivacy.UNLISTED) {
|
|
if (isUUIDValid(req.params.playlistId)) return next()
|
|
|
|
return res.fail({
|
|
status: HttpStatusCode.NOT_FOUND_404,
|
|
message: 'Playlist not found'
|
|
})
|
|
}
|
|
|
|
if (videoPlaylist.privacy === VideoPlaylistPrivacy.PRIVATE) {
|
|
await authenticatePromise(req, res)
|
|
|
|
const user = res.locals.oauth ? res.locals.oauth.token.User : null
|
|
|
|
if (
|
|
!user ||
|
|
(videoPlaylist.OwnerAccount.id !== user.Account.id && !user.hasRight(UserRight.UPDATE_ANY_VIDEO_PLAYLIST))
|
|
) {
|
|
return res.fail({
|
|
status: HttpStatusCode.FORBIDDEN_403,
|
|
message: 'Cannot get this private video playlist.'
|
|
})
|
|
}
|
|
|
|
return next()
|
|
}
|
|
|
|
return next()
|
|
}
|
|
]
|
|
}
|
|
|
|
const videoPlaylistsSearchValidator = [
|
|
query('search')
|
|
.optional()
|
|
.not().isEmpty(),
|
|
|
|
(req: express.Request, res: express.Response, next: express.NextFunction) => {
|
|
if (areValidationErrors(req, res)) return
|
|
|
|
return next()
|
|
}
|
|
]
|
|
|
|
const videoPlaylistsAddVideoValidator = [
|
|
isValidPlaylistIdParam('playlistId'),
|
|
|
|
body('videoId')
|
|
.customSanitizer(toCompleteUUID)
|
|
.custom(isIdOrUUIDValid).withMessage('Should have a valid video id/uuid/short uuid'),
|
|
body('startTimestamp')
|
|
.optional()
|
|
.custom(isVideoPlaylistTimestampValid),
|
|
body('stopTimestamp')
|
|
.optional()
|
|
.custom(isVideoPlaylistTimestampValid),
|
|
|
|
async (req: express.Request, res: express.Response, next: express.NextFunction) => {
|
|
if (areValidationErrors(req, res)) return
|
|
|
|
if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return
|
|
if (!await doesVideoExist(req.body.videoId, res, 'only-video')) return
|
|
|
|
const videoPlaylist = getPlaylist(res)
|
|
|
|
if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) {
|
|
return
|
|
}
|
|
|
|
return next()
|
|
}
|
|
]
|
|
|
|
const videoPlaylistsUpdateOrRemoveVideoValidator = [
|
|
isValidPlaylistIdParam('playlistId'),
|
|
param('playlistElementId')
|
|
.customSanitizer(toCompleteUUID)
|
|
.custom(isIdValid).withMessage('Should have an element id/uuid/short uuid'),
|
|
body('startTimestamp')
|
|
.optional()
|
|
.custom(isVideoPlaylistTimestampValid),
|
|
body('stopTimestamp')
|
|
.optional()
|
|
.custom(isVideoPlaylistTimestampValid),
|
|
|
|
async (req: express.Request, res: express.Response, next: express.NextFunction) => {
|
|
if (areValidationErrors(req, res)) return
|
|
|
|
if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return
|
|
|
|
const videoPlaylist = getPlaylist(res)
|
|
|
|
const videoPlaylistElement = await VideoPlaylistElementModel.loadById(req.params.playlistElementId)
|
|
if (!videoPlaylistElement) {
|
|
res.fail({
|
|
status: HttpStatusCode.NOT_FOUND_404,
|
|
message: 'Video playlist element not found'
|
|
})
|
|
return
|
|
}
|
|
res.locals.videoPlaylistElement = videoPlaylistElement
|
|
|
|
if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) return
|
|
|
|
return next()
|
|
}
|
|
]
|
|
|
|
const videoPlaylistElementAPGetValidator = [
|
|
isValidPlaylistIdParam('playlistId'),
|
|
param('playlistElementId')
|
|
.custom(isIdValid),
|
|
|
|
async (req: express.Request, res: express.Response, next: express.NextFunction) => {
|
|
if (areValidationErrors(req, res)) return
|
|
|
|
const playlistElementId = forceNumber(req.params.playlistElementId)
|
|
const playlistId = req.params.playlistId
|
|
|
|
const videoPlaylistElement = await VideoPlaylistElementModel.loadByPlaylistAndElementIdForAP(playlistId, playlistElementId)
|
|
if (!videoPlaylistElement) {
|
|
res.fail({
|
|
status: HttpStatusCode.NOT_FOUND_404,
|
|
message: 'Video playlist element not found'
|
|
})
|
|
return
|
|
}
|
|
|
|
if (videoPlaylistElement.VideoPlaylist.privacy === VideoPlaylistPrivacy.PRIVATE) {
|
|
return res.fail({
|
|
status: HttpStatusCode.FORBIDDEN_403,
|
|
message: 'Cannot get this private video playlist.'
|
|
})
|
|
}
|
|
|
|
res.locals.videoPlaylistElementAP = videoPlaylistElement
|
|
|
|
return next()
|
|
}
|
|
]
|
|
|
|
const videoPlaylistsReorderVideosValidator = [
|
|
isValidPlaylistIdParam('playlistId'),
|
|
|
|
body('startPosition')
|
|
.isInt({ min: 1 }),
|
|
body('insertAfterPosition')
|
|
.isInt({ min: 0 }),
|
|
body('reorderLength')
|
|
.optional()
|
|
.isInt({ min: 1 }),
|
|
|
|
async (req: express.Request, res: express.Response, next: express.NextFunction) => {
|
|
if (areValidationErrors(req, res)) return
|
|
|
|
if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return
|
|
|
|
const videoPlaylist = getPlaylist(res)
|
|
if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) return
|
|
|
|
const nextPosition = await VideoPlaylistElementModel.getNextPositionOf(videoPlaylist.id)
|
|
const startPosition: number = req.body.startPosition
|
|
const insertAfterPosition: number = req.body.insertAfterPosition
|
|
const reorderLength: number = req.body.reorderLength
|
|
|
|
if (startPosition >= nextPosition || insertAfterPosition >= nextPosition) {
|
|
res.fail({ message: `Start position or insert after position exceed the playlist limits (max: ${nextPosition - 1})` })
|
|
return
|
|
}
|
|
|
|
if (reorderLength && reorderLength + startPosition > nextPosition) {
|
|
res.fail({ message: `Reorder length with this start position exceeds the playlist limits (max: ${nextPosition - startPosition})` })
|
|
return
|
|
}
|
|
|
|
return next()
|
|
}
|
|
]
|
|
|
|
const commonVideoPlaylistFiltersValidator = [
|
|
query('playlistType')
|
|
.optional()
|
|
.custom(isVideoPlaylistTypeValid),
|
|
|
|
(req: express.Request, res: express.Response, next: express.NextFunction) => {
|
|
if (areValidationErrors(req, res)) return
|
|
|
|
return next()
|
|
}
|
|
]
|
|
|
|
const doVideosInPlaylistExistValidator = [
|
|
query('videoIds')
|
|
.customSanitizer(toIntArray)
|
|
.custom(v => isArrayOf(v, isIdValid)).withMessage('Should have a valid video ids array'),
|
|
|
|
(req: express.Request, res: express.Response, next: express.NextFunction) => {
|
|
if (areValidationErrors(req, res)) return
|
|
|
|
return next()
|
|
}
|
|
]
|
|
|
|
// ---------------------------------------------------------------------------
|
|
|
|
export {
|
|
videoPlaylistsAddValidator,
|
|
videoPlaylistsUpdateValidator,
|
|
videoPlaylistsDeleteValidator,
|
|
videoPlaylistsGetValidator,
|
|
videoPlaylistsSearchValidator,
|
|
|
|
videoPlaylistsAddVideoValidator,
|
|
videoPlaylistsUpdateOrRemoveVideoValidator,
|
|
videoPlaylistsReorderVideosValidator,
|
|
|
|
videoPlaylistElementAPGetValidator,
|
|
|
|
commonVideoPlaylistFiltersValidator,
|
|
|
|
doVideosInPlaylistExistValidator
|
|
}
|
|
|
|
// ---------------------------------------------------------------------------
|
|
|
|
function getCommonPlaylistEditAttributes () {
|
|
return [
|
|
body('thumbnailfile')
|
|
.custom((value, { req }) => isVideoImageValid(req.files, 'thumbnailfile'))
|
|
.withMessage(
|
|
'This thumbnail file is not supported or too large. Please, make sure it is of the following type: ' +
|
|
CONSTRAINTS_FIELDS.VIDEO_PLAYLISTS.IMAGE.EXTNAME.join(', ')
|
|
),
|
|
|
|
body('description')
|
|
.optional()
|
|
.customSanitizer(toValueOrNull)
|
|
.custom(isVideoPlaylistDescriptionValid),
|
|
body('privacy')
|
|
.optional()
|
|
.customSanitizer(toIntOrNull)
|
|
.custom(isVideoPlaylistPrivacyValid),
|
|
body('videoChannelId')
|
|
.optional()
|
|
.customSanitizer(toIntOrNull)
|
|
] as (ValidationChain | ExpressPromiseHandler)[]
|
|
}
|
|
|
|
function checkUserCanManageVideoPlaylist (user: MUserAccountId, videoPlaylist: MVideoPlaylist, right: UserRight, res: express.Response) {
|
|
if (videoPlaylist.isOwned() === false) {
|
|
res.fail({
|
|
status: HttpStatusCode.FORBIDDEN_403,
|
|
message: 'Cannot manage video playlist of another server.'
|
|
})
|
|
return false
|
|
}
|
|
|
|
// Check if the user can manage the video playlist
|
|
// The user can delete it if s/he is an admin
|
|
// Or if s/he is the video playlist's owner
|
|
if (user.hasRight(right) === false && videoPlaylist.ownerAccountId !== user.Account.id) {
|
|
res.fail({
|
|
status: HttpStatusCode.FORBIDDEN_403,
|
|
message: 'Cannot manage video playlist of another user'
|
|
})
|
|
return false
|
|
}
|
|
|
|
return true
|
|
}
|
|
|
|
function getPlaylist (res: express.Response) {
|
|
return res.locals.videoPlaylistFull || res.locals.videoPlaylistSummary
|
|
}
|