1 import * as express from 'express'
2 import 'express-validator'
3 import { body, param, ValidationChain } from 'express-validator/check'
4 import { UserRight, VideoPrivacy } from '../../../shared'
13 } from '../../helpers/custom-validators/misc'
15 checkUserCanManageVideo,
16 isScheduleVideoUpdatePrivacyValid,
18 isVideoChannelOfAccountExist,
19 isVideoDescriptionValid,
27 isVideoRatingTypeValid,
30 } from '../../helpers/custom-validators/videos'
31 import { getDurationFromVideoFile } from '../../helpers/ffmpeg-utils'
32 import { logger } from '../../helpers/logger'
33 import { CONSTRAINTS_FIELDS } from '../../initializers'
34 import { VideoShareModel } from '../../models/video/video-share'
35 import { authenticate } from '../oauth'
36 import { areValidationErrors } from './utils'
37 import { cleanUpReqFiles } from '../../helpers/utils'
39 const videosAddValidator = getCommonVideoAttributes().concat([
41 .custom((value, { req }) => isVideoFile(req.files)).withMessage(
42 'This file is not supported or too large. Please, make sure it is of the following type: '
43 + CONSTRAINTS_FIELDS.VIDEOS.EXTNAME.join(', ')
45 body('name').custom(isVideoNameValid).withMessage('Should have a valid name'),
48 .custom(isIdValid).withMessage('Should have correct video channel id'),
50 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
51 logger.debug('Checking videosAdd parameters', { parameters: req.body, files: req.files })
53 if (areValidationErrors(req, res)) return cleanUpReqFiles(req)
54 if (areErrorsInScheduleUpdate(req, res)) return cleanUpReqFiles(req)
56 const videoFile: Express.Multer.File = req.files['videofile'][0]
57 const user = res.locals.oauth.token.User
59 if (!await isVideoChannelOfAccountExist(req.body.channelId, user, res)) return cleanUpReqFiles(req)
61 const isAble = await user.isAbleToUploadVideo(videoFile)
62 if (isAble === false) {
64 .json({ error: 'The user video quota is exceeded with this video.' })
67 return cleanUpReqFiles(req)
73 duration = await getDurationFromVideoFile(videoFile.path)
75 logger.error('Invalid input file in videosAddValidator.', { err })
77 .json({ error: 'Invalid input file.' })
80 return cleanUpReqFiles(req)
83 videoFile['duration'] = duration
89 const videosUpdateValidator = getCommonVideoAttributes().concat([
90 param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
93 .custom(isVideoNameValid).withMessage('Should have a valid name'),
97 .custom(isIdValid).withMessage('Should have correct video channel id'),
99 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
100 logger.debug('Checking videosUpdate parameters', { parameters: req.body })
102 if (areValidationErrors(req, res)) return cleanUpReqFiles(req)
103 if (areErrorsInScheduleUpdate(req, res)) return cleanUpReqFiles(req)
104 if (!await isVideoExist(req.params.id, res)) return cleanUpReqFiles(req)
106 const video = res.locals.video
108 // Check if the user who did the request is able to update the video
109 const user = res.locals.oauth.token.User
110 if (!checkUserCanManageVideo(user, res.locals.video, UserRight.UPDATE_ANY_VIDEO, res)) return cleanUpReqFiles(req)
112 if (video.privacy !== VideoPrivacy.PRIVATE && req.body.privacy === VideoPrivacy.PRIVATE) {
114 return res.status(409)
115 .json({ error: 'Cannot set "private" a video that was not private.' })
119 if (req.body.channelId && !await isVideoChannelOfAccountExist(req.body.channelId, user, res)) return cleanUpReqFiles(req)
125 const videosGetValidator = [
126 param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
128 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
129 logger.debug('Checking videosGet parameters', { parameters: req.params })
131 if (areValidationErrors(req, res)) return
132 if (!await isVideoExist(req.params.id, res)) return
134 const video = res.locals.video
136 // Video is public, anyone can access it
137 if (video.privacy === VideoPrivacy.PUBLIC) return next()
139 // Video is unlisted, check we used the uuid to fetch it
140 if (video.privacy === VideoPrivacy.UNLISTED) {
141 if (isUUIDValid(req.params.id)) return next()
143 // Don't leak this unlisted video
144 return res.status(404).end()
147 // Video is private, check the user
148 authenticate(req, res, () => {
149 if (video.VideoChannel.Account.userId !== res.locals.oauth.token.User.id) {
150 return res.status(403)
151 .json({ error: 'Cannot get this private video of another user' })
160 const videosRemoveValidator = [
161 param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
163 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
164 logger.debug('Checking videosRemove parameters', { parameters: req.params })
166 if (areValidationErrors(req, res)) return
167 if (!await isVideoExist(req.params.id, res)) return
169 // Check if the user who did the request is able to delete the video
170 if (!checkUserCanManageVideo(res.locals.oauth.token.User, res.locals.video, UserRight.REMOVE_ANY_VIDEO, res)) return
176 const videoRateValidator = [
177 param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
178 body('rating').custom(isVideoRatingTypeValid).withMessage('Should have a valid rate type'),
180 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
181 logger.debug('Checking videoRate parameters', { parameters: req.body })
183 if (areValidationErrors(req, res)) return
184 if (!await isVideoExist(req.params.id, res)) return
190 const videosShareValidator = [
191 param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
192 param('accountId').custom(isIdValid).not().isEmpty().withMessage('Should have a valid account id'),
194 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
195 logger.debug('Checking videoShare parameters', { parameters: req.params })
197 if (areValidationErrors(req, res)) return
198 if (!await isVideoExist(req.params.id, res)) return
200 const share = await VideoShareModel.load(req.params.accountId, res.locals.video.id, undefined)
202 return res.status(404)
206 res.locals.videoShare = share
211 function getCommonVideoAttributes () {
213 body('thumbnailfile')
214 .custom((value, { req }) => isVideoImage(req.files, 'thumbnailfile')).withMessage(
215 'This thumbnail file is not supported or too large. Please, make sure it is of the following type: '
216 + CONSTRAINTS_FIELDS.VIDEOS.IMAGE.EXTNAME.join(', ')
219 .custom((value, { req }) => isVideoImage(req.files, 'previewfile')).withMessage(
220 'This preview file is not supported or too large. Please, make sure it is of the following type: '
221 + CONSTRAINTS_FIELDS.VIDEOS.IMAGE.EXTNAME.join(', ')
226 .customSanitizer(toIntOrNull)
227 .custom(isVideoCategoryValid).withMessage('Should have a valid category'),
230 .customSanitizer(toIntOrNull)
231 .custom(isVideoLicenceValid).withMessage('Should have a valid licence'),
234 .customSanitizer(toValueOrNull)
235 .custom(isVideoLanguageValid).withMessage('Should have a valid language'),
239 .custom(isBooleanValid).withMessage('Should have a valid NSFW attribute'),
240 body('waitTranscoding')
243 .custom(isBooleanValid).withMessage('Should have a valid wait transcoding attribute'),
247 .custom(isVideoPrivacyValid).withMessage('Should have correct video privacy'),
250 .customSanitizer(toValueOrNull)
251 .custom(isVideoDescriptionValid).withMessage('Should have a valid description'),
254 .customSanitizer(toValueOrNull)
255 .custom(isVideoSupportValid).withMessage('Should have a valid support text'),
258 .customSanitizer(toValueOrNull)
259 .custom(isVideoTagsValid).withMessage('Should have correct tags'),
260 body('commentsEnabled')
263 .custom(isBooleanValid).withMessage('Should have comments enabled boolean'),
265 body('scheduleUpdate')
267 .customSanitizer(toValueOrNull),
268 body('scheduleUpdate.updateAt')
270 .custom(isDateValid).withMessage('Should have a valid schedule update date'),
271 body('scheduleUpdate.privacy')
274 .custom(isScheduleVideoUpdatePrivacyValid).withMessage('Should have correct schedule update privacy')
275 ] as (ValidationChain | express.Handler)[]
278 // ---------------------------------------------------------------------------
282 videosUpdateValidator,
284 videosRemoveValidator,
285 videosShareValidator,
289 getCommonVideoAttributes
292 // ---------------------------------------------------------------------------
294 function areErrorsInScheduleUpdate (req: express.Request, res: express.Response) {
295 if (req.body.scheduleUpdate) {
296 if (!req.body.scheduleUpdate.updateAt) {
298 .json({ error: 'Schedule update at is mandatory.' })