server/middlewares/validators/videos/video-playlists.ts

   1 import * as express from 'express'
   2 import { body, param, query, ValidationChain } from 'express-validator'
   3 import { UserRight, VideoPlaylistCreate, VideoPlaylistUpdate } from '../../../../shared'
   4 import { logger } from '../../../helpers/logger'
   5 import { UserModel } from '../../../models/account/user'
   6 import { areValidationErrors } from '../utils'
   7 import { isVideoImage } from '../../../helpers/custom-validators/videos'
   8 import { CONSTRAINTS_FIELDS } from '../../../initializers/constants'
   9 import {
  10   isArrayOf,
  11   isIdOrUUIDValid,
  12   isIdValid,
  13   isUUIDValid,
  14   toIntArray,
  15   toIntOrNull,
  16   toValueOrNull
  17 } from '../../../helpers/custom-validators/misc'
  18 import {
  19   isVideoPlaylistDescriptionValid,
  20   isVideoPlaylistNameValid,
  21   isVideoPlaylistPrivacyValid,
  22   isVideoPlaylistTimestampValid,
  23   isVideoPlaylistTypeValid
  24 } from '../../../helpers/custom-validators/video-playlists'
  25 import { VideoPlaylistModel } from '../../../models/video/video-playlist'
  26 import { cleanUpReqFiles } from '../../../helpers/express-utils'
  27 import { VideoPlaylistElementModel } from '../../../models/video/video-playlist-element'
  28 import { authenticatePromiseIfNeeded } from '../../oauth'
  29 import { VideoPlaylistPrivacy } from '../../../../shared/models/videos/playlist/video-playlist-privacy.model'
  30 import { VideoPlaylistType } from '../../../../shared/models/videos/playlist/video-playlist-type.model'
  31 import { doesVideoChannelIdExist, doesVideoExist, doesVideoPlaylistExist } from '../../../helpers/middlewares'
  32
  33 const videoPlaylistsAddValidator = getCommonPlaylistEditAttributes().concat([
  34   body('displayName')
  35     .custom(isVideoPlaylistNameValid).withMessage('Should have a valid display name'),
  36
  37   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
  38     logger.debug('Checking videoPlaylistsAddValidator parameters', { parameters: req.body })
  39
  40     if (areValidationErrors(req, res)) return cleanUpReqFiles(req)
  41
  42     const body: VideoPlaylistCreate = req.body
  43     if (body.videoChannelId && !await doesVideoChannelIdExist(body.videoChannelId, res)) return cleanUpReqFiles(req)
  44
  45     if (body.privacy === VideoPlaylistPrivacy.PUBLIC && !body.videoChannelId) {
  46       cleanUpReqFiles(req)
  47       return res.status(400)
  48                 .json({ error: 'Cannot set "public" a playlist that is not assigned to a channel.' })
  49     }
  50
  51     return next()
  52   }
  53 ])
  54
  55 const videoPlaylistsUpdateValidator = getCommonPlaylistEditAttributes().concat([
  56   param('playlistId')
  57     .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
  58
  59   body('displayName')
  60     .optional()
  61     .custom(isVideoPlaylistNameValid).withMessage('Should have a valid display name'),
  62
  63   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
  64     logger.debug('Checking videoPlaylistsUpdateValidator parameters', { parameters: req.body })
  65
  66     if (areValidationErrors(req, res)) return cleanUpReqFiles(req)
  67
  68     if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return cleanUpReqFiles(req)
  69
  70     const videoPlaylist = res.locals.videoPlaylist
  71
  72     if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, res.locals.videoPlaylist, UserRight.REMOVE_ANY_VIDEO_PLAYLIST, res)) {
  73       return cleanUpReqFiles(req)
  74     }
  75
  76     const body: VideoPlaylistUpdate = req.body
  77
  78     const newPrivacy = body.privacy || videoPlaylist.privacy
  79     if (newPrivacy === VideoPlaylistPrivacy.PUBLIC &&
  80       (
  81         (!videoPlaylist.videoChannelId && !body.videoChannelId) ||
  82         body.videoChannelId === null
  83       )
  84     ) {
  85       cleanUpReqFiles(req)
  86       return res.status(400)
  87                 .json({ error: 'Cannot set "public" a playlist that is not assigned to a channel.' })
  88     }
  89
  90     if (videoPlaylist.type === VideoPlaylistType.WATCH_LATER) {
  91       cleanUpReqFiles(req)
  92       return res.status(400)
  93                 .json({ error: 'Cannot update a watch later playlist.' })
  94     }
  95
  96     if (body.videoChannelId && !await doesVideoChannelIdExist(body.videoChannelId, res)) return cleanUpReqFiles(req)
  97
  98     return next()
  99   }
 100 ])
 101
 102 const videoPlaylistsDeleteValidator = [
 103   param('playlistId')
 104     .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
 105
 106   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
 107     logger.debug('Checking videoPlaylistsDeleteValidator parameters', { parameters: req.params })
 108
 109     if (areValidationErrors(req, res)) return
 110
 111     if (!await doesVideoPlaylistExist(req.params.playlistId, res)) return
 112
 113     const videoPlaylist = res.locals.videoPlaylist
 114     if (videoPlaylist.type === VideoPlaylistType.WATCH_LATER) {
 115       return res.status(400)
 116                 .json({ error: 'Cannot delete a watch later playlist.' })
 117     }
 118
 119     if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, res.locals.videoPlaylist, UserRight.REMOVE_ANY_VIDEO_PLAYLIST, res)) {
 120       return
 121     }
 122
 123     return next()
 124   }
 125 ]
 126
 127 const videoPlaylistsGetValidator = [
 128   param('playlistId')
 129     .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
 130
 131   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
 132     logger.debug('Checking videoPlaylistsGetValidator parameters', { parameters: req.params })
 133
 134     if (areValidationErrors(req, res)) return
 135
 136     if (!await doesVideoPlaylistExist(req.params.playlistId, res)) return
 137
 138     const videoPlaylist = res.locals.videoPlaylist
 139
 140     // Video is unlisted, check we used the uuid to fetch it
 141     if (videoPlaylist.privacy === VideoPlaylistPrivacy.UNLISTED) {
 142       if (isUUIDValid(req.params.playlistId)) return next()
 143
 144       return res.status(404).end()
 145     }
 146
 147     if (videoPlaylist.privacy === VideoPlaylistPrivacy.PRIVATE) {
 148       await authenticatePromiseIfNeeded(req, res)
 149
 150       const user = res.locals.oauth ? res.locals.oauth.token.User : null
 151
 152       if (
 153         !user ||
 154         (videoPlaylist.OwnerAccount.id !== user.Account.id && !user.hasRight(UserRight.UPDATE_ANY_VIDEO_PLAYLIST))
 155       ) {
 156         return res.status(403)
 157                   .json({ error: 'Cannot get this private video playlist.' })
 158       }
 159
 160       return next()
 161     }
 162
 163     return next()
 164   }
 165 ]
 166
 167 const videoPlaylistsAddVideoValidator = [
 168   param('playlistId')
 169     .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
 170   body('videoId')
 171     .custom(isIdOrUUIDValid).withMessage('Should have a valid video id/uuid'),
 172   body('startTimestamp')
 173     .optional()
 174     .custom(isVideoPlaylistTimestampValid).withMessage('Should have a valid start timestamp'),
 175   body('stopTimestamp')
 176     .optional()
 177     .custom(isVideoPlaylistTimestampValid).withMessage('Should have a valid stop timestamp'),
 178
 179   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
 180     logger.debug('Checking videoPlaylistsAddVideoValidator parameters', { parameters: req.params })
 181
 182     if (areValidationErrors(req, res)) return
 183
 184     if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return
 185     if (!await doesVideoExist(req.body.videoId, res, 'only-video')) return
 186
 187     const videoPlaylist = res.locals.videoPlaylist
 188     const video = res.locals.video
 189
 190     const videoPlaylistElement = await VideoPlaylistElementModel.loadByPlaylistAndVideo(videoPlaylist.id, video.id)
 191     if (videoPlaylistElement) {
 192       res.status(409)
 193          .json({ error: 'This video in this playlist already exists' })
 194          .end()
 195
 196       return
 197     }
 198
 199     if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, res.locals.videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) {
 200       return
 201     }
 202
 203     return next()
 204   }
 205 ]
 206
 207 const videoPlaylistsUpdateOrRemoveVideoValidator = [
 208   param('playlistId')
 209     .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
 210   param('playlistElementId')
 211     .custom(isIdValid).withMessage('Should have an element id/uuid'),
 212   body('startTimestamp')
 213     .optional()
 214     .custom(isVideoPlaylistTimestampValid).withMessage('Should have a valid start timestamp'),
 215   body('stopTimestamp')
 216     .optional()
 217     .custom(isVideoPlaylistTimestampValid).withMessage('Should have a valid stop timestamp'),
 218
 219   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
 220     logger.debug('Checking videoPlaylistsRemoveVideoValidator parameters', { parameters: req.params })
 221
 222     if (areValidationErrors(req, res)) return
 223
 224     if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return
 225
 226     const videoPlaylist = res.locals.videoPlaylist
 227
 228     const videoPlaylistElement = await VideoPlaylistElementModel.loadById(req.params.playlistElementId)
 229     if (!videoPlaylistElement) {
 230       res.status(404)
 231          .json({ error: 'Video playlist element not found' })
 232          .end()
 233
 234       return
 235     }
 236     res.locals.videoPlaylistElement = videoPlaylistElement
 237
 238     if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) return
 239
 240     return next()
 241   }
 242 ]
 243
 244 const videoPlaylistElementAPGetValidator = [
 245   param('playlistId')
 246     .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
 247   param('videoId')
 248     .custom(isIdOrUUIDValid).withMessage('Should have an video id/uuid'),
 249
 250   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
 251     logger.debug('Checking videoPlaylistElementAPGetValidator parameters', { parameters: req.params })
 252
 253     if (areValidationErrors(req, res)) return
 254
 255     const videoPlaylistElement = await VideoPlaylistElementModel.loadByPlaylistAndVideoForAP(req.params.playlistId, req.params.videoId)
 256     if (!videoPlaylistElement) {
 257       res.status(404)
 258          .json({ error: 'Video playlist element not found' })
 259          .end()
 260
 261       return
 262     }
 263
 264     if (videoPlaylistElement.VideoPlaylist.privacy === VideoPlaylistPrivacy.PRIVATE) {
 265       return res.status(403).end()
 266     }
 267
 268     res.locals.videoPlaylistElement = videoPlaylistElement
 269
 270     return next()
 271   }
 272 ]
 273
 274 const videoPlaylistsReorderVideosValidator = [
 275   param('playlistId')
 276     .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
 277   body('startPosition')
 278     .isInt({ min: 1 }).withMessage('Should have a valid start position'),
 279   body('insertAfterPosition')
 280     .isInt({ min: 0 }).withMessage('Should have a valid insert after position'),
 281   body('reorderLength')
 282     .optional()
 283     .isInt({ min: 1 }).withMessage('Should have a valid range length'),
 284
 285   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
 286     logger.debug('Checking videoPlaylistsReorderVideosValidator parameters', { parameters: req.params })
 287
 288     if (areValidationErrors(req, res)) return
 289
 290     if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return
 291
 292     const videoPlaylist = res.locals.videoPlaylist
 293     if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) return
 294
 295     const nextPosition = await VideoPlaylistElementModel.getNextPositionOf(videoPlaylist.id)
 296     const startPosition: number = req.body.startPosition
 297     const insertAfterPosition: number = req.body.insertAfterPosition
 298     const reorderLength: number = req.body.reorderLength
 299
 300     if (startPosition >= nextPosition || insertAfterPosition >= nextPosition) {
 301       res.status(400)
 302          .json({ error: `Start position or insert after position exceed the playlist limits (max: ${nextPosition - 1})` })
 303          .end()
 304
 305       return
 306     }
 307
 308     if (reorderLength && reorderLength + startPosition > nextPosition) {
 309       res.status(400)
 310          .json({ error: `Reorder length with this start position exceeds the playlist limits (max: ${nextPosition - startPosition})` })
 311          .end()
 312
 313       return
 314     }
 315
 316     return next()
 317   }
 318 ]
 319
 320 const commonVideoPlaylistFiltersValidator = [
 321   query('playlistType')
 322     .optional()
 323     .custom(isVideoPlaylistTypeValid).withMessage('Should have a valid playlist type'),
 324
 325   (req: express.Request, res: express.Response, next: express.NextFunction) => {
 326     logger.debug('Checking commonVideoPlaylistFiltersValidator parameters', { parameters: req.params })
 327
 328     if (areValidationErrors(req, res)) return
 329
 330     return next()
 331   }
 332 ]
 333
 334 const doVideosInPlaylistExistValidator = [
 335   query('videoIds')
 336     .customSanitizer(toIntArray)
 337     .custom(v => isArrayOf(v, isIdValid)).withMessage('Should have a valid video ids array'),
 338
 339   (req: express.Request, res: express.Response, next: express.NextFunction) => {
 340     logger.debug('Checking areVideosInPlaylistExistValidator parameters', { parameters: req.query })
 341
 342     if (areValidationErrors(req, res)) return
 343
 344     return next()
 345   }
 346 ]
 347
 348 // ---------------------------------------------------------------------------
 349
 350 export {
 351   videoPlaylistsAddValidator,
 352   videoPlaylistsUpdateValidator,
 353   videoPlaylistsDeleteValidator,
 354   videoPlaylistsGetValidator,
 355
 356   videoPlaylistsAddVideoValidator,
 357   videoPlaylistsUpdateOrRemoveVideoValidator,
 358   videoPlaylistsReorderVideosValidator,
 359
 360   videoPlaylistElementAPGetValidator,
 361
 362   commonVideoPlaylistFiltersValidator,
 363
 364   doVideosInPlaylistExistValidator
 365 }
 366
 367 // ---------------------------------------------------------------------------
 368
 369 function getCommonPlaylistEditAttributes () {
 370   return [
 371     body('thumbnailfile')
 372       .custom((value, { req }) => isVideoImage(req.files, 'thumbnailfile')).withMessage(
 373       'This thumbnail file is not supported or too large. Please, make sure it is of the following type: '
 374       + CONSTRAINTS_FIELDS.VIDEO_PLAYLISTS.IMAGE.EXTNAME.join(', ')
 375     ),
 376
 377     body('description')
 378       .optional()
 379       .customSanitizer(toValueOrNull)
 380       .custom(isVideoPlaylistDescriptionValid).withMessage('Should have a valid description'),
 381     body('privacy')
 382       .optional()
 383       .customSanitizer(toIntOrNull)
 384       .custom(isVideoPlaylistPrivacyValid).withMessage('Should have correct playlist privacy'),
 385     body('videoChannelId')
 386       .optional()
 387       .customSanitizer(toIntOrNull)
 388   ] as (ValidationChain | express.Handler)[]
 389 }
 390
 391 function checkUserCanManageVideoPlaylist (user: UserModel, videoPlaylist: VideoPlaylistModel, right: UserRight, res: express.Response) {
 392   if (videoPlaylist.isOwned() === false) {
 393     res.status(403)
 394        .json({ error: 'Cannot manage video playlist of another server.' })
 395        .end()
 396
 397     return false
 398   }
 399
 400   // Check if the user can manage the video playlist
 401   // The user can delete it if s/he is an admin
 402   // Or if s/he is the video playlist's owner
 403   if (user.hasRight(right) === false && videoPlaylist.ownerAccountId !== user.Account.id) {
 404     res.status(403)
 405        .json({ error: 'Cannot manage video playlist of another user' })
 406        .end()
 407
 408     return false
 409   }
 410
 411   return true
 412 }