server/middlewares/validators/videos/video-playlists.ts

   1 import * as express from 'express'
   2 import { body, param, query, ValidationChain } from 'express-validator'
   3 import { UserRight, VideoPlaylistCreate, VideoPlaylistUpdate } from '../../../../shared'
   4 import { logger } from '../../../helpers/logger'
   5 import { UserModel } from '../../../models/account/user'
   6 import { areValidationErrors } from '../utils'
   7 import { isVideoImage } from '../../../helpers/custom-validators/videos'
   8 import { CONSTRAINTS_FIELDS } from '../../../initializers/constants'
   9 import {
  10   isArrayOf,
  11   isIdOrUUIDValid,
  12   isIdValid,
  13   isUUIDValid,
  14   toIntArray,
  15   toIntOrNull,
  16   toValueOrNull
  17 } from '../../../helpers/custom-validators/misc'
  18 import {
  19   isVideoPlaylistDescriptionValid,
  20   isVideoPlaylistNameValid,
  21   isVideoPlaylistPrivacyValid,
  22   isVideoPlaylistTimestampValid,
  23   isVideoPlaylistTypeValid
  24 } from '../../../helpers/custom-validators/video-playlists'
  25 import { VideoPlaylistModel } from '../../../models/video/video-playlist'
  26 import { cleanUpReqFiles } from '../../../helpers/express-utils'
  27 import { VideoPlaylistElementModel } from '../../../models/video/video-playlist-element'
  28 import { authenticatePromiseIfNeeded } from '../../oauth'
  29 import { VideoPlaylistPrivacy } from '../../../../shared/models/videos/playlist/video-playlist-privacy.model'
  30 import { VideoPlaylistType } from '../../../../shared/models/videos/playlist/video-playlist-type.model'
  31 import { doesVideoChannelIdExist, doesVideoExist, doesVideoPlaylistExist } from '../../../helpers/middlewares'
  32
  33 const videoPlaylistsAddValidator = getCommonPlaylistEditAttributes().concat([
  34   body('displayName')
  35     .custom(isVideoPlaylistNameValid).withMessage('Should have a valid display name'),
  36
  37   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
  38     logger.debug('Checking videoPlaylistsAddValidator parameters', { parameters: req.body })
  39
  40     if (areValidationErrors(req, res)) return cleanUpReqFiles(req)
  41
  42     const body: VideoPlaylistCreate = req.body
  43     if (body.videoChannelId && !await doesVideoChannelIdExist(body.videoChannelId, res)) return cleanUpReqFiles(req)
  44
  45     if (body.privacy === VideoPlaylistPrivacy.PUBLIC && !body.videoChannelId) {
  46       cleanUpReqFiles(req)
  47       return res.status(400)
  48                 .json({ error: 'Cannot set "public" a playlist that is not assigned to a channel.' })
  49     }
  50
  51     return next()
  52   }
  53 ])
  54
  55 const videoPlaylistsUpdateValidator = getCommonPlaylistEditAttributes().concat([
  56   param('playlistId')
  57     .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
  58
  59   body('displayName')
  60     .optional()
  61     .custom(isVideoPlaylistNameValid).withMessage('Should have a valid display name'),
  62
  63   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
  64     logger.debug('Checking videoPlaylistsUpdateValidator parameters', { parameters: req.body })
  65
  66     if (areValidationErrors(req, res)) return cleanUpReqFiles(req)
  67
  68     if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return cleanUpReqFiles(req)
  69
  70     const videoPlaylist = res.locals.videoPlaylist
  71
  72     if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, res.locals.videoPlaylist, UserRight.REMOVE_ANY_VIDEO_PLAYLIST, res)) {
  73       return cleanUpReqFiles(req)
  74     }
  75
  76     const body: VideoPlaylistUpdate = req.body
  77
  78     const newPrivacy = body.privacy || videoPlaylist.privacy
  79     if (newPrivacy === VideoPlaylistPrivacy.PUBLIC &&
  80       (
  81         (!videoPlaylist.videoChannelId && !body.videoChannelId) ||
  82         body.videoChannelId === null
  83       )
  84     ) {
  85       cleanUpReqFiles(req)
  86       return res.status(400)
  87                 .json({ error: 'Cannot set "public" a playlist that is not assigned to a channel.' })
  88     }
  89
  90     if (videoPlaylist.type === VideoPlaylistType.WATCH_LATER) {
  91       cleanUpReqFiles(req)
  92       return res.status(400)
  93                 .json({ error: 'Cannot update a watch later playlist.' })
  94     }
  95
  96     if (body.videoChannelId && !await doesVideoChannelIdExist(body.videoChannelId, res)) return cleanUpReqFiles(req)
  97
  98     return next()
  99   }
 100 ])
 101
 102 const videoPlaylistsDeleteValidator = [
 103   param('playlistId')
 104     .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
 105
 106   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
 107     logger.debug('Checking videoPlaylistsDeleteValidator parameters', { parameters: req.params })
 108
 109     if (areValidationErrors(req, res)) return
 110
 111     if (!await doesVideoPlaylistExist(req.params.playlistId, res)) return
 112
 113     const videoPlaylist = res.locals.videoPlaylist
 114     if (videoPlaylist.type === VideoPlaylistType.WATCH_LATER) {
 115       return res.status(400)
 116                 .json({ error: 'Cannot delete a watch later playlist.' })
 117     }
 118
 119     if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, res.locals.videoPlaylist, UserRight.REMOVE_ANY_VIDEO_PLAYLIST, res)) {
 120       return
 121     }
 122
 123     return next()
 124   }
 125 ]
 126
 127 const videoPlaylistsGetValidator = [
 128   param('playlistId')
 129     .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
 130
 131   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
 132     logger.debug('Checking videoPlaylistsGetValidator parameters', { parameters: req.params })
 133
 134     if (areValidationErrors(req, res)) return
 135
 136     if (!await doesVideoPlaylistExist(req.params.playlistId, res)) return
 137
 138     const videoPlaylist = res.locals.videoPlaylist
 139
 140     // Video is unlisted, check we used the uuid to fetch it
 141     if (videoPlaylist.privacy === VideoPlaylistPrivacy.UNLISTED) {
 142       if (isUUIDValid(req.params.playlistId)) return next()
 143
 144       return res.status(404).end()
 145     }
 146
 147     if (videoPlaylist.privacy === VideoPlaylistPrivacy.PRIVATE) {
 148       await authenticatePromiseIfNeeded(req, res)
 149
 150       const user = res.locals.oauth ? res.locals.oauth.token.User : null
 151
 152       if (
 153         !user ||
 154         (videoPlaylist.OwnerAccount.id !== user.Account.id && !user.hasRight(UserRight.UPDATE_ANY_VIDEO_PLAYLIST))
 155       ) {
 156         return res.status(403)
 157                   .json({ error: 'Cannot get this private video playlist.' })
 158       }
 159
 160       return next()
 161     }
 162
 163     return next()
 164   }
 165 ]
 166
 167 const videoPlaylistsAddVideoValidator = [
 168   param('playlistId')
 169     .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
 170   body('videoId')
 171     .custom(isIdOrUUIDValid).withMessage('Should have a valid video id/uuid'),
 172   body('startTimestamp')
 173     .optional()
 174     .custom(isVideoPlaylistTimestampValid).withMessage('Should have a valid start timestamp'),
 175   body('stopTimestamp')
 176     .optional()
 177     .custom(isVideoPlaylistTimestampValid).withMessage('Should have a valid stop timestamp'),
 178
 179   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
 180     logger.debug('Checking videoPlaylistsAddVideoValidator parameters', { parameters: req.params })
 181
 182     if (areValidationErrors(req, res)) return
 183
 184     if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return
 185     if (!await doesVideoExist(req.body.videoId, res, 'only-video')) return
 186
 187     const videoPlaylist = res.locals.videoPlaylist
 188     const video = res.locals.video
 189
 190     const videoPlaylistElement = await VideoPlaylistElementModel.loadByPlaylistAndVideo(videoPlaylist.id, video.id)
 191     if (videoPlaylistElement) {
 192       res.status(409)
 193          .json({ error: 'This video in this playlist already exists' })
 194          .end()
 195
 196       return
 197     }
 198
 199     if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, res.locals.videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) {
 200       return
 201     }
 202
 203     return next()
 204   }
 205 ]
 206
 207 const videoPlaylistsUpdateOrRemoveVideoValidator = [
 208   param('playlistId')
 209     .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
 210   param('videoId')
 211     .custom(isIdOrUUIDValid).withMessage('Should have an video id/uuid'),
 212   body('startTimestamp')
 213     .optional()
 214     .custom(isVideoPlaylistTimestampValid).withMessage('Should have a valid start timestamp'),
 215   body('stopTimestamp')
 216     .optional()
 217     .custom(isVideoPlaylistTimestampValid).withMessage('Should have a valid stop timestamp'),
 218
 219   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
 220     logger.debug('Checking videoPlaylistsRemoveVideoValidator parameters', { parameters: req.params })
 221
 222     if (areValidationErrors(req, res)) return
 223
 224     if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return
 225     if (!await doesVideoExist(req.params.videoId, res, 'id')) return
 226
 227     const videoPlaylist = res.locals.videoPlaylist
 228     const video = res.locals.video
 229
 230     const videoPlaylistElement = await VideoPlaylistElementModel.loadByPlaylistAndVideo(videoPlaylist.id, video.id)
 231     if (!videoPlaylistElement) {
 232       res.status(404)
 233          .json({ error: 'Video playlist element not found' })
 234          .end()
 235
 236       return
 237     }
 238     res.locals.videoPlaylistElement = videoPlaylistElement
 239
 240     if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) return
 241
 242     return next()
 243   }
 244 ]
 245
 246 const videoPlaylistElementAPGetValidator = [
 247   param('playlistId')
 248     .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
 249   param('videoId')
 250     .custom(isIdOrUUIDValid).withMessage('Should have an video id/uuid'),
 251
 252   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
 253     logger.debug('Checking videoPlaylistElementAPGetValidator parameters', { parameters: req.params })
 254
 255     if (areValidationErrors(req, res)) return
 256
 257     const videoPlaylistElement = await VideoPlaylistElementModel.loadByPlaylistAndVideoForAP(req.params.playlistId, req.params.videoId)
 258     if (!videoPlaylistElement) {
 259       res.status(404)
 260          .json({ error: 'Video playlist element not found' })
 261          .end()
 262
 263       return
 264     }
 265
 266     if (videoPlaylistElement.VideoPlaylist.privacy === VideoPlaylistPrivacy.PRIVATE) {
 267       return res.status(403).end()
 268     }
 269
 270     res.locals.videoPlaylistElement = videoPlaylistElement
 271
 272     return next()
 273   }
 274 ]
 275
 276 const videoPlaylistsReorderVideosValidator = [
 277   param('playlistId')
 278     .custom(isIdOrUUIDValid).withMessage('Should have a valid playlist id/uuid'),
 279   body('startPosition')
 280     .isInt({ min: 1 }).withMessage('Should have a valid start position'),
 281   body('insertAfterPosition')
 282     .isInt({ min: 0 }).withMessage('Should have a valid insert after position'),
 283   body('reorderLength')
 284     .optional()
 285     .isInt({ min: 1 }).withMessage('Should have a valid range length'),
 286
 287   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
 288     logger.debug('Checking videoPlaylistsReorderVideosValidator parameters', { parameters: req.params })
 289
 290     if (areValidationErrors(req, res)) return
 291
 292     if (!await doesVideoPlaylistExist(req.params.playlistId, res, 'all')) return
 293
 294     const videoPlaylist = res.locals.videoPlaylist
 295     if (!checkUserCanManageVideoPlaylist(res.locals.oauth.token.User, videoPlaylist, UserRight.UPDATE_ANY_VIDEO_PLAYLIST, res)) return
 296
 297     const nextPosition = await VideoPlaylistElementModel.getNextPositionOf(videoPlaylist.id)
 298     const startPosition: number = req.body.startPosition
 299     const insertAfterPosition: number = req.body.insertAfterPosition
 300     const reorderLength: number = req.body.reorderLength
 301
 302     if (startPosition >= nextPosition || insertAfterPosition >= nextPosition) {
 303       res.status(400)
 304          .json({ error: `Start position or insert after position exceed the playlist limits (max: ${nextPosition - 1})` })
 305          .end()
 306
 307       return
 308     }
 309
 310     if (reorderLength && reorderLength + startPosition > nextPosition) {
 311       res.status(400)
 312          .json({ error: `Reorder length with this start position exceeds the playlist limits (max: ${nextPosition - startPosition})` })
 313          .end()
 314
 315       return
 316     }
 317
 318     return next()
 319   }
 320 ]
 321
 322 const commonVideoPlaylistFiltersValidator = [
 323   query('playlistType')
 324     .optional()
 325     .custom(isVideoPlaylistTypeValid).withMessage('Should have a valid playlist type'),
 326
 327   (req: express.Request, res: express.Response, next: express.NextFunction) => {
 328     logger.debug('Checking commonVideoPlaylistFiltersValidator parameters', { parameters: req.params })
 329
 330     if (areValidationErrors(req, res)) return
 331
 332     return next()
 333   }
 334 ]
 335
 336 const doVideosInPlaylistExistValidator = [
 337   query('videoIds')
 338     .customSanitizer(toIntArray)
 339     .custom(v => isArrayOf(v, isIdValid)).withMessage('Should have a valid video ids array'),
 340
 341   (req: express.Request, res: express.Response, next: express.NextFunction) => {
 342     logger.debug('Checking areVideosInPlaylistExistValidator parameters', { parameters: req.query })
 343
 344     if (areValidationErrors(req, res)) return
 345
 346     return next()
 347   }
 348 ]
 349
 350 // ---------------------------------------------------------------------------
 351
 352 export {
 353   videoPlaylistsAddValidator,
 354   videoPlaylistsUpdateValidator,
 355   videoPlaylistsDeleteValidator,
 356   videoPlaylistsGetValidator,
 357
 358   videoPlaylistsAddVideoValidator,
 359   videoPlaylistsUpdateOrRemoveVideoValidator,
 360   videoPlaylistsReorderVideosValidator,
 361
 362   videoPlaylistElementAPGetValidator,
 363
 364   commonVideoPlaylistFiltersValidator,
 365
 366   doVideosInPlaylistExistValidator
 367 }
 368
 369 // ---------------------------------------------------------------------------
 370
 371 function getCommonPlaylistEditAttributes () {
 372   return [
 373     body('thumbnailfile')
 374       .custom((value, { req }) => isVideoImage(req.files, 'thumbnailfile')).withMessage(
 375       'This thumbnail file is not supported or too large. Please, make sure it is of the following type: '
 376       + CONSTRAINTS_FIELDS.VIDEO_PLAYLISTS.IMAGE.EXTNAME.join(', ')
 377     ),
 378
 379     body('description')
 380       .optional()
 381       .customSanitizer(toValueOrNull)
 382       .custom(isVideoPlaylistDescriptionValid).withMessage('Should have a valid description'),
 383     body('privacy')
 384       .optional()
 385       .customSanitizer(toIntOrNull)
 386       .custom(isVideoPlaylistPrivacyValid).withMessage('Should have correct playlist privacy'),
 387     body('videoChannelId')
 388       .optional()
 389       .customSanitizer(toIntOrNull)
 390   ] as (ValidationChain | express.Handler)[]
 391 }
 392
 393 function checkUserCanManageVideoPlaylist (user: UserModel, videoPlaylist: VideoPlaylistModel, right: UserRight, res: express.Response) {
 394   if (videoPlaylist.isOwned() === false) {
 395     res.status(403)
 396        .json({ error: 'Cannot manage video playlist of another server.' })
 397        .end()
 398
 399     return false
 400   }
 401
 402   // Check if the user can manage the video playlist
 403   // The user can delete it if s/he is an admin
 404   // Or if s/he is the video playlist's owner
 405   if (user.hasRight(right) === false && videoPlaylist.ownerAccountId !== user.Account.id) {
 406     res.status(403)
 407        .json({ error: 'Cannot manage video playlist of another user' })
 408        .end()
 409
 410     return false
 411   }
 412
 413   return true
 414 }