1
0
Fork 0
peertube/server/middlewares/validators/shared/videos.ts

152 lines
4.3 KiB
TypeScript
Raw Normal View History

import { Request, Response } from 'express'
import { loadVideo, VideoLoadType } from '@server/lib/model-loaders'
import { authenticatePromiseIfNeeded } from '@server/middlewares/auth'
import { VideoModel } from '@server/models/video/video'
import { VideoChannelModel } from '@server/models/video/video-channel'
import { VideoFileModel } from '@server/models/video/video-file'
import {
MUser,
MUserAccountId,
MVideo,
MVideoAccountLight,
MVideoFormattableDetails,
MVideoFullLight,
2021-06-11 08:09:33 -04:00
MVideoId,
MVideoImmutable,
MVideoThumbnail,
MVideoWithRights
2020-06-18 04:45:25 -04:00
} from '@server/types/models'
2021-07-16 08:27:30 -04:00
import { HttpStatusCode, UserRight } from '@shared/models'
2019-07-23 04:40:39 -04:00
async function doesVideoExist (id: number | string, res: Response, fetchType: VideoLoadType = 'all') {
2019-07-23 04:40:39 -04:00
const userId = res.locals.oauth ? res.locals.oauth.token.User.id : undefined
const video = await loadVideo(id, fetchType, userId)
2019-07-23 04:40:39 -04:00
if (video === null) {
res.fail({
status: HttpStatusCode.NOT_FOUND_404,
message: 'Video not found'
})
2019-07-23 04:40:39 -04:00
return false
}
2019-08-15 05:53:26 -04:00
switch (fetchType) {
case 'for-api':
res.locals.videoAPI = video as MVideoFormattableDetails
break
2019-08-15 05:53:26 -04:00
case 'all':
res.locals.videoAll = video as MVideoFullLight
break
case 'only-immutable-attributes':
res.locals.onlyImmutableVideo = video as MVideoImmutable
break
2019-08-15 05:53:26 -04:00
case 'id':
2021-06-11 08:09:33 -04:00
res.locals.videoId = video as MVideoId
2019-08-15 05:53:26 -04:00
break
case 'only-video':
2019-08-20 07:52:49 -04:00
res.locals.onlyVideo = video as MVideoThumbnail
2019-08-15 05:53:26 -04:00
break
}
2019-07-23 04:40:39 -04:00
return true
}
async function doesVideoFileOfVideoExist (id: number, videoIdOrUUID: number | string, res: Response) {
if (!await VideoFileModel.doesVideoExistForVideoFile(id, videoIdOrUUID)) {
res.fail({
status: HttpStatusCode.NOT_FOUND_404,
message: 'VideoFile matching Video not found'
})
return false
}
return true
}
2019-08-15 05:53:26 -04:00
async function doesVideoChannelOfAccountExist (channelId: number, user: MUserAccountId, res: Response) {
2021-04-06 11:01:35 -04:00
const videoChannel = await VideoChannelModel.loadAndPopulateAccount(channelId)
2019-07-23 04:40:39 -04:00
2021-04-06 11:01:35 -04:00
if (videoChannel === null) {
res.fail({ message: 'Unknown video "video channel" for this instance.' })
2021-04-06 11:01:35 -04:00
return false
}
// Don't check account id if the user can update any video
if (user.hasRight(UserRight.UPDATE_ANY_VIDEO) === true) {
2019-07-23 04:40:39 -04:00
res.locals.videoChannel = videoChannel
return true
}
2021-04-06 11:01:35 -04:00
if (videoChannel.Account.id !== user.Account.id) {
res.fail({
message: 'Unknown video "video channel" for this account.'
})
2019-07-23 04:40:39 -04:00
return false
}
res.locals.videoChannel = videoChannel
return true
}
async function checkCanSeeVideoIfPrivate (req: Request, res: Response, video: MVideo, authenticateInQuery = false) {
if (!video.requiresAuth()) return true
const videoWithRights = await VideoModel.loadAndPopulateAccountAndServerAndTags(video.id)
return checkCanSeePrivateVideo(req, res, videoWithRights, authenticateInQuery)
}
async function checkCanSeePrivateVideo (req: Request, res: Response, video: MVideoWithRights, authenticateInQuery = false) {
await authenticatePromiseIfNeeded(req, res, authenticateInQuery)
const user = res.locals.oauth ? res.locals.oauth.token.User : null
// Only the owner or a user that have blocklist rights can see the video
if (!user || !user.canGetVideo(video)) {
return false
}
return true
}
2020-11-02 09:43:44 -05:00
function checkUserCanManageVideo (user: MUser, video: MVideoAccountLight, right: UserRight, res: Response, onlyOwned = true) {
2019-07-23 04:40:39 -04:00
// Retrieve the user who did the request
2020-11-02 09:43:44 -05:00
if (onlyOwned && video.isOwned() === false) {
res.fail({
status: HttpStatusCode.FORBIDDEN_403,
message: 'Cannot manage a video of another server.'
})
2019-07-23 04:40:39 -04:00
return false
}
// Check if the user can delete the video
// The user can delete it if he has the right
// Or if s/he is the video's account
const account = video.VideoChannel.Account
if (user.hasRight(right) === false && account.userId !== user.id) {
res.fail({
status: HttpStatusCode.FORBIDDEN_403,
message: 'Cannot manage a video of another user.'
})
2019-07-23 04:40:39 -04:00
return false
}
return true
}
// ---------------------------------------------------------------------------
export {
doesVideoChannelOfAccountExist,
doesVideoExist,
doesVideoFileOfVideoExist,
checkUserCanManageVideo,
checkCanSeeVideoIfPrivate,
checkCanSeePrivateVideo
2019-07-23 04:40:39 -04:00
}