1
0
Fork 0
peertube/server/middlewares/validators/videos/video-comments.ts

261 lines
8.5 KiB
TypeScript
Raw Normal View History

2021-08-27 08:32:44 -04:00
import express from 'express'
2020-11-13 10:38:23 -05:00
import { body, param, query } from 'express-validator'
2020-06-18 04:45:25 -04:00
import { MUserAccountUrl } from '@server/types/models'
2021-12-24 04:14:47 -05:00
import { HttpStatusCode, UserRight } from '@shared/models'
import { exists, isBooleanValid, isIdValid, toBooleanOrNull } from '../../../helpers/custom-validators/misc'
import { isValidVideoCommentText } from '../../../helpers/custom-validators/video-comments'
2018-10-05 05:15:06 -04:00
import { logger } from '../../../helpers/logger'
2020-05-06 02:48:06 -04:00
import { AcceptResult, isLocalVideoCommentReplyAccepted, isLocalVideoThreadAccepted } from '../../../lib/moderation'
import { Hooks } from '../../../lib/plugins/hooks'
2020-07-07 04:57:04 -04:00
import { MCommentOwnerVideoReply, MVideo, MVideoFullLight } from '../../../types/models/video'
import {
areValidationErrors,
checkCanSeeVideoIfPrivate,
doesVideoCommentExist,
doesVideoCommentThreadExist,
doesVideoExist,
isValidVideoIdParam
} from '../shared'
2017-12-22 04:50:07 -05:00
2020-11-13 10:38:23 -05:00
const listVideoCommentsValidator = [
query('isLocal')
.optional()
2020-11-16 05:55:17 -05:00
.customSanitizer(toBooleanOrNull)
2020-11-13 10:38:23 -05:00
.custom(isBooleanValid)
.withMessage('Should have a valid is local boolean'),
query('search')
.optional()
.custom(exists).withMessage('Should have a valid search'),
query('searchAccount')
.optional()
.custom(exists).withMessage('Should have a valid account search'),
query('searchVideo')
.optional()
.custom(exists).withMessage('Should have a valid video search'),
(req: express.Request, res: express.Response, next: express.NextFunction) => {
logger.debug('Checking listVideoCommentsValidator parameters.', { parameters: req.query })
if (areValidationErrors(req, res)) return
return next()
}
]
2017-12-22 04:50:07 -05:00
const listVideoCommentThreadsValidator = [
isValidVideoIdParam('videoId'),
2017-12-22 04:50:07 -05:00
async (req: express.Request, res: express.Response, next: express.NextFunction) => {
2017-12-22 06:10:40 -05:00
logger.debug('Checking listVideoCommentThreads parameters.', { parameters: req.params })
2017-12-22 04:50:07 -05:00
if (areValidationErrors(req, res)) return
2019-03-19 04:26:50 -04:00
if (!await doesVideoExist(req.params.videoId, res, 'only-video')) return
2017-12-22 04:50:07 -05:00
2022-02-11 04:51:33 -05:00
if (!await checkCanSeeVideoIfPrivate(req, res, res.locals.onlyVideo)) return
2017-12-22 04:50:07 -05:00
return next()
}
]
const listVideoThreadCommentsValidator = [
isValidVideoIdParam('videoId'),
param('threadId')
.custom(isIdValid).not().isEmpty().withMessage('Should have a valid threadId'),
2017-12-22 04:50:07 -05:00
async (req: express.Request, res: express.Response, next: express.NextFunction) => {
2017-12-22 06:10:40 -05:00
logger.debug('Checking listVideoThreadComments parameters.', { parameters: req.params })
2017-12-22 04:50:07 -05:00
if (areValidationErrors(req, res)) return
2019-03-19 04:26:50 -04:00
if (!await doesVideoExist(req.params.videoId, res, 'only-video')) return
2019-08-15 05:53:26 -04:00
if (!await doesVideoCommentThreadExist(req.params.threadId, res.locals.onlyVideo, res)) return
2017-12-22 04:50:07 -05:00
2022-02-11 04:51:33 -05:00
if (!await checkCanSeeVideoIfPrivate(req, res, res.locals.onlyVideo)) return
2017-12-22 04:50:07 -05:00
return next()
}
]
const addVideoCommentThreadValidator = [
isValidVideoIdParam('videoId'),
body('text')
.custom(isValidVideoCommentText).not().isEmpty().withMessage('Should have a valid comment text'),
2017-12-22 04:50:07 -05:00
async (req: express.Request, res: express.Response, next: express.NextFunction) => {
2018-02-20 04:41:11 -05:00
logger.debug('Checking addVideoCommentThread parameters.', { parameters: req.params, body: req.body })
2017-12-22 04:50:07 -05:00
if (areValidationErrors(req, res)) return
2019-03-19 04:26:50 -04:00
if (!await doesVideoExist(req.params.videoId, res)) return
if (!await checkCanSeeVideoIfPrivate(req, res, res.locals.videoAll)) {
return res.fail({
status: HttpStatusCode.FORBIDDEN_403,
message: 'Cannot access to this ressource'
})
}
2019-08-15 05:53:26 -04:00
if (!isVideoCommentsEnabled(res.locals.videoAll, res)) return
2020-01-31 10:56:52 -05:00
if (!await isVideoCommentAccepted(req, res, res.locals.videoAll, false)) return
2017-12-22 04:50:07 -05:00
return next()
}
]
const addVideoCommentReplyValidator = [
isValidVideoIdParam('videoId'),
2017-12-22 04:50:07 -05:00
param('commentId').custom(isIdValid).not().isEmpty().withMessage('Should have a valid commentId'),
2017-12-22 04:50:07 -05:00
body('text').custom(isValidVideoCommentText).not().isEmpty().withMessage('Should have a valid comment text'),
async (req: express.Request, res: express.Response, next: express.NextFunction) => {
2018-02-20 04:41:11 -05:00
logger.debug('Checking addVideoCommentReply parameters.', { parameters: req.params, body: req.body })
2017-12-22 04:50:07 -05:00
if (areValidationErrors(req, res)) return
2019-03-19 04:26:50 -04:00
if (!await doesVideoExist(req.params.videoId, res)) return
if (!await checkCanSeeVideoIfPrivate(req, res, res.locals.videoAll)) {
return res.fail({
status: HttpStatusCode.FORBIDDEN_403,
message: 'Cannot access to this ressource'
})
}
2019-08-15 05:53:26 -04:00
if (!isVideoCommentsEnabled(res.locals.videoAll, res)) return
if (!await doesVideoCommentExist(req.params.commentId, res.locals.videoAll, res)) return
if (!await isVideoCommentAccepted(req, res, res.locals.videoAll, true)) return
2017-12-22 04:50:07 -05:00
return next()
}
]
2017-12-28 05:16:08 -05:00
const videoCommentGetValidator = [
isValidVideoIdParam('videoId'),
param('commentId')
.custom(isIdValid).not().isEmpty().withMessage('Should have a valid commentId'),
2017-12-28 05:16:08 -05:00
async (req: express.Request, res: express.Response, next: express.NextFunction) => {
logger.debug('Checking videoCommentGetValidator parameters.', { parameters: req.params })
if (areValidationErrors(req, res)) return
2019-03-19 04:26:50 -04:00
if (!await doesVideoExist(req.params.videoId, res, 'id')) return
2019-08-15 05:53:26 -04:00
if (!await doesVideoCommentExist(req.params.commentId, res.locals.videoId, res)) return
2017-12-28 05:16:08 -05:00
return next()
}
]
2018-01-04 05:19:16 -05:00
const removeVideoCommentValidator = [
isValidVideoIdParam('videoId'),
2018-01-04 05:19:16 -05:00
param('commentId').custom(isIdValid).not().isEmpty().withMessage('Should have a valid commentId'),
async (req: express.Request, res: express.Response, next: express.NextFunction) => {
logger.debug('Checking removeVideoCommentValidator parameters.', { parameters: req.params })
if (areValidationErrors(req, res)) return
2019-03-19 04:26:50 -04:00
if (!await doesVideoExist(req.params.videoId, res)) return
2019-08-15 05:53:26 -04:00
if (!await doesVideoCommentExist(req.params.commentId, res.locals.videoAll, res)) return
2018-01-04 05:19:16 -05:00
// Check if the user who did the request is able to delete the video
2019-08-15 05:53:26 -04:00
if (!checkUserCanDeleteVideoComment(res.locals.oauth.token.User, res.locals.videoCommentFull, res)) return
2018-01-04 05:19:16 -05:00
return next()
}
]
2017-12-22 04:50:07 -05:00
// ---------------------------------------------------------------------------
export {
listVideoCommentThreadsValidator,
listVideoThreadCommentsValidator,
addVideoCommentThreadValidator,
2020-11-13 10:38:23 -05:00
listVideoCommentsValidator,
2017-12-28 05:16:08 -05:00
addVideoCommentReplyValidator,
2018-01-04 05:19:16 -05:00
videoCommentGetValidator,
removeVideoCommentValidator
2017-12-22 04:50:07 -05:00
}
// ---------------------------------------------------------------------------
2019-08-15 05:53:26 -04:00
function isVideoCommentsEnabled (video: MVideo, res: express.Response) {
2018-01-03 04:12:36 -05:00
if (video.commentsEnabled !== true) {
res.fail({
status: HttpStatusCode.CONFLICT_409,
message: 'Video comments are disabled for this video.'
})
2018-01-03 04:12:36 -05:00
return false
}
return true
}
2018-01-04 05:19:16 -05:00
function checkUserCanDeleteVideoComment (user: MUserAccountUrl, videoComment: MCommentOwnerVideoReply, res: express.Response) {
if (videoComment.isDeleted()) {
res.fail({
status: HttpStatusCode.CONFLICT_409,
message: 'This comment is already deleted'
})
return false
}
const userAccount = user.Account
if (
user.hasRight(UserRight.REMOVE_ANY_VIDEO_COMMENT) === false && // Not a moderator
videoComment.accountId !== userAccount.id && // Not the comment owner
videoComment.Video.VideoChannel.accountId !== userAccount.id // Not the video owner
) {
res.fail({
status: HttpStatusCode.FORBIDDEN_403,
message: 'Cannot remove video comment of another user'
})
2018-01-04 05:19:16 -05:00
return false
}
return true
}
2019-07-18 08:28:37 -04:00
2019-08-15 05:53:26 -04:00
async function isVideoCommentAccepted (req: express.Request, res: express.Response, video: MVideoFullLight, isReply: boolean) {
2019-07-18 08:28:37 -04:00
const acceptParameters = {
2019-08-15 05:53:26 -04:00
video,
2019-07-18 08:28:37 -04:00
commentBody: req.body,
user: res.locals.oauth.token.User
}
let acceptedResult: AcceptResult
if (isReply) {
2019-08-15 05:53:26 -04:00
const acceptReplyParameters = Object.assign(acceptParameters, { parentComment: res.locals.videoCommentFull })
2019-07-18 08:28:37 -04:00
2019-07-22 05:14:58 -04:00
acceptedResult = await Hooks.wrapFun(
isLocalVideoCommentReplyAccepted,
acceptReplyParameters,
2019-07-18 08:28:37 -04:00
'filter:api.video-comment-reply.create.accept.result'
)
} else {
2019-07-22 05:14:58 -04:00
acceptedResult = await Hooks.wrapFun(
isLocalVideoThreadAccepted,
acceptParameters,
2019-07-18 08:28:37 -04:00
'filter:api.video-thread.create.accept.result'
)
}
if (!acceptedResult || acceptedResult.accepted !== true) {
logger.info('Refused local comment.', { acceptedResult, acceptParameters })
res.fail({
status: HttpStatusCode.FORBIDDEN_403,
message: acceptedResult?.errorMessage || 'Refused local comment'
})
2019-07-18 08:28:37 -04:00
return false
}
return true
}