2021-08-27 07:32:44 -05:00
|
|
|
import express from 'express'
|
2020-11-13 09:38:23 -06:00
|
|
|
import { body, param, query } from 'express-validator'
|
2020-06-18 03:45:25 -05:00
|
|
|
import { MUserAccountUrl } from '@server/types/models'
|
2021-12-24 03:14:47 -06:00
|
|
|
import { HttpStatusCode, UserRight } from '@shared/models'
|
2021-06-28 10:30:59 -05:00
|
|
|
import { exists, isBooleanValid, isIdValid, toBooleanOrNull } from '../../../helpers/custom-validators/misc'
|
2021-06-03 10:33:44 -05:00
|
|
|
import { isValidVideoCommentText } from '../../../helpers/custom-validators/video-comments'
|
2018-10-05 04:15:06 -05:00
|
|
|
import { logger } from '../../../helpers/logger'
|
2020-05-06 01:48:06 -05:00
|
|
|
import { AcceptResult, isLocalVideoCommentReplyAccepted, isLocalVideoThreadAccepted } from '../../../lib/moderation'
|
|
|
|
import { Hooks } from '../../../lib/plugins/hooks'
|
2020-07-07 03:57:04 -05:00
|
|
|
import { MCommentOwnerVideoReply, MVideo, MVideoFullLight } from '../../../types/models/video'
|
2022-01-10 09:07:21 -06:00
|
|
|
import {
|
|
|
|
areValidationErrors,
|
2022-06-22 02:44:08 -05:00
|
|
|
checkCanSeeVideo,
|
2022-01-10 09:07:21 -06:00
|
|
|
doesVideoCommentExist,
|
|
|
|
doesVideoCommentThreadExist,
|
|
|
|
doesVideoExist,
|
2023-06-29 02:48:55 -05:00
|
|
|
isValidVideoIdParam,
|
|
|
|
isValidVideoPasswordHeader
|
2022-01-10 09:07:21 -06:00
|
|
|
} from '../shared'
|
2017-12-22 03:50:07 -06:00
|
|
|
|
2020-11-13 09:38:23 -06:00
|
|
|
const listVideoCommentsValidator = [
|
|
|
|
query('isLocal')
|
2022-08-17 07:27:04 -05:00
|
|
|
.optional()
|
|
|
|
.customSanitizer(toBooleanOrNull)
|
|
|
|
.custom(isBooleanValid)
|
|
|
|
.withMessage('Should have a valid isLocal boolean'),
|
2020-11-13 09:38:23 -06:00
|
|
|
|
2022-08-12 04:05:11 -05:00
|
|
|
query('onLocalVideo')
|
2022-08-17 07:27:04 -05:00
|
|
|
.optional()
|
|
|
|
.customSanitizer(toBooleanOrNull)
|
|
|
|
.custom(isBooleanValid)
|
|
|
|
.withMessage('Should have a valid onLocalVideo boolean'),
|
2022-08-12 04:05:11 -05:00
|
|
|
|
2020-11-13 09:38:23 -06:00
|
|
|
query('search')
|
|
|
|
.optional()
|
2022-08-17 07:27:04 -05:00
|
|
|
.custom(exists),
|
2020-11-13 09:38:23 -06:00
|
|
|
|
|
|
|
query('searchAccount')
|
|
|
|
.optional()
|
2022-08-17 07:27:04 -05:00
|
|
|
.custom(exists),
|
2020-11-13 09:38:23 -06:00
|
|
|
|
|
|
|
query('searchVideo')
|
|
|
|
.optional()
|
2022-08-17 07:27:04 -05:00
|
|
|
.custom(exists),
|
2020-11-13 09:38:23 -06:00
|
|
|
|
|
|
|
(req: express.Request, res: express.Response, next: express.NextFunction) => {
|
|
|
|
if (areValidationErrors(req, res)) return
|
|
|
|
|
|
|
|
return next()
|
|
|
|
}
|
|
|
|
]
|
|
|
|
|
2017-12-22 03:50:07 -06:00
|
|
|
const listVideoCommentThreadsValidator = [
|
2021-06-28 10:30:59 -05:00
|
|
|
isValidVideoIdParam('videoId'),
|
2023-06-29 02:48:55 -05:00
|
|
|
isValidVideoPasswordHeader(),
|
2017-12-22 03:50:07 -06:00
|
|
|
|
|
|
|
async (req: express.Request, res: express.Response, next: express.NextFunction) => {
|
|
|
|
if (areValidationErrors(req, res)) return
|
2019-03-19 03:26:50 -05:00
|
|
|
if (!await doesVideoExist(req.params.videoId, res, 'only-video')) return
|
2017-12-22 03:50:07 -06:00
|
|
|
|
2022-06-22 02:44:08 -05:00
|
|
|
if (!await checkCanSeeVideo({ req, res, paramId: req.params.videoId, video: res.locals.onlyVideo })) return
|
2022-01-10 09:07:21 -06:00
|
|
|
|
2017-12-22 03:50:07 -06:00
|
|
|
return next()
|
|
|
|
}
|
|
|
|
]
|
|
|
|
|
|
|
|
const listVideoThreadCommentsValidator = [
|
2021-06-28 10:30:59 -05:00
|
|
|
isValidVideoIdParam('videoId'),
|
|
|
|
|
|
|
|
param('threadId')
|
2022-08-17 07:27:04 -05:00
|
|
|
.custom(isIdValid),
|
2023-06-29 02:48:55 -05:00
|
|
|
isValidVideoPasswordHeader(),
|
2017-12-22 03:50:07 -06:00
|
|
|
|
|
|
|
async (req: express.Request, res: express.Response, next: express.NextFunction) => {
|
|
|
|
if (areValidationErrors(req, res)) return
|
2019-03-19 03:26:50 -05:00
|
|
|
if (!await doesVideoExist(req.params.videoId, res, 'only-video')) return
|
2019-08-15 04:53:26 -05:00
|
|
|
if (!await doesVideoCommentThreadExist(req.params.threadId, res.locals.onlyVideo, res)) return
|
2017-12-22 03:50:07 -06:00
|
|
|
|
2022-06-22 02:44:08 -05:00
|
|
|
if (!await checkCanSeeVideo({ req, res, paramId: req.params.videoId, video: res.locals.onlyVideo })) return
|
2022-01-10 09:07:21 -06:00
|
|
|
|
2017-12-22 03:50:07 -06:00
|
|
|
return next()
|
|
|
|
}
|
|
|
|
]
|
|
|
|
|
|
|
|
const addVideoCommentThreadValidator = [
|
2021-06-28 10:30:59 -05:00
|
|
|
isValidVideoIdParam('videoId'),
|
|
|
|
|
|
|
|
body('text')
|
2022-08-17 07:27:04 -05:00
|
|
|
.custom(isValidVideoCommentText),
|
2023-06-29 02:48:55 -05:00
|
|
|
isValidVideoPasswordHeader(),
|
2017-12-22 03:50:07 -06:00
|
|
|
|
|
|
|
async (req: express.Request, res: express.Response, next: express.NextFunction) => {
|
|
|
|
if (areValidationErrors(req, res)) return
|
2019-03-19 03:26:50 -05:00
|
|
|
if (!await doesVideoExist(req.params.videoId, res)) return
|
2022-02-22 07:16:34 -06:00
|
|
|
|
2022-06-22 02:44:08 -05:00
|
|
|
if (!await checkCanSeeVideo({ req, res, paramId: req.params.videoId, video: res.locals.videoAll })) return
|
2022-02-22 07:16:34 -06:00
|
|
|
|
2019-08-15 04:53:26 -05:00
|
|
|
if (!isVideoCommentsEnabled(res.locals.videoAll, res)) return
|
2020-01-31 09:56:52 -06:00
|
|
|
if (!await isVideoCommentAccepted(req, res, res.locals.videoAll, false)) return
|
2017-12-22 03:50:07 -06:00
|
|
|
|
|
|
|
return next()
|
|
|
|
}
|
|
|
|
]
|
|
|
|
|
|
|
|
const addVideoCommentReplyValidator = [
|
2021-06-28 10:30:59 -05:00
|
|
|
isValidVideoIdParam('videoId'),
|
|
|
|
|
2022-08-17 07:27:04 -05:00
|
|
|
param('commentId').custom(isIdValid),
|
2023-06-29 02:48:55 -05:00
|
|
|
isValidVideoPasswordHeader(),
|
2021-06-28 10:30:59 -05:00
|
|
|
|
2022-08-17 07:27:04 -05:00
|
|
|
body('text').custom(isValidVideoCommentText),
|
2017-12-22 03:50:07 -06:00
|
|
|
|
|
|
|
async (req: express.Request, res: express.Response, next: express.NextFunction) => {
|
|
|
|
if (areValidationErrors(req, res)) return
|
2019-03-19 03:26:50 -05:00
|
|
|
if (!await doesVideoExist(req.params.videoId, res)) return
|
2022-02-22 07:16:34 -06:00
|
|
|
|
2022-06-22 02:44:08 -05:00
|
|
|
if (!await checkCanSeeVideo({ req, res, paramId: req.params.videoId, video: res.locals.videoAll })) return
|
2022-02-22 07:16:34 -06:00
|
|
|
|
2019-08-15 04:53:26 -05:00
|
|
|
if (!isVideoCommentsEnabled(res.locals.videoAll, res)) return
|
|
|
|
if (!await doesVideoCommentExist(req.params.commentId, res.locals.videoAll, res)) return
|
|
|
|
if (!await isVideoCommentAccepted(req, res, res.locals.videoAll, true)) return
|
2017-12-22 03:50:07 -06:00
|
|
|
|
|
|
|
return next()
|
|
|
|
}
|
|
|
|
]
|
|
|
|
|
2017-12-28 04:16:08 -06:00
|
|
|
const videoCommentGetValidator = [
|
2021-06-28 10:30:59 -05:00
|
|
|
isValidVideoIdParam('videoId'),
|
|
|
|
|
|
|
|
param('commentId')
|
2022-08-17 07:27:04 -05:00
|
|
|
.custom(isIdValid),
|
2017-12-28 04:16:08 -06:00
|
|
|
|
|
|
|
async (req: express.Request, res: express.Response, next: express.NextFunction) => {
|
|
|
|
if (areValidationErrors(req, res)) return
|
2019-03-19 03:26:50 -05:00
|
|
|
if (!await doesVideoExist(req.params.videoId, res, 'id')) return
|
2019-08-15 04:53:26 -05:00
|
|
|
if (!await doesVideoCommentExist(req.params.commentId, res.locals.videoId, res)) return
|
2017-12-28 04:16:08 -06:00
|
|
|
|
|
|
|
return next()
|
|
|
|
}
|
|
|
|
]
|
|
|
|
|
2018-01-04 04:19:16 -06:00
|
|
|
const removeVideoCommentValidator = [
|
2021-06-28 10:30:59 -05:00
|
|
|
isValidVideoIdParam('videoId'),
|
|
|
|
|
2022-08-17 07:27:04 -05:00
|
|
|
param('commentId')
|
|
|
|
.custom(isIdValid),
|
2018-01-04 04:19:16 -06:00
|
|
|
|
|
|
|
async (req: express.Request, res: express.Response, next: express.NextFunction) => {
|
|
|
|
if (areValidationErrors(req, res)) return
|
2019-03-19 03:26:50 -05:00
|
|
|
if (!await doesVideoExist(req.params.videoId, res)) return
|
2019-08-15 04:53:26 -05:00
|
|
|
if (!await doesVideoCommentExist(req.params.commentId, res.locals.videoAll, res)) return
|
2018-01-04 04:19:16 -06:00
|
|
|
|
|
|
|
// Check if the user who did the request is able to delete the video
|
2019-08-15 04:53:26 -05:00
|
|
|
if (!checkUserCanDeleteVideoComment(res.locals.oauth.token.User, res.locals.videoCommentFull, res)) return
|
2018-01-04 04:19:16 -06:00
|
|
|
|
|
|
|
return next()
|
|
|
|
}
|
|
|
|
]
|
|
|
|
|
2017-12-22 03:50:07 -06:00
|
|
|
// ---------------------------------------------------------------------------
|
|
|
|
|
|
|
|
export {
|
|
|
|
listVideoCommentThreadsValidator,
|
|
|
|
listVideoThreadCommentsValidator,
|
|
|
|
addVideoCommentThreadValidator,
|
2020-11-13 09:38:23 -06:00
|
|
|
listVideoCommentsValidator,
|
2017-12-28 04:16:08 -06:00
|
|
|
addVideoCommentReplyValidator,
|
2018-01-04 04:19:16 -06:00
|
|
|
videoCommentGetValidator,
|
|
|
|
removeVideoCommentValidator
|
2017-12-22 03:50:07 -06:00
|
|
|
}
|
|
|
|
|
|
|
|
// ---------------------------------------------------------------------------
|
|
|
|
|
2019-08-15 04:53:26 -05:00
|
|
|
function isVideoCommentsEnabled (video: MVideo, res: express.Response) {
|
2018-01-03 03:12:36 -06:00
|
|
|
if (video.commentsEnabled !== true) {
|
2021-05-31 18:36:53 -05:00
|
|
|
res.fail({
|
|
|
|
status: HttpStatusCode.CONFLICT_409,
|
|
|
|
message: 'Video comments are disabled for this video.'
|
|
|
|
})
|
2018-01-03 03:12:36 -06:00
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
|
|
|
return true
|
|
|
|
}
|
2018-01-04 04:19:16 -06:00
|
|
|
|
2020-05-05 10:22:11 -05:00
|
|
|
function checkUserCanDeleteVideoComment (user: MUserAccountUrl, videoComment: MCommentOwnerVideoReply, res: express.Response) {
|
2019-12-04 04:48:12 -06:00
|
|
|
if (videoComment.isDeleted()) {
|
2021-05-31 18:36:53 -05:00
|
|
|
res.fail({
|
|
|
|
status: HttpStatusCode.CONFLICT_409,
|
|
|
|
message: 'This comment is already deleted'
|
|
|
|
})
|
2019-12-04 04:48:12 -06:00
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
2020-05-05 10:22:11 -05:00
|
|
|
const userAccount = user.Account
|
|
|
|
|
|
|
|
if (
|
|
|
|
user.hasRight(UserRight.REMOVE_ANY_VIDEO_COMMENT) === false && // Not a moderator
|
|
|
|
videoComment.accountId !== userAccount.id && // Not the comment owner
|
|
|
|
videoComment.Video.VideoChannel.accountId !== userAccount.id // Not the video owner
|
|
|
|
) {
|
2021-05-31 18:36:53 -05:00
|
|
|
res.fail({
|
|
|
|
status: HttpStatusCode.FORBIDDEN_403,
|
|
|
|
message: 'Cannot remove video comment of another user'
|
|
|
|
})
|
2018-01-04 04:19:16 -06:00
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
|
|
|
return true
|
|
|
|
}
|
2019-07-18 07:28:37 -05:00
|
|
|
|
2019-08-15 04:53:26 -05:00
|
|
|
async function isVideoCommentAccepted (req: express.Request, res: express.Response, video: MVideoFullLight, isReply: boolean) {
|
2019-07-18 07:28:37 -05:00
|
|
|
const acceptParameters = {
|
2019-08-15 04:53:26 -05:00
|
|
|
video,
|
2019-07-18 07:28:37 -05:00
|
|
|
commentBody: req.body,
|
2022-09-23 08:32:56 -05:00
|
|
|
user: res.locals.oauth.token.User,
|
|
|
|
req
|
2019-07-18 07:28:37 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
let acceptedResult: AcceptResult
|
|
|
|
|
|
|
|
if (isReply) {
|
2019-08-15 04:53:26 -05:00
|
|
|
const acceptReplyParameters = Object.assign(acceptParameters, { parentComment: res.locals.videoCommentFull })
|
2019-07-18 07:28:37 -05:00
|
|
|
|
2019-07-22 04:14:58 -05:00
|
|
|
acceptedResult = await Hooks.wrapFun(
|
|
|
|
isLocalVideoCommentReplyAccepted,
|
|
|
|
acceptReplyParameters,
|
2019-07-18 07:28:37 -05:00
|
|
|
'filter:api.video-comment-reply.create.accept.result'
|
|
|
|
)
|
|
|
|
} else {
|
2019-07-22 04:14:58 -05:00
|
|
|
acceptedResult = await Hooks.wrapFun(
|
|
|
|
isLocalVideoThreadAccepted,
|
|
|
|
acceptParameters,
|
2019-07-18 07:28:37 -05:00
|
|
|
'filter:api.video-thread.create.accept.result'
|
|
|
|
)
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!acceptedResult || acceptedResult.accepted !== true) {
|
|
|
|
logger.info('Refused local comment.', { acceptedResult, acceptParameters })
|
|
|
|
|
2021-05-31 18:36:53 -05:00
|
|
|
res.fail({
|
|
|
|
status: HttpStatusCode.FORBIDDEN_403,
|
2022-09-23 08:32:56 -05:00
|
|
|
message: acceptedResult?.errorMessage || 'Comment has been rejected.'
|
2021-05-31 18:36:53 -05:00
|
|
|
})
|
2019-07-18 07:28:37 -05:00
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
|
|
|
return true
|
|
|
|
}
|