PeerTube/server/middlewares/validators/video-channels.ts

145 lines
4.9 KiB
TypeScript
Raw Normal View History

2017-10-24 12:41:09 -05:00
import { body, param } from 'express-validator/check'
import * as express from 'express'
import { checkErrors } from './utils'
import { database as db } from '../../initializers'
import {
logger,
isIdOrUUIDValid,
isVideoChannelDescriptionValid,
isVideoChannelNameValid,
checkVideoChannelExists,
2017-11-10 07:48:08 -06:00
checkVideoAccountExists
2017-10-24 12:41:09 -05:00
} from '../../helpers'
import { UserInstance } from '../../models'
import { UserRight } from '../../../shared'
2017-10-24 12:41:09 -05:00
2017-11-10 07:48:08 -06:00
const listVideoAccountChannelsValidator = [
param('accountId').custom(isIdOrUUIDValid).withMessage('Should have a valid account id'),
2017-10-24 12:41:09 -05:00
(req: express.Request, res: express.Response, next: express.NextFunction) => {
2017-11-10 07:48:08 -06:00
logger.debug('Checking listVideoAccountChannelsValidator parameters', { parameters: req.body })
2017-10-24 12:41:09 -05:00
checkErrors(req, res, () => {
2017-11-10 07:48:08 -06:00
checkVideoAccountExists(req.params.accountId, res, next)
2017-10-24 12:41:09 -05:00
})
}
]
const videoChannelsAddValidator = [
body('name').custom(isVideoChannelNameValid).withMessage('Should have a valid name'),
body('description').custom(isVideoChannelDescriptionValid).withMessage('Should have a valid description'),
(req: express.Request, res: express.Response, next: express.NextFunction) => {
logger.debug('Checking videoChannelsAdd parameters', { parameters: req.body })
checkErrors(req, res, next)
}
]
const videoChannelsUpdateValidator = [
param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
body('name').optional().custom(isVideoChannelNameValid).withMessage('Should have a valid name'),
body('description').optional().custom(isVideoChannelDescriptionValid).withMessage('Should have a valid description'),
(req: express.Request, res: express.Response, next: express.NextFunction) => {
logger.debug('Checking videoChannelsUpdate parameters', { parameters: req.body })
checkErrors(req, res, () => {
checkVideoChannelExists(req.params.id, res, () => {
// We need to make additional checks
if (res.locals.videoChannel.isOwned() === false) {
return res.status(403)
2017-11-15 04:00:25 -06:00
.json({ error: 'Cannot update video channel of another server' })
2017-10-24 12:41:09 -05:00
.end()
}
2017-11-10 07:48:08 -06:00
if (res.locals.videoChannel.Account.userId !== res.locals.oauth.token.User.id) {
2017-10-24 12:41:09 -05:00
return res.status(403)
.json({ error: 'Cannot update video channel of another user' })
.end()
}
next()
})
})
}
]
const videoChannelsRemoveValidator = [
param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
(req: express.Request, res: express.Response, next: express.NextFunction) => {
logger.debug('Checking videoChannelsRemove parameters', { parameters: req.params })
checkErrors(req, res, () => {
checkVideoChannelExists(req.params.id, res, () => {
// Check if the user who did the request is able to delete the video
checkUserCanDeleteVideoChannel(res, () => {
checkVideoChannelIsNotTheLastOne(res, next)
})
})
})
}
]
const videoChannelGetValidator = [
param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
(req: express.Request, res: express.Response, next: express.NextFunction) => {
logger.debug('Checking videoChannelsGet parameters', { parameters: req.params })
checkErrors(req, res, () => {
checkVideoChannelExists(req.params.id, res, next)
})
}
]
// ---------------------------------------------------------------------------
export {
2017-11-10 07:48:08 -06:00
listVideoAccountChannelsValidator,
2017-10-24 12:41:09 -05:00
videoChannelsAddValidator,
videoChannelsUpdateValidator,
videoChannelsRemoveValidator,
videoChannelGetValidator
}
// ---------------------------------------------------------------------------
function checkUserCanDeleteVideoChannel (res: express.Response, callback: () => void) {
const user: UserInstance = res.locals.oauth.token.User
2017-10-24 12:41:09 -05:00
// Retrieve the user who did the request
if (res.locals.videoChannel.isOwned() === false) {
return res.status(403)
2017-11-15 04:00:25 -06:00
.json({ error: 'Cannot remove video channel of another server.' })
2017-10-24 12:41:09 -05:00
.end()
}
// Check if the user can delete the video channel
// The user can delete it if s/he is an admin
2017-11-10 07:48:08 -06:00
// Or if s/he is the video channel's account
if (user.hasRight(UserRight.REMOVE_ANY_VIDEO_CHANNEL) === false && res.locals.videoChannel.Account.userId !== user.id) {
2017-10-24 12:41:09 -05:00
return res.status(403)
.json({ error: 'Cannot remove video channel of another user' })
.end()
}
// If we reach this comment, we can delete the video
callback()
}
function checkVideoChannelIsNotTheLastOne (res: express.Response, callback: () => void) {
2017-11-10 07:48:08 -06:00
db.VideoChannel.countByAccount(res.locals.oauth.token.User.Account.id)
2017-10-24 12:41:09 -05:00
.then(count => {
if (count <= 1) {
return res.status(409)
.json({ error: 'Cannot remove the last channel of this user' })
.end()
}
callback()
})
}