2017-06-10 15:15:25 -05:00
|
|
|
import * as express from 'express'
|
2021-05-10 04:13:41 -05:00
|
|
|
import { body, header, param, query, ValidationChain } from 'express-validator'
|
|
|
|
import { getResumableUploadPath } from '@server/helpers/upload'
|
2020-09-25 09:19:35 -05:00
|
|
|
import { isAbleToUploadVideo } from '@server/lib/user'
|
2020-08-26 02:14:14 -05:00
|
|
|
import { getServerActor } from '@server/models/application/application'
|
2021-02-03 02:33:05 -06:00
|
|
|
import { ExpressPromiseHandler } from '@server/types/express'
|
2021-05-10 04:13:41 -05:00
|
|
|
import { MUserAccountId, MVideoWithRights } from '@server/types/models'
|
2020-08-26 02:14:14 -05:00
|
|
|
import { ServerErrorCode, UserRight, VideoChangeOwnershipStatus, VideoPrivacy } from '../../../../shared'
|
2021-02-03 02:33:05 -06:00
|
|
|
import { HttpStatusCode } from '../../../../shared/core-utils/miscs/http-error-codes'
|
2021-05-11 04:27:40 -05:00
|
|
|
import { VideoChangeOwnershipAccept } from '../../../../shared/models/videos/change-ownership/video-change-ownership-accept.model'
|
2017-09-15 05:17:08 -05:00
|
|
|
import {
|
2021-01-19 06:43:33 -06:00
|
|
|
exists,
|
2018-06-14 11:06:56 -05:00
|
|
|
isBooleanValid,
|
|
|
|
isDateValid,
|
2020-12-08 14:16:10 -06:00
|
|
|
isFileFieldValid,
|
2018-06-14 11:06:56 -05:00
|
|
|
isIdOrUUIDValid,
|
|
|
|
isIdValid,
|
|
|
|
isUUIDValid,
|
2018-10-10 04:46:50 -05:00
|
|
|
toArray,
|
2019-07-25 09:23:44 -05:00
|
|
|
toBooleanOrNull,
|
2018-06-14 11:06:56 -05:00
|
|
|
toIntOrNull,
|
|
|
|
toValueOrNull
|
2018-10-05 04:15:06 -05:00
|
|
|
} from '../../../helpers/custom-validators/misc'
|
2021-05-03 04:06:19 -05:00
|
|
|
import { isBooleanBothQueryValid, isNumberArray, isStringArray } from '../../../helpers/custom-validators/search'
|
2021-06-03 10:33:44 -05:00
|
|
|
import { checkUserCanTerminateOwnershipChange } from '../../../helpers/custom-validators/video-ownership'
|
2018-06-14 11:06:56 -05:00
|
|
|
import {
|
|
|
|
isScheduleVideoUpdatePrivacyValid,
|
2018-02-13 11:17:05 -06:00
|
|
|
isVideoCategoryValid,
|
|
|
|
isVideoDescriptionValid,
|
2020-12-08 14:16:10 -06:00
|
|
|
isVideoFileMimeTypeValid,
|
|
|
|
isVideoFileSizeValid,
|
2018-10-10 04:46:50 -05:00
|
|
|
isVideoFilterValid,
|
2018-02-13 11:17:05 -06:00
|
|
|
isVideoImage,
|
|
|
|
isVideoLanguageValid,
|
|
|
|
isVideoLicenceValid,
|
|
|
|
isVideoNameValid,
|
2019-04-10 08:26:33 -05:00
|
|
|
isVideoOriginallyPublishedAtValid,
|
2018-02-13 11:17:05 -06:00
|
|
|
isVideoPrivacyValid,
|
2018-05-09 04:23:14 -05:00
|
|
|
isVideoSupportValid,
|
2018-09-19 04:16:23 -05:00
|
|
|
isVideoTagsValid
|
2018-10-05 04:15:06 -05:00
|
|
|
} from '../../../helpers/custom-validators/videos'
|
2020-08-26 02:14:14 -05:00
|
|
|
import { cleanUpReqFiles } from '../../../helpers/express-utils'
|
2020-11-20 10:16:55 -06:00
|
|
|
import { getDurationFromVideoFile } from '../../../helpers/ffprobe-utils'
|
2018-10-05 04:15:06 -05:00
|
|
|
import { logger } from '../../../helpers/logger'
|
2021-05-10 04:13:41 -05:00
|
|
|
import { deleteFileAndCatch } from '../../../helpers/utils'
|
2019-08-20 06:52:49 -05:00
|
|
|
import { getVideoWithAttributes } from '../../../helpers/video'
|
2020-08-26 02:14:14 -05:00
|
|
|
import { CONFIG } from '../../../initializers/config'
|
|
|
|
import { CONSTRAINTS_FIELDS, OVERVIEWS } from '../../../initializers/constants'
|
|
|
|
import { isLocalVideoAccepted } from '../../../lib/moderation'
|
|
|
|
import { Hooks } from '../../../lib/plugins/hooks'
|
|
|
|
import { AccountModel } from '../../../models/account/account'
|
|
|
|
import { VideoModel } from '../../../models/video/video'
|
2021-03-12 08:20:46 -06:00
|
|
|
import { authenticatePromiseIfNeeded } from '../../auth'
|
2021-06-03 10:33:44 -05:00
|
|
|
import {
|
|
|
|
areValidationErrors,
|
|
|
|
checkUserCanManageVideo,
|
|
|
|
doesChangeVideoOwnershipExist,
|
|
|
|
doesVideoChannelOfAccountExist,
|
|
|
|
doesVideoExist,
|
|
|
|
doesVideoFileOfVideoExist
|
|
|
|
} from '../shared'
|
2015-11-07 07:16:26 -06:00
|
|
|
|
2021-05-10 04:13:41 -05:00
|
|
|
const videosAddLegacyValidator = getCommonVideoEditAttributes().concat([
|
2018-06-22 08:42:55 -05:00
|
|
|
body('videofile')
|
2020-12-08 14:16:10 -06:00
|
|
|
.custom((value, { req }) => isFileFieldValid(req.files, 'videofile'))
|
|
|
|
.withMessage('Should have a file'),
|
|
|
|
body('name')
|
2021-02-25 03:01:33 -06:00
|
|
|
.trim()
|
2021-05-31 13:46:22 -05:00
|
|
|
.custom(isVideoNameValid).withMessage(
|
|
|
|
`Should have a video name between ${CONSTRAINTS_FIELDS.VIDEOS.NAME.min} and ${CONSTRAINTS_FIELDS.VIDEOS.NAME.max} characters long`
|
|
|
|
),
|
2018-05-11 08:10:13 -05:00
|
|
|
body('channelId')
|
2019-07-25 09:23:44 -05:00
|
|
|
.customSanitizer(toIntOrNull)
|
2018-06-14 11:06:56 -05:00
|
|
|
.custom(isIdValid).withMessage('Should have correct video channel id'),
|
2017-09-15 05:17:08 -05:00
|
|
|
|
2017-11-27 10:30:46 -06:00
|
|
|
async (req: express.Request, res: express.Response, next: express.NextFunction) => {
|
2017-09-15 05:17:08 -05:00
|
|
|
logger.debug('Checking videosAdd parameters', { parameters: req.body, files: req.files })
|
|
|
|
|
2018-07-31 08:09:34 -05:00
|
|
|
if (areValidationErrors(req, res)) return cleanUpReqFiles(req)
|
2017-11-27 10:30:46 -06:00
|
|
|
|
2021-05-10 04:13:41 -05:00
|
|
|
const videoFile: express.VideoUploadFile = req.files['videofile'][0]
|
2017-11-27 10:30:46 -06:00
|
|
|
const user = res.locals.oauth.token.User
|
2017-09-15 05:17:08 -05:00
|
|
|
|
2021-05-10 04:13:41 -05:00
|
|
|
if (!await commonVideoChecksPass({ req, res, user, videoFileSize: videoFile.size, files: req.files })) {
|
2020-12-08 14:16:10 -06:00
|
|
|
return cleanUpReqFiles(req)
|
|
|
|
}
|
|
|
|
|
2021-05-10 04:13:41 -05:00
|
|
|
try {
|
|
|
|
if (!videoFile.duration) await addDurationToVideo(videoFile)
|
|
|
|
} catch (err) {
|
|
|
|
logger.error('Invalid input file in videosAddLegacyValidator.', { err })
|
2020-12-08 14:16:10 -06:00
|
|
|
|
2021-05-31 18:36:53 -05:00
|
|
|
res.fail({
|
|
|
|
status: HttpStatusCode.UNPROCESSABLE_ENTITY_422,
|
|
|
|
message: 'Video file unreadable.'
|
|
|
|
})
|
2020-12-08 14:16:10 -06:00
|
|
|
return cleanUpReqFiles(req)
|
|
|
|
}
|
|
|
|
|
2021-05-10 04:13:41 -05:00
|
|
|
if (!await isVideoAccepted(req, res, videoFile)) return cleanUpReqFiles(req)
|
2017-11-27 10:30:46 -06:00
|
|
|
|
2021-05-10 04:13:41 -05:00
|
|
|
return next()
|
|
|
|
}
|
|
|
|
])
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Gets called after the last PUT request
|
|
|
|
*/
|
|
|
|
const videosAddResumableValidator = [
|
|
|
|
async (req: express.Request, res: express.Response, next: express.NextFunction) => {
|
|
|
|
const user = res.locals.oauth.token.User
|
|
|
|
|
|
|
|
const body: express.CustomUploadXFile<express.UploadXFileMetadata> = req.body
|
|
|
|
const file = { ...body, duration: undefined, path: getResumableUploadPath(body.id), filename: body.metadata.filename }
|
|
|
|
|
|
|
|
const cleanup = () => deleteFileAndCatch(file.path)
|
2017-11-27 10:30:46 -06:00
|
|
|
|
2021-05-10 04:13:41 -05:00
|
|
|
if (!await doesVideoChannelOfAccountExist(file.metadata.channelId, user, res)) return cleanup()
|
2017-11-27 10:30:46 -06:00
|
|
|
|
|
|
|
try {
|
2021-05-10 04:13:41 -05:00
|
|
|
if (!file.duration) await addDurationToVideo(file)
|
2017-11-27 10:30:46 -06:00
|
|
|
} catch (err) {
|
2021-05-10 04:13:41 -05:00
|
|
|
logger.error('Invalid input file in videosAddResumableValidator.', { err })
|
2017-11-27 10:30:46 -06:00
|
|
|
|
2021-05-31 18:36:53 -05:00
|
|
|
res.fail({
|
|
|
|
status: HttpStatusCode.UNPROCESSABLE_ENTITY_422,
|
|
|
|
message: 'Video file unreadable.'
|
|
|
|
})
|
2021-05-10 04:13:41 -05:00
|
|
|
return cleanup()
|
2017-11-27 10:30:46 -06:00
|
|
|
}
|
|
|
|
|
2021-05-10 04:13:41 -05:00
|
|
|
if (!await isVideoAccepted(req, res, file)) return cleanup()
|
2019-07-18 07:28:37 -05:00
|
|
|
|
2021-05-10 04:13:41 -05:00
|
|
|
res.locals.videoFileResumable = file
|
|
|
|
|
|
|
|
return next()
|
|
|
|
}
|
|
|
|
]
|
|
|
|
|
|
|
|
/**
|
|
|
|
* File is created in POST initialisation, and its body is saved as a 'metadata' field is saved by uploadx for later use.
|
|
|
|
* see https://github.com/kukhariev/node-uploadx/blob/dc9fb4a8ac5a6f481902588e93062f591ec6ef03/packages/core/src/handlers/uploadx.ts
|
|
|
|
*
|
|
|
|
* Uploadx doesn't use next() until the upload completes, so this middleware has to be placed before uploadx
|
|
|
|
* see https://github.com/kukhariev/node-uploadx/blob/dc9fb4a8ac5a6f481902588e93062f591ec6ef03/packages/core/src/handlers/base-handler.ts
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
const videosAddResumableInitValidator = getCommonVideoEditAttributes().concat([
|
|
|
|
body('filename')
|
|
|
|
.isString()
|
|
|
|
.exists()
|
|
|
|
.withMessage('Should have a valid filename'),
|
|
|
|
body('name')
|
|
|
|
.trim()
|
2021-05-31 13:46:22 -05:00
|
|
|
.custom(isVideoNameValid).withMessage(
|
|
|
|
`Should have a video name between ${CONSTRAINTS_FIELDS.VIDEOS.NAME.min} and ${CONSTRAINTS_FIELDS.VIDEOS.NAME.max} characters long`
|
|
|
|
),
|
2021-05-10 04:13:41 -05:00
|
|
|
body('channelId')
|
|
|
|
.customSanitizer(toIntOrNull)
|
|
|
|
.custom(isIdValid).withMessage('Should have correct video channel id'),
|
|
|
|
|
|
|
|
header('x-upload-content-length')
|
|
|
|
.isNumeric()
|
|
|
|
.exists()
|
|
|
|
.withMessage('Should specify the file length'),
|
|
|
|
header('x-upload-content-type')
|
|
|
|
.isString()
|
|
|
|
.exists()
|
|
|
|
.withMessage('Should specify the file mimetype'),
|
|
|
|
|
|
|
|
async (req: express.Request, res: express.Response, next: express.NextFunction) => {
|
|
|
|
const videoFileMetadata = {
|
|
|
|
mimetype: req.headers['x-upload-content-type'] as string,
|
|
|
|
size: +req.headers['x-upload-content-length'],
|
|
|
|
originalname: req.body.name
|
|
|
|
}
|
|
|
|
|
|
|
|
const user = res.locals.oauth.token.User
|
|
|
|
const cleanup = () => cleanUpReqFiles(req)
|
|
|
|
|
|
|
|
logger.debug('Checking videosAddResumableInitValidator parameters and headers', {
|
|
|
|
parameters: req.body,
|
|
|
|
headers: req.headers,
|
|
|
|
files: req.files
|
|
|
|
})
|
|
|
|
|
|
|
|
if (areValidationErrors(req, res)) return cleanup()
|
|
|
|
|
|
|
|
const files = { videofile: [ videoFileMetadata ] }
|
|
|
|
if (!await commonVideoChecksPass({ req, res, user, videoFileSize: videoFileMetadata.size, files })) return cleanup()
|
|
|
|
|
|
|
|
// multer required unsetting the Content-Type, now we can set it for node-uploadx
|
|
|
|
req.headers['content-type'] = 'application/json; charset=utf-8'
|
|
|
|
// place previewfile in metadata so that uploadx saves it in .META
|
|
|
|
if (req.files['previewfile']) req.body.previewfile = req.files['previewfile']
|
2017-11-27 10:30:46 -06:00
|
|
|
|
|
|
|
return next()
|
2017-09-15 05:17:08 -05:00
|
|
|
}
|
2018-07-16 07:58:22 -05:00
|
|
|
])
|
2017-09-15 05:17:08 -05:00
|
|
|
|
2019-02-26 03:55:40 -06:00
|
|
|
const videosUpdateValidator = getCommonVideoEditAttributes().concat([
|
2017-10-24 12:41:09 -05:00
|
|
|
param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
|
2018-05-09 04:23:14 -05:00
|
|
|
body('name')
|
|
|
|
.optional()
|
2021-02-25 03:01:33 -06:00
|
|
|
.trim()
|
2021-05-31 13:46:22 -05:00
|
|
|
.custom(isVideoNameValid).withMessage(
|
|
|
|
`Should have a video name between ${CONSTRAINTS_FIELDS.VIDEOS.NAME.min} and ${CONSTRAINTS_FIELDS.VIDEOS.NAME.max} characters long`
|
|
|
|
),
|
2018-05-11 08:10:13 -05:00
|
|
|
body('channelId')
|
|
|
|
.optional()
|
2019-07-25 09:23:44 -05:00
|
|
|
.customSanitizer(toIntOrNull)
|
2018-05-11 08:10:13 -05:00
|
|
|
.custom(isIdValid).withMessage('Should have correct video channel id'),
|
2017-09-15 05:17:08 -05:00
|
|
|
|
2017-11-27 10:30:46 -06:00
|
|
|
async (req: express.Request, res: express.Response, next: express.NextFunction) => {
|
2017-09-15 05:17:08 -05:00
|
|
|
logger.debug('Checking videosUpdate parameters', { parameters: req.body })
|
|
|
|
|
2018-07-31 08:09:34 -05:00
|
|
|
if (areValidationErrors(req, res)) return cleanUpReqFiles(req)
|
|
|
|
if (areErrorsInScheduleUpdate(req, res)) return cleanUpReqFiles(req)
|
2019-03-19 03:26:50 -05:00
|
|
|
if (!await doesVideoExist(req.params.id, res)) return cleanUpReqFiles(req)
|
2017-11-27 10:30:46 -06:00
|
|
|
|
2018-02-22 02:03:45 -06:00
|
|
|
// Check if the user who did the request is able to update the video
|
2018-05-11 08:10:13 -05:00
|
|
|
const user = res.locals.oauth.token.User
|
2019-08-15 04:53:26 -05:00
|
|
|
if (!checkUserCanManageVideo(user, res.locals.videoAll, UserRight.UPDATE_ANY_VIDEO, res)) return cleanUpReqFiles(req)
|
2017-11-27 10:30:46 -06:00
|
|
|
|
2019-03-19 03:26:50 -05:00
|
|
|
if (req.body.channelId && !await doesVideoChannelOfAccountExist(req.body.channelId, user, res)) return cleanUpReqFiles(req)
|
2018-05-11 08:10:13 -05:00
|
|
|
|
2017-11-27 10:30:46 -06:00
|
|
|
return next()
|
2017-09-15 05:17:08 -05:00
|
|
|
}
|
2018-07-16 07:58:22 -05:00
|
|
|
])
|
2016-02-04 14:10:33 -06:00
|
|
|
|
2018-11-16 08:02:48 -06:00
|
|
|
async function checkVideoFollowConstraints (req: express.Request, res: express.Response, next: express.NextFunction) {
|
2019-08-20 06:52:49 -05:00
|
|
|
const video = getVideoWithAttributes(res)
|
2018-11-16 08:02:48 -06:00
|
|
|
|
|
|
|
// Anybody can watch local videos
|
|
|
|
if (video.isOwned() === true) return next()
|
|
|
|
|
|
|
|
// Logged user
|
|
|
|
if (res.locals.oauth) {
|
|
|
|
// Users can search or watch remote videos
|
|
|
|
if (CONFIG.SEARCH.REMOTE_URI.USERS === true) return next()
|
|
|
|
}
|
|
|
|
|
|
|
|
// Anybody can search or watch remote videos
|
|
|
|
if (CONFIG.SEARCH.REMOTE_URI.ANONYMOUS === true) return next()
|
|
|
|
|
|
|
|
// Check our instance follows an actor that shared this video
|
|
|
|
const serverActor = await getServerActor()
|
|
|
|
if (await VideoModel.checkVideoHasInstanceFollow(video.id, serverActor.id) === true) return next()
|
|
|
|
|
2021-05-31 18:36:53 -05:00
|
|
|
return res.fail({
|
|
|
|
status: HttpStatusCode.FORBIDDEN_403,
|
2021-06-02 07:28:30 -05:00
|
|
|
message: 'Cannot get this video regarding follow constraints',
|
2021-06-01 09:07:58 -05:00
|
|
|
type: ServerErrorCode.DOES_NOT_RESPECT_FOLLOW_CONSTRAINTS,
|
2021-05-31 18:36:53 -05:00
|
|
|
data: {
|
|
|
|
originUrl: video.url
|
|
|
|
}
|
|
|
|
})
|
2018-11-16 08:02:48 -06:00
|
|
|
}
|
|
|
|
|
2020-02-04 08:00:47 -06:00
|
|
|
const videosCustomGetValidator = (
|
|
|
|
fetchType: 'all' | 'only-video' | 'only-video-with-rights' | 'only-immutable-attributes',
|
|
|
|
authenticateInQuery = false
|
|
|
|
) => {
|
2018-09-19 03:16:44 -05:00
|
|
|
return [
|
|
|
|
param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
|
2016-12-29 12:07:05 -06:00
|
|
|
|
2018-09-19 03:16:44 -05:00
|
|
|
async (req: express.Request, res: express.Response, next: express.NextFunction) => {
|
|
|
|
logger.debug('Checking videosGet parameters', { parameters: req.params })
|
2017-10-31 09:20:35 -05:00
|
|
|
|
2018-09-19 03:16:44 -05:00
|
|
|
if (areValidationErrors(req, res)) return
|
2019-03-19 03:26:50 -05:00
|
|
|
if (!await doesVideoExist(req.params.id, res, fetchType)) return
|
2018-08-14 02:08:47 -05:00
|
|
|
|
2020-02-04 08:45:41 -06:00
|
|
|
// Controllers does not need to check video rights
|
|
|
|
if (fetchType === 'only-immutable-attributes') return next()
|
|
|
|
|
2021-02-25 04:17:53 -06:00
|
|
|
const video = getVideoWithAttributes(res) as MVideoWithRights
|
2018-08-14 02:08:47 -05:00
|
|
|
|
2018-09-19 03:16:44 -05:00
|
|
|
// Video private or blacklisted
|
2021-02-25 04:17:53 -06:00
|
|
|
if (video.requiresAuth()) {
|
2019-12-03 03:41:23 -06:00
|
|
|
await authenticatePromiseIfNeeded(req, res, authenticateInQuery)
|
2018-11-16 08:02:48 -06:00
|
|
|
|
2019-03-19 04:35:15 -05:00
|
|
|
const user = res.locals.oauth ? res.locals.oauth.token.User : null
|
2018-08-14 02:08:47 -05:00
|
|
|
|
2021-06-02 07:28:30 -05:00
|
|
|
// Only the owner or a user that have blocklist rights can see the video
|
2021-02-25 04:17:53 -06:00
|
|
|
if (!user || !user.canGetVideo(video)) {
|
2021-05-31 18:36:53 -05:00
|
|
|
return res.fail({
|
|
|
|
status: HttpStatusCode.FORBIDDEN_403,
|
2021-06-02 07:28:30 -05:00
|
|
|
message: 'Cannot get this private/internal or blocklisted video'
|
2021-05-31 18:36:53 -05:00
|
|
|
})
|
2018-11-16 08:02:48 -06:00
|
|
|
}
|
2018-08-14 02:08:47 -05:00
|
|
|
|
2018-11-16 08:02:48 -06:00
|
|
|
return next()
|
2018-09-19 03:16:44 -05:00
|
|
|
}
|
2017-10-31 09:20:35 -05:00
|
|
|
|
2018-09-19 03:16:44 -05:00
|
|
|
// Video is public, anyone can access it
|
|
|
|
if (video.privacy === VideoPrivacy.PUBLIC) return next()
|
2017-10-31 09:20:35 -05:00
|
|
|
|
2018-09-19 03:16:44 -05:00
|
|
|
// Video is unlisted, check we used the uuid to fetch it
|
|
|
|
if (video.privacy === VideoPrivacy.UNLISTED) {
|
|
|
|
if (isUUIDValid(req.params.id)) return next()
|
2018-01-31 07:40:42 -06:00
|
|
|
|
2018-09-19 03:16:44 -05:00
|
|
|
// Don't leak this unlisted video
|
2021-05-31 18:36:53 -05:00
|
|
|
return res.fail({
|
|
|
|
status: HttpStatusCode.NOT_FOUND_404,
|
|
|
|
message: 'Video not found'
|
|
|
|
})
|
2018-09-19 03:16:44 -05:00
|
|
|
}
|
2018-01-31 07:40:42 -06:00
|
|
|
}
|
2018-09-19 03:16:44 -05:00
|
|
|
]
|
|
|
|
}
|
|
|
|
|
|
|
|
const videosGetValidator = videosCustomGetValidator('all')
|
2019-12-03 03:41:23 -06:00
|
|
|
const videosDownloadValidator = videosCustomGetValidator('all', true)
|
2015-11-07 07:16:26 -06:00
|
|
|
|
2020-03-10 08:39:40 -05:00
|
|
|
const videoFileMetadataGetValidator = getCommonVideoEditAttributes().concat([
|
|
|
|
param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
|
|
|
|
param('videoFileId').custom(isIdValid).not().isEmpty().withMessage('Should have a valid videoFileId'),
|
|
|
|
|
|
|
|
async (req: express.Request, res: express.Response, next: express.NextFunction) => {
|
|
|
|
logger.debug('Checking videoFileMetadataGet parameters', { parameters: req.params })
|
|
|
|
|
|
|
|
if (areValidationErrors(req, res)) return
|
|
|
|
if (!await doesVideoFileOfVideoExist(+req.params.videoFileId, req.params.id, res)) return
|
|
|
|
|
|
|
|
return next()
|
|
|
|
}
|
|
|
|
])
|
|
|
|
|
2017-09-15 05:17:08 -05:00
|
|
|
const videosRemoveValidator = [
|
2017-10-24 12:41:09 -05:00
|
|
|
param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
|
2015-11-07 07:16:26 -06:00
|
|
|
|
2017-11-27 10:30:46 -06:00
|
|
|
async (req: express.Request, res: express.Response, next: express.NextFunction) => {
|
2017-09-15 05:17:08 -05:00
|
|
|
logger.debug('Checking videosRemove parameters', { parameters: req.params })
|
2015-11-07 07:16:26 -06:00
|
|
|
|
2017-11-27 10:30:46 -06:00
|
|
|
if (areValidationErrors(req, res)) return
|
2019-03-19 03:26:50 -05:00
|
|
|
if (!await doesVideoExist(req.params.id, res)) return
|
2017-11-27 10:30:46 -06:00
|
|
|
|
|
|
|
// Check if the user who did the request is able to delete the video
|
2019-08-15 04:53:26 -05:00
|
|
|
if (!checkUserCanManageVideo(res.locals.oauth.token.User, res.locals.videoAll, UserRight.REMOVE_ANY_VIDEO, res)) return
|
2017-11-27 10:30:46 -06:00
|
|
|
|
|
|
|
return next()
|
2017-09-15 05:17:08 -05:00
|
|
|
}
|
|
|
|
]
|
2015-11-07 07:16:26 -06:00
|
|
|
|
Users can change ownership of their video [#510] (#888)
* [#510] Create a new route to get the list of user names
To be able to transfer ownership to a user,
we need to be able to select him from the list of users.
Because the list could be too big, we add a autocomplete feature.
This commit does the following:
* Add a API endpoint to get a list of user names by searching its name
* [#510] The user can choose the next owner of the video
To be able to transfer ownership to a user,
we need the owner to be able to select the user.
The server can autocomplete the name of the user to give the ownership.
We add a dialog for the user to actually select it.
This commit does the following:
* Create a modal for the owner to select the next one
* Opens this modal with a button into the menu *more*
* Make the dependency injection
* [#510] When the user choose the next owner, create a request in database
For the change of ownership to happen, we need to store the temporary requests.
When the user make the request, save it to database.
This commit does the following:
* Create the model to persist change ownership requests
* Add an API to manage ownership operations
* Add a route to persist an ownership request
* [#510] A user can fetch its ownership requests sent to him
To be able to accept or refuse a change of ownership,
the user must be able to fetch them.
This commit does the following:
* Add an API to list ownership for a user
* Add the query to database model
* [#510] A user can validate an ownership requests sent to him - server
The user can accept or refuse any ownership request that was sent to him.
This commit focus only on the server part.
This commit does the following:
* Add an API for the user to accept or refuse a video ownership
* Add validators to ensure security access
* Add a query to load a specific video change ownership request
* [#510] A user can validate an ownership requests sent to him - web
The user can accept or refuse any ownership request that was sent to him.
This commit focus only on the web part.
This commit does the following:
* Add a page to list user ownership changes
* Add actions to accept or refuse them
* When accepting, show a modal requiring the channel to send the video
* Correct lint - to squash
* [#510] PR reviews - to squash
This commit does the following:
* Search parameter for user autocompletion is required from middleware directly
* [#510] PR reviews - to squash with creation in database commit
This commit does the following:
* Add the status attribute in model
* Set this attribute on instance creation
* Use AccountModel method `loadLocalByName`
* [#510] PR reviews - to squash with fetch ownership
This commit does the following:
* Add the scope `FULL` for database queries with includes
* Add classic pagination middlewares
* [#510] PR reviews - to squash with ownership validation - server
This commit does the following:
* Add a middleware to validate whether a user can validate an ownership
* Change the ownership status instead of deleting the row
* [#510] PR reviews - to squash with ownership validation - client
This commit does the following:
* Correct indentation of html files with two-spaces indentation
* Use event emitter instead of function for accept event
* Update the sort of ownership change table for a decreasing order by creation date
* Add the status in ownership change table
* Use classic method syntax
* code style - to squash
* Add new user right - to squash
* Move the change to my-account instead of video-watch - to squash
As requested in pull-request, move the action to change ownership into my videos page.
The rest of the logic was not really changed.
This commit does the following:
- Move the modal into my video page
- Create the generic component `button` to keep some styles and logic
* [#510] Add tests for the new feature
To avoid regression, we add tests for all api of ownership change.
This commit does the following:
- Create an end-to-end test for ownership change
- Divide it to one test per request
* [#510] Do not send twice the same request to avoid spam
We can send several time the same request to change ownership.
However, it will spam the user.
To avoid this, we do not save a request already existing in database.
This commit does the following:
- Check whether the request exist in database
- Add tests to verify this new condition
* [#510] Change icons
Change icons so they remains logic with the rest of the application.
This commit does the following:
- Add svg for missing icons
- Add icons in `my-button` component
- Use these new icons
* [#510] Add control about the user quota
The user should be able to accept a new video only if his quota allows it.
This commit does the following:
- Update the middleware to control the quota
- Add tests verifying the control
* Correct merge
- Use new modal system
- Move button to new directory `buttons`
* PR reviews - to squash
2018-09-04 01:57:13 -05:00
|
|
|
const videosChangeOwnershipValidator = [
|
|
|
|
param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
|
|
|
|
|
|
|
|
async (req: express.Request, res: express.Response, next: express.NextFunction) => {
|
|
|
|
logger.debug('Checking changeOwnership parameters', { parameters: req.params })
|
|
|
|
|
|
|
|
if (areValidationErrors(req, res)) return
|
2019-03-19 03:26:50 -05:00
|
|
|
if (!await doesVideoExist(req.params.videoId, res)) return
|
Users can change ownership of their video [#510] (#888)
* [#510] Create a new route to get the list of user names
To be able to transfer ownership to a user,
we need to be able to select him from the list of users.
Because the list could be too big, we add a autocomplete feature.
This commit does the following:
* Add a API endpoint to get a list of user names by searching its name
* [#510] The user can choose the next owner of the video
To be able to transfer ownership to a user,
we need the owner to be able to select the user.
The server can autocomplete the name of the user to give the ownership.
We add a dialog for the user to actually select it.
This commit does the following:
* Create a modal for the owner to select the next one
* Opens this modal with a button into the menu *more*
* Make the dependency injection
* [#510] When the user choose the next owner, create a request in database
For the change of ownership to happen, we need to store the temporary requests.
When the user make the request, save it to database.
This commit does the following:
* Create the model to persist change ownership requests
* Add an API to manage ownership operations
* Add a route to persist an ownership request
* [#510] A user can fetch its ownership requests sent to him
To be able to accept or refuse a change of ownership,
the user must be able to fetch them.
This commit does the following:
* Add an API to list ownership for a user
* Add the query to database model
* [#510] A user can validate an ownership requests sent to him - server
The user can accept or refuse any ownership request that was sent to him.
This commit focus only on the server part.
This commit does the following:
* Add an API for the user to accept or refuse a video ownership
* Add validators to ensure security access
* Add a query to load a specific video change ownership request
* [#510] A user can validate an ownership requests sent to him - web
The user can accept or refuse any ownership request that was sent to him.
This commit focus only on the web part.
This commit does the following:
* Add a page to list user ownership changes
* Add actions to accept or refuse them
* When accepting, show a modal requiring the channel to send the video
* Correct lint - to squash
* [#510] PR reviews - to squash
This commit does the following:
* Search parameter for user autocompletion is required from middleware directly
* [#510] PR reviews - to squash with creation in database commit
This commit does the following:
* Add the status attribute in model
* Set this attribute on instance creation
* Use AccountModel method `loadLocalByName`
* [#510] PR reviews - to squash with fetch ownership
This commit does the following:
* Add the scope `FULL` for database queries with includes
* Add classic pagination middlewares
* [#510] PR reviews - to squash with ownership validation - server
This commit does the following:
* Add a middleware to validate whether a user can validate an ownership
* Change the ownership status instead of deleting the row
* [#510] PR reviews - to squash with ownership validation - client
This commit does the following:
* Correct indentation of html files with two-spaces indentation
* Use event emitter instead of function for accept event
* Update the sort of ownership change table for a decreasing order by creation date
* Add the status in ownership change table
* Use classic method syntax
* code style - to squash
* Add new user right - to squash
* Move the change to my-account instead of video-watch - to squash
As requested in pull-request, move the action to change ownership into my videos page.
The rest of the logic was not really changed.
This commit does the following:
- Move the modal into my video page
- Create the generic component `button` to keep some styles and logic
* [#510] Add tests for the new feature
To avoid regression, we add tests for all api of ownership change.
This commit does the following:
- Create an end-to-end test for ownership change
- Divide it to one test per request
* [#510] Do not send twice the same request to avoid spam
We can send several time the same request to change ownership.
However, it will spam the user.
To avoid this, we do not save a request already existing in database.
This commit does the following:
- Check whether the request exist in database
- Add tests to verify this new condition
* [#510] Change icons
Change icons so they remains logic with the rest of the application.
This commit does the following:
- Add svg for missing icons
- Add icons in `my-button` component
- Use these new icons
* [#510] Add control about the user quota
The user should be able to accept a new video only if his quota allows it.
This commit does the following:
- Update the middleware to control the quota
- Add tests verifying the control
* Correct merge
- Use new modal system
- Move button to new directory `buttons`
* PR reviews - to squash
2018-09-04 01:57:13 -05:00
|
|
|
|
|
|
|
// Check if the user who did the request is able to change the ownership of the video
|
2019-08-15 04:53:26 -05:00
|
|
|
if (!checkUserCanManageVideo(res.locals.oauth.token.User, res.locals.videoAll, UserRight.CHANGE_VIDEO_OWNERSHIP, res)) return
|
Users can change ownership of their video [#510] (#888)
* [#510] Create a new route to get the list of user names
To be able to transfer ownership to a user,
we need to be able to select him from the list of users.
Because the list could be too big, we add a autocomplete feature.
This commit does the following:
* Add a API endpoint to get a list of user names by searching its name
* [#510] The user can choose the next owner of the video
To be able to transfer ownership to a user,
we need the owner to be able to select the user.
The server can autocomplete the name of the user to give the ownership.
We add a dialog for the user to actually select it.
This commit does the following:
* Create a modal for the owner to select the next one
* Opens this modal with a button into the menu *more*
* Make the dependency injection
* [#510] When the user choose the next owner, create a request in database
For the change of ownership to happen, we need to store the temporary requests.
When the user make the request, save it to database.
This commit does the following:
* Create the model to persist change ownership requests
* Add an API to manage ownership operations
* Add a route to persist an ownership request
* [#510] A user can fetch its ownership requests sent to him
To be able to accept or refuse a change of ownership,
the user must be able to fetch them.
This commit does the following:
* Add an API to list ownership for a user
* Add the query to database model
* [#510] A user can validate an ownership requests sent to him - server
The user can accept or refuse any ownership request that was sent to him.
This commit focus only on the server part.
This commit does the following:
* Add an API for the user to accept or refuse a video ownership
* Add validators to ensure security access
* Add a query to load a specific video change ownership request
* [#510] A user can validate an ownership requests sent to him - web
The user can accept or refuse any ownership request that was sent to him.
This commit focus only on the web part.
This commit does the following:
* Add a page to list user ownership changes
* Add actions to accept or refuse them
* When accepting, show a modal requiring the channel to send the video
* Correct lint - to squash
* [#510] PR reviews - to squash
This commit does the following:
* Search parameter for user autocompletion is required from middleware directly
* [#510] PR reviews - to squash with creation in database commit
This commit does the following:
* Add the status attribute in model
* Set this attribute on instance creation
* Use AccountModel method `loadLocalByName`
* [#510] PR reviews - to squash with fetch ownership
This commit does the following:
* Add the scope `FULL` for database queries with includes
* Add classic pagination middlewares
* [#510] PR reviews - to squash with ownership validation - server
This commit does the following:
* Add a middleware to validate whether a user can validate an ownership
* Change the ownership status instead of deleting the row
* [#510] PR reviews - to squash with ownership validation - client
This commit does the following:
* Correct indentation of html files with two-spaces indentation
* Use event emitter instead of function for accept event
* Update the sort of ownership change table for a decreasing order by creation date
* Add the status in ownership change table
* Use classic method syntax
* code style - to squash
* Add new user right - to squash
* Move the change to my-account instead of video-watch - to squash
As requested in pull-request, move the action to change ownership into my videos page.
The rest of the logic was not really changed.
This commit does the following:
- Move the modal into my video page
- Create the generic component `button` to keep some styles and logic
* [#510] Add tests for the new feature
To avoid regression, we add tests for all api of ownership change.
This commit does the following:
- Create an end-to-end test for ownership change
- Divide it to one test per request
* [#510] Do not send twice the same request to avoid spam
We can send several time the same request to change ownership.
However, it will spam the user.
To avoid this, we do not save a request already existing in database.
This commit does the following:
- Check whether the request exist in database
- Add tests to verify this new condition
* [#510] Change icons
Change icons so they remains logic with the rest of the application.
This commit does the following:
- Add svg for missing icons
- Add icons in `my-button` component
- Use these new icons
* [#510] Add control about the user quota
The user should be able to accept a new video only if his quota allows it.
This commit does the following:
- Update the middleware to control the quota
- Add tests verifying the control
* Correct merge
- Use new modal system
- Move button to new directory `buttons`
* PR reviews - to squash
2018-09-04 01:57:13 -05:00
|
|
|
|
|
|
|
const nextOwner = await AccountModel.loadLocalByName(req.body.username)
|
|
|
|
if (!nextOwner) {
|
2021-05-31 18:36:53 -05:00
|
|
|
res.fail({ message: 'Changing video ownership to a remote account is not supported yet' })
|
Users can change ownership of their video [#510] (#888)
* [#510] Create a new route to get the list of user names
To be able to transfer ownership to a user,
we need to be able to select him from the list of users.
Because the list could be too big, we add a autocomplete feature.
This commit does the following:
* Add a API endpoint to get a list of user names by searching its name
* [#510] The user can choose the next owner of the video
To be able to transfer ownership to a user,
we need the owner to be able to select the user.
The server can autocomplete the name of the user to give the ownership.
We add a dialog for the user to actually select it.
This commit does the following:
* Create a modal for the owner to select the next one
* Opens this modal with a button into the menu *more*
* Make the dependency injection
* [#510] When the user choose the next owner, create a request in database
For the change of ownership to happen, we need to store the temporary requests.
When the user make the request, save it to database.
This commit does the following:
* Create the model to persist change ownership requests
* Add an API to manage ownership operations
* Add a route to persist an ownership request
* [#510] A user can fetch its ownership requests sent to him
To be able to accept or refuse a change of ownership,
the user must be able to fetch them.
This commit does the following:
* Add an API to list ownership for a user
* Add the query to database model
* [#510] A user can validate an ownership requests sent to him - server
The user can accept or refuse any ownership request that was sent to him.
This commit focus only on the server part.
This commit does the following:
* Add an API for the user to accept or refuse a video ownership
* Add validators to ensure security access
* Add a query to load a specific video change ownership request
* [#510] A user can validate an ownership requests sent to him - web
The user can accept or refuse any ownership request that was sent to him.
This commit focus only on the web part.
This commit does the following:
* Add a page to list user ownership changes
* Add actions to accept or refuse them
* When accepting, show a modal requiring the channel to send the video
* Correct lint - to squash
* [#510] PR reviews - to squash
This commit does the following:
* Search parameter for user autocompletion is required from middleware directly
* [#510] PR reviews - to squash with creation in database commit
This commit does the following:
* Add the status attribute in model
* Set this attribute on instance creation
* Use AccountModel method `loadLocalByName`
* [#510] PR reviews - to squash with fetch ownership
This commit does the following:
* Add the scope `FULL` for database queries with includes
* Add classic pagination middlewares
* [#510] PR reviews - to squash with ownership validation - server
This commit does the following:
* Add a middleware to validate whether a user can validate an ownership
* Change the ownership status instead of deleting the row
* [#510] PR reviews - to squash with ownership validation - client
This commit does the following:
* Correct indentation of html files with two-spaces indentation
* Use event emitter instead of function for accept event
* Update the sort of ownership change table for a decreasing order by creation date
* Add the status in ownership change table
* Use classic method syntax
* code style - to squash
* Add new user right - to squash
* Move the change to my-account instead of video-watch - to squash
As requested in pull-request, move the action to change ownership into my videos page.
The rest of the logic was not really changed.
This commit does the following:
- Move the modal into my video page
- Create the generic component `button` to keep some styles and logic
* [#510] Add tests for the new feature
To avoid regression, we add tests for all api of ownership change.
This commit does the following:
- Create an end-to-end test for ownership change
- Divide it to one test per request
* [#510] Do not send twice the same request to avoid spam
We can send several time the same request to change ownership.
However, it will spam the user.
To avoid this, we do not save a request already existing in database.
This commit does the following:
- Check whether the request exist in database
- Add tests to verify this new condition
* [#510] Change icons
Change icons so they remains logic with the rest of the application.
This commit does the following:
- Add svg for missing icons
- Add icons in `my-button` component
- Use these new icons
* [#510] Add control about the user quota
The user should be able to accept a new video only if his quota allows it.
This commit does the following:
- Update the middleware to control the quota
- Add tests verifying the control
* Correct merge
- Use new modal system
- Move button to new directory `buttons`
* PR reviews - to squash
2018-09-04 01:57:13 -05:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2021-05-31 18:36:53 -05:00
|
|
|
res.locals.nextOwner = nextOwner
|
Users can change ownership of their video [#510] (#888)
* [#510] Create a new route to get the list of user names
To be able to transfer ownership to a user,
we need to be able to select him from the list of users.
Because the list could be too big, we add a autocomplete feature.
This commit does the following:
* Add a API endpoint to get a list of user names by searching its name
* [#510] The user can choose the next owner of the video
To be able to transfer ownership to a user,
we need the owner to be able to select the user.
The server can autocomplete the name of the user to give the ownership.
We add a dialog for the user to actually select it.
This commit does the following:
* Create a modal for the owner to select the next one
* Opens this modal with a button into the menu *more*
* Make the dependency injection
* [#510] When the user choose the next owner, create a request in database
For the change of ownership to happen, we need to store the temporary requests.
When the user make the request, save it to database.
This commit does the following:
* Create the model to persist change ownership requests
* Add an API to manage ownership operations
* Add a route to persist an ownership request
* [#510] A user can fetch its ownership requests sent to him
To be able to accept or refuse a change of ownership,
the user must be able to fetch them.
This commit does the following:
* Add an API to list ownership for a user
* Add the query to database model
* [#510] A user can validate an ownership requests sent to him - server
The user can accept or refuse any ownership request that was sent to him.
This commit focus only on the server part.
This commit does the following:
* Add an API for the user to accept or refuse a video ownership
* Add validators to ensure security access
* Add a query to load a specific video change ownership request
* [#510] A user can validate an ownership requests sent to him - web
The user can accept or refuse any ownership request that was sent to him.
This commit focus only on the web part.
This commit does the following:
* Add a page to list user ownership changes
* Add actions to accept or refuse them
* When accepting, show a modal requiring the channel to send the video
* Correct lint - to squash
* [#510] PR reviews - to squash
This commit does the following:
* Search parameter for user autocompletion is required from middleware directly
* [#510] PR reviews - to squash with creation in database commit
This commit does the following:
* Add the status attribute in model
* Set this attribute on instance creation
* Use AccountModel method `loadLocalByName`
* [#510] PR reviews - to squash with fetch ownership
This commit does the following:
* Add the scope `FULL` for database queries with includes
* Add classic pagination middlewares
* [#510] PR reviews - to squash with ownership validation - server
This commit does the following:
* Add a middleware to validate whether a user can validate an ownership
* Change the ownership status instead of deleting the row
* [#510] PR reviews - to squash with ownership validation - client
This commit does the following:
* Correct indentation of html files with two-spaces indentation
* Use event emitter instead of function for accept event
* Update the sort of ownership change table for a decreasing order by creation date
* Add the status in ownership change table
* Use classic method syntax
* code style - to squash
* Add new user right - to squash
* Move the change to my-account instead of video-watch - to squash
As requested in pull-request, move the action to change ownership into my videos page.
The rest of the logic was not really changed.
This commit does the following:
- Move the modal into my video page
- Create the generic component `button` to keep some styles and logic
* [#510] Add tests for the new feature
To avoid regression, we add tests for all api of ownership change.
This commit does the following:
- Create an end-to-end test for ownership change
- Divide it to one test per request
* [#510] Do not send twice the same request to avoid spam
We can send several time the same request to change ownership.
However, it will spam the user.
To avoid this, we do not save a request already existing in database.
This commit does the following:
- Check whether the request exist in database
- Add tests to verify this new condition
* [#510] Change icons
Change icons so they remains logic with the rest of the application.
This commit does the following:
- Add svg for missing icons
- Add icons in `my-button` component
- Use these new icons
* [#510] Add control about the user quota
The user should be able to accept a new video only if his quota allows it.
This commit does the following:
- Update the middleware to control the quota
- Add tests verifying the control
* Correct merge
- Use new modal system
- Move button to new directory `buttons`
* PR reviews - to squash
2018-09-04 01:57:13 -05:00
|
|
|
return next()
|
|
|
|
}
|
|
|
|
]
|
|
|
|
|
|
|
|
const videosTerminateChangeOwnershipValidator = [
|
|
|
|
param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
|
|
|
|
|
|
|
|
async (req: express.Request, res: express.Response, next: express.NextFunction) => {
|
|
|
|
logger.debug('Checking changeOwnership parameters', { parameters: req.params })
|
|
|
|
|
|
|
|
if (areValidationErrors(req, res)) return
|
|
|
|
if (!await doesChangeVideoOwnershipExist(req.params.id, res)) return
|
|
|
|
|
|
|
|
// Check if the user who did the request is able to change the ownership of the video
|
|
|
|
if (!checkUserCanTerminateOwnershipChange(res.locals.oauth.token.User, res.locals.videoChangeOwnership, res)) return
|
|
|
|
|
2019-03-19 04:35:15 -05:00
|
|
|
const videoChangeOwnership = res.locals.videoChangeOwnership
|
Users can change ownership of their video [#510] (#888)
* [#510] Create a new route to get the list of user names
To be able to transfer ownership to a user,
we need to be able to select him from the list of users.
Because the list could be too big, we add a autocomplete feature.
This commit does the following:
* Add a API endpoint to get a list of user names by searching its name
* [#510] The user can choose the next owner of the video
To be able to transfer ownership to a user,
we need the owner to be able to select the user.
The server can autocomplete the name of the user to give the ownership.
We add a dialog for the user to actually select it.
This commit does the following:
* Create a modal for the owner to select the next one
* Opens this modal with a button into the menu *more*
* Make the dependency injection
* [#510] When the user choose the next owner, create a request in database
For the change of ownership to happen, we need to store the temporary requests.
When the user make the request, save it to database.
This commit does the following:
* Create the model to persist change ownership requests
* Add an API to manage ownership operations
* Add a route to persist an ownership request
* [#510] A user can fetch its ownership requests sent to him
To be able to accept or refuse a change of ownership,
the user must be able to fetch them.
This commit does the following:
* Add an API to list ownership for a user
* Add the query to database model
* [#510] A user can validate an ownership requests sent to him - server
The user can accept or refuse any ownership request that was sent to him.
This commit focus only on the server part.
This commit does the following:
* Add an API for the user to accept or refuse a video ownership
* Add validators to ensure security access
* Add a query to load a specific video change ownership request
* [#510] A user can validate an ownership requests sent to him - web
The user can accept or refuse any ownership request that was sent to him.
This commit focus only on the web part.
This commit does the following:
* Add a page to list user ownership changes
* Add actions to accept or refuse them
* When accepting, show a modal requiring the channel to send the video
* Correct lint - to squash
* [#510] PR reviews - to squash
This commit does the following:
* Search parameter for user autocompletion is required from middleware directly
* [#510] PR reviews - to squash with creation in database commit
This commit does the following:
* Add the status attribute in model
* Set this attribute on instance creation
* Use AccountModel method `loadLocalByName`
* [#510] PR reviews - to squash with fetch ownership
This commit does the following:
* Add the scope `FULL` for database queries with includes
* Add classic pagination middlewares
* [#510] PR reviews - to squash with ownership validation - server
This commit does the following:
* Add a middleware to validate whether a user can validate an ownership
* Change the ownership status instead of deleting the row
* [#510] PR reviews - to squash with ownership validation - client
This commit does the following:
* Correct indentation of html files with two-spaces indentation
* Use event emitter instead of function for accept event
* Update the sort of ownership change table for a decreasing order by creation date
* Add the status in ownership change table
* Use classic method syntax
* code style - to squash
* Add new user right - to squash
* Move the change to my-account instead of video-watch - to squash
As requested in pull-request, move the action to change ownership into my videos page.
The rest of the logic was not really changed.
This commit does the following:
- Move the modal into my video page
- Create the generic component `button` to keep some styles and logic
* [#510] Add tests for the new feature
To avoid regression, we add tests for all api of ownership change.
This commit does the following:
- Create an end-to-end test for ownership change
- Divide it to one test per request
* [#510] Do not send twice the same request to avoid spam
We can send several time the same request to change ownership.
However, it will spam the user.
To avoid this, we do not save a request already existing in database.
This commit does the following:
- Check whether the request exist in database
- Add tests to verify this new condition
* [#510] Change icons
Change icons so they remains logic with the rest of the application.
This commit does the following:
- Add svg for missing icons
- Add icons in `my-button` component
- Use these new icons
* [#510] Add control about the user quota
The user should be able to accept a new video only if his quota allows it.
This commit does the following:
- Update the middleware to control the quota
- Add tests verifying the control
* Correct merge
- Use new modal system
- Move button to new directory `buttons`
* PR reviews - to squash
2018-09-04 01:57:13 -05:00
|
|
|
|
2020-01-31 09:56:52 -06:00
|
|
|
if (videoChangeOwnership.status !== VideoChangeOwnershipStatus.WAITING) {
|
2021-05-31 18:36:53 -05:00
|
|
|
res.fail({
|
|
|
|
status: HttpStatusCode.FORBIDDEN_403,
|
|
|
|
message: 'Ownership already accepted or refused'
|
|
|
|
})
|
Users can change ownership of their video [#510] (#888)
* [#510] Create a new route to get the list of user names
To be able to transfer ownership to a user,
we need to be able to select him from the list of users.
Because the list could be too big, we add a autocomplete feature.
This commit does the following:
* Add a API endpoint to get a list of user names by searching its name
* [#510] The user can choose the next owner of the video
To be able to transfer ownership to a user,
we need the owner to be able to select the user.
The server can autocomplete the name of the user to give the ownership.
We add a dialog for the user to actually select it.
This commit does the following:
* Create a modal for the owner to select the next one
* Opens this modal with a button into the menu *more*
* Make the dependency injection
* [#510] When the user choose the next owner, create a request in database
For the change of ownership to happen, we need to store the temporary requests.
When the user make the request, save it to database.
This commit does the following:
* Create the model to persist change ownership requests
* Add an API to manage ownership operations
* Add a route to persist an ownership request
* [#510] A user can fetch its ownership requests sent to him
To be able to accept or refuse a change of ownership,
the user must be able to fetch them.
This commit does the following:
* Add an API to list ownership for a user
* Add the query to database model
* [#510] A user can validate an ownership requests sent to him - server
The user can accept or refuse any ownership request that was sent to him.
This commit focus only on the server part.
This commit does the following:
* Add an API for the user to accept or refuse a video ownership
* Add validators to ensure security access
* Add a query to load a specific video change ownership request
* [#510] A user can validate an ownership requests sent to him - web
The user can accept or refuse any ownership request that was sent to him.
This commit focus only on the web part.
This commit does the following:
* Add a page to list user ownership changes
* Add actions to accept or refuse them
* When accepting, show a modal requiring the channel to send the video
* Correct lint - to squash
* [#510] PR reviews - to squash
This commit does the following:
* Search parameter for user autocompletion is required from middleware directly
* [#510] PR reviews - to squash with creation in database commit
This commit does the following:
* Add the status attribute in model
* Set this attribute on instance creation
* Use AccountModel method `loadLocalByName`
* [#510] PR reviews - to squash with fetch ownership
This commit does the following:
* Add the scope `FULL` for database queries with includes
* Add classic pagination middlewares
* [#510] PR reviews - to squash with ownership validation - server
This commit does the following:
* Add a middleware to validate whether a user can validate an ownership
* Change the ownership status instead of deleting the row
* [#510] PR reviews - to squash with ownership validation - client
This commit does the following:
* Correct indentation of html files with two-spaces indentation
* Use event emitter instead of function for accept event
* Update the sort of ownership change table for a decreasing order by creation date
* Add the status in ownership change table
* Use classic method syntax
* code style - to squash
* Add new user right - to squash
* Move the change to my-account instead of video-watch - to squash
As requested in pull-request, move the action to change ownership into my videos page.
The rest of the logic was not really changed.
This commit does the following:
- Move the modal into my video page
- Create the generic component `button` to keep some styles and logic
* [#510] Add tests for the new feature
To avoid regression, we add tests for all api of ownership change.
This commit does the following:
- Create an end-to-end test for ownership change
- Divide it to one test per request
* [#510] Do not send twice the same request to avoid spam
We can send several time the same request to change ownership.
However, it will spam the user.
To avoid this, we do not save a request already existing in database.
This commit does the following:
- Check whether the request exist in database
- Add tests to verify this new condition
* [#510] Change icons
Change icons so they remains logic with the rest of the application.
This commit does the following:
- Add svg for missing icons
- Add icons in `my-button` component
- Use these new icons
* [#510] Add control about the user quota
The user should be able to accept a new video only if his quota allows it.
This commit does the following:
- Update the middleware to control the quota
- Add tests verifying the control
* Correct merge
- Use new modal system
- Move button to new directory `buttons`
* PR reviews - to squash
2018-09-04 01:57:13 -05:00
|
|
|
return
|
|
|
|
}
|
2020-01-31 09:56:52 -06:00
|
|
|
|
|
|
|
return next()
|
Users can change ownership of their video [#510] (#888)
* [#510] Create a new route to get the list of user names
To be able to transfer ownership to a user,
we need to be able to select him from the list of users.
Because the list could be too big, we add a autocomplete feature.
This commit does the following:
* Add a API endpoint to get a list of user names by searching its name
* [#510] The user can choose the next owner of the video
To be able to transfer ownership to a user,
we need the owner to be able to select the user.
The server can autocomplete the name of the user to give the ownership.
We add a dialog for the user to actually select it.
This commit does the following:
* Create a modal for the owner to select the next one
* Opens this modal with a button into the menu *more*
* Make the dependency injection
* [#510] When the user choose the next owner, create a request in database
For the change of ownership to happen, we need to store the temporary requests.
When the user make the request, save it to database.
This commit does the following:
* Create the model to persist change ownership requests
* Add an API to manage ownership operations
* Add a route to persist an ownership request
* [#510] A user can fetch its ownership requests sent to him
To be able to accept or refuse a change of ownership,
the user must be able to fetch them.
This commit does the following:
* Add an API to list ownership for a user
* Add the query to database model
* [#510] A user can validate an ownership requests sent to him - server
The user can accept or refuse any ownership request that was sent to him.
This commit focus only on the server part.
This commit does the following:
* Add an API for the user to accept or refuse a video ownership
* Add validators to ensure security access
* Add a query to load a specific video change ownership request
* [#510] A user can validate an ownership requests sent to him - web
The user can accept or refuse any ownership request that was sent to him.
This commit focus only on the web part.
This commit does the following:
* Add a page to list user ownership changes
* Add actions to accept or refuse them
* When accepting, show a modal requiring the channel to send the video
* Correct lint - to squash
* [#510] PR reviews - to squash
This commit does the following:
* Search parameter for user autocompletion is required from middleware directly
* [#510] PR reviews - to squash with creation in database commit
This commit does the following:
* Add the status attribute in model
* Set this attribute on instance creation
* Use AccountModel method `loadLocalByName`
* [#510] PR reviews - to squash with fetch ownership
This commit does the following:
* Add the scope `FULL` for database queries with includes
* Add classic pagination middlewares
* [#510] PR reviews - to squash with ownership validation - server
This commit does the following:
* Add a middleware to validate whether a user can validate an ownership
* Change the ownership status instead of deleting the row
* [#510] PR reviews - to squash with ownership validation - client
This commit does the following:
* Correct indentation of html files with two-spaces indentation
* Use event emitter instead of function for accept event
* Update the sort of ownership change table for a decreasing order by creation date
* Add the status in ownership change table
* Use classic method syntax
* code style - to squash
* Add new user right - to squash
* Move the change to my-account instead of video-watch - to squash
As requested in pull-request, move the action to change ownership into my videos page.
The rest of the logic was not really changed.
This commit does the following:
- Move the modal into my video page
- Create the generic component `button` to keep some styles and logic
* [#510] Add tests for the new feature
To avoid regression, we add tests for all api of ownership change.
This commit does the following:
- Create an end-to-end test for ownership change
- Divide it to one test per request
* [#510] Do not send twice the same request to avoid spam
We can send several time the same request to change ownership.
However, it will spam the user.
To avoid this, we do not save a request already existing in database.
This commit does the following:
- Check whether the request exist in database
- Add tests to verify this new condition
* [#510] Change icons
Change icons so they remains logic with the rest of the application.
This commit does the following:
- Add svg for missing icons
- Add icons in `my-button` component
- Use these new icons
* [#510] Add control about the user quota
The user should be able to accept a new video only if his quota allows it.
This commit does the following:
- Update the middleware to control the quota
- Add tests verifying the control
* Correct merge
- Use new modal system
- Move button to new directory `buttons`
* PR reviews - to squash
2018-09-04 01:57:13 -05:00
|
|
|
}
|
|
|
|
]
|
|
|
|
|
|
|
|
const videosAcceptChangeOwnershipValidator = [
|
|
|
|
async (req: express.Request, res: express.Response, next: express.NextFunction) => {
|
|
|
|
const body = req.body as VideoChangeOwnershipAccept
|
2019-03-19 03:26:50 -05:00
|
|
|
if (!await doesVideoChannelOfAccountExist(body.channelId, res.locals.oauth.token.User, res)) return
|
Users can change ownership of their video [#510] (#888)
* [#510] Create a new route to get the list of user names
To be able to transfer ownership to a user,
we need to be able to select him from the list of users.
Because the list could be too big, we add a autocomplete feature.
This commit does the following:
* Add a API endpoint to get a list of user names by searching its name
* [#510] The user can choose the next owner of the video
To be able to transfer ownership to a user,
we need the owner to be able to select the user.
The server can autocomplete the name of the user to give the ownership.
We add a dialog for the user to actually select it.
This commit does the following:
* Create a modal for the owner to select the next one
* Opens this modal with a button into the menu *more*
* Make the dependency injection
* [#510] When the user choose the next owner, create a request in database
For the change of ownership to happen, we need to store the temporary requests.
When the user make the request, save it to database.
This commit does the following:
* Create the model to persist change ownership requests
* Add an API to manage ownership operations
* Add a route to persist an ownership request
* [#510] A user can fetch its ownership requests sent to him
To be able to accept or refuse a change of ownership,
the user must be able to fetch them.
This commit does the following:
* Add an API to list ownership for a user
* Add the query to database model
* [#510] A user can validate an ownership requests sent to him - server
The user can accept or refuse any ownership request that was sent to him.
This commit focus only on the server part.
This commit does the following:
* Add an API for the user to accept or refuse a video ownership
* Add validators to ensure security access
* Add a query to load a specific video change ownership request
* [#510] A user can validate an ownership requests sent to him - web
The user can accept or refuse any ownership request that was sent to him.
This commit focus only on the web part.
This commit does the following:
* Add a page to list user ownership changes
* Add actions to accept or refuse them
* When accepting, show a modal requiring the channel to send the video
* Correct lint - to squash
* [#510] PR reviews - to squash
This commit does the following:
* Search parameter for user autocompletion is required from middleware directly
* [#510] PR reviews - to squash with creation in database commit
This commit does the following:
* Add the status attribute in model
* Set this attribute on instance creation
* Use AccountModel method `loadLocalByName`
* [#510] PR reviews - to squash with fetch ownership
This commit does the following:
* Add the scope `FULL` for database queries with includes
* Add classic pagination middlewares
* [#510] PR reviews - to squash with ownership validation - server
This commit does the following:
* Add a middleware to validate whether a user can validate an ownership
* Change the ownership status instead of deleting the row
* [#510] PR reviews - to squash with ownership validation - client
This commit does the following:
* Correct indentation of html files with two-spaces indentation
* Use event emitter instead of function for accept event
* Update the sort of ownership change table for a decreasing order by creation date
* Add the status in ownership change table
* Use classic method syntax
* code style - to squash
* Add new user right - to squash
* Move the change to my-account instead of video-watch - to squash
As requested in pull-request, move the action to change ownership into my videos page.
The rest of the logic was not really changed.
This commit does the following:
- Move the modal into my video page
- Create the generic component `button` to keep some styles and logic
* [#510] Add tests for the new feature
To avoid regression, we add tests for all api of ownership change.
This commit does the following:
- Create an end-to-end test for ownership change
- Divide it to one test per request
* [#510] Do not send twice the same request to avoid spam
We can send several time the same request to change ownership.
However, it will spam the user.
To avoid this, we do not save a request already existing in database.
This commit does the following:
- Check whether the request exist in database
- Add tests to verify this new condition
* [#510] Change icons
Change icons so they remains logic with the rest of the application.
This commit does the following:
- Add svg for missing icons
- Add icons in `my-button` component
- Use these new icons
* [#510] Add control about the user quota
The user should be able to accept a new video only if his quota allows it.
This commit does the following:
- Update the middleware to control the quota
- Add tests verifying the control
* Correct merge
- Use new modal system
- Move button to new directory `buttons`
* PR reviews - to squash
2018-09-04 01:57:13 -05:00
|
|
|
|
|
|
|
const user = res.locals.oauth.token.User
|
2019-03-19 04:35:15 -05:00
|
|
|
const videoChangeOwnership = res.locals.videoChangeOwnership
|
2020-09-25 09:19:35 -05:00
|
|
|
const isAble = await isAbleToUploadVideo(user.id, videoChangeOwnership.Video.getMaxQualityFile().size)
|
Users can change ownership of their video [#510] (#888)
* [#510] Create a new route to get the list of user names
To be able to transfer ownership to a user,
we need to be able to select him from the list of users.
Because the list could be too big, we add a autocomplete feature.
This commit does the following:
* Add a API endpoint to get a list of user names by searching its name
* [#510] The user can choose the next owner of the video
To be able to transfer ownership to a user,
we need the owner to be able to select the user.
The server can autocomplete the name of the user to give the ownership.
We add a dialog for the user to actually select it.
This commit does the following:
* Create a modal for the owner to select the next one
* Opens this modal with a button into the menu *more*
* Make the dependency injection
* [#510] When the user choose the next owner, create a request in database
For the change of ownership to happen, we need to store the temporary requests.
When the user make the request, save it to database.
This commit does the following:
* Create the model to persist change ownership requests
* Add an API to manage ownership operations
* Add a route to persist an ownership request
* [#510] A user can fetch its ownership requests sent to him
To be able to accept or refuse a change of ownership,
the user must be able to fetch them.
This commit does the following:
* Add an API to list ownership for a user
* Add the query to database model
* [#510] A user can validate an ownership requests sent to him - server
The user can accept or refuse any ownership request that was sent to him.
This commit focus only on the server part.
This commit does the following:
* Add an API for the user to accept or refuse a video ownership
* Add validators to ensure security access
* Add a query to load a specific video change ownership request
* [#510] A user can validate an ownership requests sent to him - web
The user can accept or refuse any ownership request that was sent to him.
This commit focus only on the web part.
This commit does the following:
* Add a page to list user ownership changes
* Add actions to accept or refuse them
* When accepting, show a modal requiring the channel to send the video
* Correct lint - to squash
* [#510] PR reviews - to squash
This commit does the following:
* Search parameter for user autocompletion is required from middleware directly
* [#510] PR reviews - to squash with creation in database commit
This commit does the following:
* Add the status attribute in model
* Set this attribute on instance creation
* Use AccountModel method `loadLocalByName`
* [#510] PR reviews - to squash with fetch ownership
This commit does the following:
* Add the scope `FULL` for database queries with includes
* Add classic pagination middlewares
* [#510] PR reviews - to squash with ownership validation - server
This commit does the following:
* Add a middleware to validate whether a user can validate an ownership
* Change the ownership status instead of deleting the row
* [#510] PR reviews - to squash with ownership validation - client
This commit does the following:
* Correct indentation of html files with two-spaces indentation
* Use event emitter instead of function for accept event
* Update the sort of ownership change table for a decreasing order by creation date
* Add the status in ownership change table
* Use classic method syntax
* code style - to squash
* Add new user right - to squash
* Move the change to my-account instead of video-watch - to squash
As requested in pull-request, move the action to change ownership into my videos page.
The rest of the logic was not really changed.
This commit does the following:
- Move the modal into my video page
- Create the generic component `button` to keep some styles and logic
* [#510] Add tests for the new feature
To avoid regression, we add tests for all api of ownership change.
This commit does the following:
- Create an end-to-end test for ownership change
- Divide it to one test per request
* [#510] Do not send twice the same request to avoid spam
We can send several time the same request to change ownership.
However, it will spam the user.
To avoid this, we do not save a request already existing in database.
This commit does the following:
- Check whether the request exist in database
- Add tests to verify this new condition
* [#510] Change icons
Change icons so they remains logic with the rest of the application.
This commit does the following:
- Add svg for missing icons
- Add icons in `my-button` component
- Use these new icons
* [#510] Add control about the user quota
The user should be able to accept a new video only if his quota allows it.
This commit does the following:
- Update the middleware to control the quota
- Add tests verifying the control
* Correct merge
- Use new modal system
- Move button to new directory `buttons`
* PR reviews - to squash
2018-09-04 01:57:13 -05:00
|
|
|
if (isAble === false) {
|
2021-05-31 18:36:53 -05:00
|
|
|
res.fail({
|
|
|
|
status: HttpStatusCode.PAYLOAD_TOO_LARGE_413,
|
|
|
|
message: 'The user video quota is exceeded with this video.'
|
|
|
|
})
|
Users can change ownership of their video [#510] (#888)
* [#510] Create a new route to get the list of user names
To be able to transfer ownership to a user,
we need to be able to select him from the list of users.
Because the list could be too big, we add a autocomplete feature.
This commit does the following:
* Add a API endpoint to get a list of user names by searching its name
* [#510] The user can choose the next owner of the video
To be able to transfer ownership to a user,
we need the owner to be able to select the user.
The server can autocomplete the name of the user to give the ownership.
We add a dialog for the user to actually select it.
This commit does the following:
* Create a modal for the owner to select the next one
* Opens this modal with a button into the menu *more*
* Make the dependency injection
* [#510] When the user choose the next owner, create a request in database
For the change of ownership to happen, we need to store the temporary requests.
When the user make the request, save it to database.
This commit does the following:
* Create the model to persist change ownership requests
* Add an API to manage ownership operations
* Add a route to persist an ownership request
* [#510] A user can fetch its ownership requests sent to him
To be able to accept or refuse a change of ownership,
the user must be able to fetch them.
This commit does the following:
* Add an API to list ownership for a user
* Add the query to database model
* [#510] A user can validate an ownership requests sent to him - server
The user can accept or refuse any ownership request that was sent to him.
This commit focus only on the server part.
This commit does the following:
* Add an API for the user to accept or refuse a video ownership
* Add validators to ensure security access
* Add a query to load a specific video change ownership request
* [#510] A user can validate an ownership requests sent to him - web
The user can accept or refuse any ownership request that was sent to him.
This commit focus only on the web part.
This commit does the following:
* Add a page to list user ownership changes
* Add actions to accept or refuse them
* When accepting, show a modal requiring the channel to send the video
* Correct lint - to squash
* [#510] PR reviews - to squash
This commit does the following:
* Search parameter for user autocompletion is required from middleware directly
* [#510] PR reviews - to squash with creation in database commit
This commit does the following:
* Add the status attribute in model
* Set this attribute on instance creation
* Use AccountModel method `loadLocalByName`
* [#510] PR reviews - to squash with fetch ownership
This commit does the following:
* Add the scope `FULL` for database queries with includes
* Add classic pagination middlewares
* [#510] PR reviews - to squash with ownership validation - server
This commit does the following:
* Add a middleware to validate whether a user can validate an ownership
* Change the ownership status instead of deleting the row
* [#510] PR reviews - to squash with ownership validation - client
This commit does the following:
* Correct indentation of html files with two-spaces indentation
* Use event emitter instead of function for accept event
* Update the sort of ownership change table for a decreasing order by creation date
* Add the status in ownership change table
* Use classic method syntax
* code style - to squash
* Add new user right - to squash
* Move the change to my-account instead of video-watch - to squash
As requested in pull-request, move the action to change ownership into my videos page.
The rest of the logic was not really changed.
This commit does the following:
- Move the modal into my video page
- Create the generic component `button` to keep some styles and logic
* [#510] Add tests for the new feature
To avoid regression, we add tests for all api of ownership change.
This commit does the following:
- Create an end-to-end test for ownership change
- Divide it to one test per request
* [#510] Do not send twice the same request to avoid spam
We can send several time the same request to change ownership.
However, it will spam the user.
To avoid this, we do not save a request already existing in database.
This commit does the following:
- Check whether the request exist in database
- Add tests to verify this new condition
* [#510] Change icons
Change icons so they remains logic with the rest of the application.
This commit does the following:
- Add svg for missing icons
- Add icons in `my-button` component
- Use these new icons
* [#510] Add control about the user quota
The user should be able to accept a new video only if his quota allows it.
This commit does the following:
- Update the middleware to control the quota
- Add tests verifying the control
* Correct merge
- Use new modal system
- Move button to new directory `buttons`
* PR reviews - to squash
2018-09-04 01:57:13 -05:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
return next()
|
|
|
|
}
|
|
|
|
]
|
|
|
|
|
2020-03-11 08:39:28 -05:00
|
|
|
const videosOverviewValidator = [
|
|
|
|
query('page')
|
|
|
|
.optional()
|
|
|
|
.isInt({ min: 1, max: OVERVIEWS.VIDEOS.SAMPLES_COUNT })
|
|
|
|
.withMessage('Should have a valid pagination'),
|
|
|
|
|
|
|
|
(req: express.Request, res: express.Response, next: express.NextFunction) => {
|
|
|
|
if (areValidationErrors(req, res)) return
|
|
|
|
|
|
|
|
return next()
|
|
|
|
}
|
|
|
|
]
|
|
|
|
|
2019-02-26 03:55:40 -06:00
|
|
|
function getCommonVideoEditAttributes () {
|
2018-07-16 07:58:22 -05:00
|
|
|
return [
|
|
|
|
body('thumbnailfile')
|
|
|
|
.custom((value, { req }) => isVideoImage(req.files, 'thumbnailfile')).withMessage(
|
2020-01-31 09:56:52 -06:00
|
|
|
'This thumbnail file is not supported or too large. Please, make sure it is of the following type: ' +
|
|
|
|
CONSTRAINTS_FIELDS.VIDEOS.IMAGE.EXTNAME.join(', ')
|
|
|
|
),
|
2018-07-16 07:58:22 -05:00
|
|
|
body('previewfile')
|
|
|
|
.custom((value, { req }) => isVideoImage(req.files, 'previewfile')).withMessage(
|
2020-01-31 09:56:52 -06:00
|
|
|
'This preview file is not supported or too large. Please, make sure it is of the following type: ' +
|
|
|
|
CONSTRAINTS_FIELDS.VIDEOS.IMAGE.EXTNAME.join(', ')
|
|
|
|
),
|
2018-07-16 07:58:22 -05:00
|
|
|
|
|
|
|
body('category')
|
|
|
|
.optional()
|
|
|
|
.customSanitizer(toIntOrNull)
|
|
|
|
.custom(isVideoCategoryValid).withMessage('Should have a valid category'),
|
|
|
|
body('licence')
|
|
|
|
.optional()
|
|
|
|
.customSanitizer(toIntOrNull)
|
|
|
|
.custom(isVideoLicenceValid).withMessage('Should have a valid licence'),
|
|
|
|
body('language')
|
|
|
|
.optional()
|
|
|
|
.customSanitizer(toValueOrNull)
|
|
|
|
.custom(isVideoLanguageValid).withMessage('Should have a valid language'),
|
|
|
|
body('nsfw')
|
|
|
|
.optional()
|
2019-07-25 09:23:44 -05:00
|
|
|
.customSanitizer(toBooleanOrNull)
|
2018-07-16 07:58:22 -05:00
|
|
|
.custom(isBooleanValid).withMessage('Should have a valid NSFW attribute'),
|
|
|
|
body('waitTranscoding')
|
|
|
|
.optional()
|
2019-07-25 09:23:44 -05:00
|
|
|
.customSanitizer(toBooleanOrNull)
|
2018-07-16 07:58:22 -05:00
|
|
|
.custom(isBooleanValid).withMessage('Should have a valid wait transcoding attribute'),
|
|
|
|
body('privacy')
|
|
|
|
.optional()
|
2019-07-25 09:23:44 -05:00
|
|
|
.customSanitizer(toValueOrNull)
|
2018-07-16 07:58:22 -05:00
|
|
|
.custom(isVideoPrivacyValid).withMessage('Should have correct video privacy'),
|
|
|
|
body('description')
|
|
|
|
.optional()
|
|
|
|
.customSanitizer(toValueOrNull)
|
|
|
|
.custom(isVideoDescriptionValid).withMessage('Should have a valid description'),
|
|
|
|
body('support')
|
|
|
|
.optional()
|
|
|
|
.customSanitizer(toValueOrNull)
|
|
|
|
.custom(isVideoSupportValid).withMessage('Should have a valid support text'),
|
|
|
|
body('tags')
|
|
|
|
.optional()
|
|
|
|
.customSanitizer(toValueOrNull)
|
2021-05-31 13:46:22 -05:00
|
|
|
.custom(isVideoTagsValid)
|
|
|
|
.withMessage(
|
|
|
|
`Should have an array of up to ${CONSTRAINTS_FIELDS.VIDEOS.TAGS.max} tags between ` +
|
|
|
|
`${CONSTRAINTS_FIELDS.VIDEOS.TAG.min} and ${CONSTRAINTS_FIELDS.VIDEOS.TAG.max} characters each`
|
|
|
|
),
|
2018-07-16 07:58:22 -05:00
|
|
|
body('commentsEnabled')
|
|
|
|
.optional()
|
2019-07-25 09:23:44 -05:00
|
|
|
.customSanitizer(toBooleanOrNull)
|
2018-07-16 07:58:22 -05:00
|
|
|
.custom(isBooleanValid).withMessage('Should have comments enabled boolean'),
|
2018-10-08 07:45:22 -05:00
|
|
|
body('downloadEnabled')
|
2019-01-12 07:45:23 -06:00
|
|
|
.optional()
|
2019-07-25 09:23:44 -05:00
|
|
|
.customSanitizer(toBooleanOrNull)
|
2018-10-06 12:17:21 -05:00
|
|
|
.custom(isBooleanValid).withMessage('Should have downloading enabled boolean'),
|
2019-02-11 07:09:23 -06:00
|
|
|
body('originallyPublishedAt')
|
2019-07-25 09:23:44 -05:00
|
|
|
.optional()
|
|
|
|
.customSanitizer(toValueOrNull)
|
|
|
|
.custom(isVideoOriginallyPublishedAtValid).withMessage('Should have a valid original publication date'),
|
2018-07-16 07:58:22 -05:00
|
|
|
body('scheduleUpdate')
|
|
|
|
.optional()
|
|
|
|
.customSanitizer(toValueOrNull),
|
|
|
|
body('scheduleUpdate.updateAt')
|
|
|
|
.optional()
|
2021-05-31 12:47:14 -05:00
|
|
|
.custom(isDateValid).withMessage('Should have a schedule update date that conforms to ISO 8601'),
|
2018-07-16 07:58:22 -05:00
|
|
|
body('scheduleUpdate.privacy')
|
|
|
|
.optional()
|
2019-07-25 10:28:45 -05:00
|
|
|
.customSanitizer(toIntOrNull)
|
2018-07-16 07:58:22 -05:00
|
|
|
.custom(isScheduleVideoUpdatePrivacyValid).withMessage('Should have correct schedule update privacy')
|
2021-02-03 02:33:05 -06:00
|
|
|
] as (ValidationChain | ExpressPromiseHandler)[]
|
2018-07-16 07:58:22 -05:00
|
|
|
}
|
2018-08-02 08:34:09 -05:00
|
|
|
|
2018-10-10 04:46:50 -05:00
|
|
|
const commonVideosFiltersValidator = [
|
|
|
|
query('categoryOneOf')
|
|
|
|
.optional()
|
|
|
|
.customSanitizer(toArray)
|
|
|
|
.custom(isNumberArray).withMessage('Should have a valid one of category array'),
|
|
|
|
query('licenceOneOf')
|
|
|
|
.optional()
|
|
|
|
.customSanitizer(toArray)
|
|
|
|
.custom(isNumberArray).withMessage('Should have a valid one of licence array'),
|
|
|
|
query('languageOneOf')
|
|
|
|
.optional()
|
|
|
|
.customSanitizer(toArray)
|
|
|
|
.custom(isStringArray).withMessage('Should have a valid one of language array'),
|
|
|
|
query('tagsOneOf')
|
|
|
|
.optional()
|
|
|
|
.customSanitizer(toArray)
|
|
|
|
.custom(isStringArray).withMessage('Should have a valid one of tags array'),
|
|
|
|
query('tagsAllOf')
|
|
|
|
.optional()
|
|
|
|
.customSanitizer(toArray)
|
|
|
|
.custom(isStringArray).withMessage('Should have a valid all of tags array'),
|
|
|
|
query('nsfw')
|
|
|
|
.optional()
|
2021-05-03 04:06:19 -05:00
|
|
|
.custom(isBooleanBothQueryValid).withMessage('Should have a valid NSFW attribute'),
|
|
|
|
query('isLive')
|
|
|
|
.optional()
|
|
|
|
.customSanitizer(toBooleanOrNull)
|
|
|
|
.custom(isBooleanValid).withMessage('Should have a valid live boolean'),
|
2018-10-10 04:46:50 -05:00
|
|
|
query('filter')
|
|
|
|
.optional()
|
|
|
|
.custom(isVideoFilterValid).withMessage('Should have a valid filter attribute'),
|
2020-01-08 07:15:16 -06:00
|
|
|
query('skipCount')
|
|
|
|
.optional()
|
|
|
|
.customSanitizer(toBooleanOrNull)
|
|
|
|
.custom(isBooleanValid).withMessage('Should have a valid skip count boolean'),
|
2021-01-19 06:43:33 -06:00
|
|
|
query('search')
|
|
|
|
.optional()
|
|
|
|
.custom(exists).withMessage('Should have a valid search'),
|
2018-10-10 04:46:50 -05:00
|
|
|
|
|
|
|
(req: express.Request, res: express.Response, next: express.NextFunction) => {
|
|
|
|
logger.debug('Checking commons video filters query', { parameters: req.query })
|
|
|
|
|
|
|
|
if (areValidationErrors(req, res)) return
|
|
|
|
|
2019-03-19 04:35:15 -05:00
|
|
|
const user = res.locals.oauth ? res.locals.oauth.token.User : undefined
|
2020-11-18 08:29:38 -06:00
|
|
|
if (
|
|
|
|
(req.query.filter === 'all-local' || req.query.filter === 'all') &&
|
|
|
|
(!user || user.hasRight(UserRight.SEE_ALL_VIDEOS) === false)
|
|
|
|
) {
|
2021-05-31 18:36:53 -05:00
|
|
|
res.fail({
|
|
|
|
status: HttpStatusCode.UNAUTHORIZED_401,
|
|
|
|
message: 'You are not allowed to see all local videos.'
|
|
|
|
})
|
2018-10-10 04:46:50 -05:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
return next()
|
|
|
|
}
|
|
|
|
]
|
|
|
|
|
2018-08-02 08:34:09 -05:00
|
|
|
// ---------------------------------------------------------------------------
|
|
|
|
|
|
|
|
export {
|
2021-05-10 04:13:41 -05:00
|
|
|
videosAddLegacyValidator,
|
|
|
|
videosAddResumableValidator,
|
|
|
|
videosAddResumableInitValidator,
|
|
|
|
|
2018-08-02 08:34:09 -05:00
|
|
|
videosUpdateValidator,
|
|
|
|
videosGetValidator,
|
2020-03-10 08:39:40 -05:00
|
|
|
videoFileMetadataGetValidator,
|
2019-12-03 03:41:23 -06:00
|
|
|
videosDownloadValidator,
|
2018-11-16 08:02:48 -06:00
|
|
|
checkVideoFollowConstraints,
|
2018-09-19 03:16:44 -05:00
|
|
|
videosCustomGetValidator,
|
2018-08-02 08:34:09 -05:00
|
|
|
videosRemoveValidator,
|
|
|
|
|
Users can change ownership of their video [#510] (#888)
* [#510] Create a new route to get the list of user names
To be able to transfer ownership to a user,
we need to be able to select him from the list of users.
Because the list could be too big, we add a autocomplete feature.
This commit does the following:
* Add a API endpoint to get a list of user names by searching its name
* [#510] The user can choose the next owner of the video
To be able to transfer ownership to a user,
we need the owner to be able to select the user.
The server can autocomplete the name of the user to give the ownership.
We add a dialog for the user to actually select it.
This commit does the following:
* Create a modal for the owner to select the next one
* Opens this modal with a button into the menu *more*
* Make the dependency injection
* [#510] When the user choose the next owner, create a request in database
For the change of ownership to happen, we need to store the temporary requests.
When the user make the request, save it to database.
This commit does the following:
* Create the model to persist change ownership requests
* Add an API to manage ownership operations
* Add a route to persist an ownership request
* [#510] A user can fetch its ownership requests sent to him
To be able to accept or refuse a change of ownership,
the user must be able to fetch them.
This commit does the following:
* Add an API to list ownership for a user
* Add the query to database model
* [#510] A user can validate an ownership requests sent to him - server
The user can accept or refuse any ownership request that was sent to him.
This commit focus only on the server part.
This commit does the following:
* Add an API for the user to accept or refuse a video ownership
* Add validators to ensure security access
* Add a query to load a specific video change ownership request
* [#510] A user can validate an ownership requests sent to him - web
The user can accept or refuse any ownership request that was sent to him.
This commit focus only on the web part.
This commit does the following:
* Add a page to list user ownership changes
* Add actions to accept or refuse them
* When accepting, show a modal requiring the channel to send the video
* Correct lint - to squash
* [#510] PR reviews - to squash
This commit does the following:
* Search parameter for user autocompletion is required from middleware directly
* [#510] PR reviews - to squash with creation in database commit
This commit does the following:
* Add the status attribute in model
* Set this attribute on instance creation
* Use AccountModel method `loadLocalByName`
* [#510] PR reviews - to squash with fetch ownership
This commit does the following:
* Add the scope `FULL` for database queries with includes
* Add classic pagination middlewares
* [#510] PR reviews - to squash with ownership validation - server
This commit does the following:
* Add a middleware to validate whether a user can validate an ownership
* Change the ownership status instead of deleting the row
* [#510] PR reviews - to squash with ownership validation - client
This commit does the following:
* Correct indentation of html files with two-spaces indentation
* Use event emitter instead of function for accept event
* Update the sort of ownership change table for a decreasing order by creation date
* Add the status in ownership change table
* Use classic method syntax
* code style - to squash
* Add new user right - to squash
* Move the change to my-account instead of video-watch - to squash
As requested in pull-request, move the action to change ownership into my videos page.
The rest of the logic was not really changed.
This commit does the following:
- Move the modal into my video page
- Create the generic component `button` to keep some styles and logic
* [#510] Add tests for the new feature
To avoid regression, we add tests for all api of ownership change.
This commit does the following:
- Create an end-to-end test for ownership change
- Divide it to one test per request
* [#510] Do not send twice the same request to avoid spam
We can send several time the same request to change ownership.
However, it will spam the user.
To avoid this, we do not save a request already existing in database.
This commit does the following:
- Check whether the request exist in database
- Add tests to verify this new condition
* [#510] Change icons
Change icons so they remains logic with the rest of the application.
This commit does the following:
- Add svg for missing icons
- Add icons in `my-button` component
- Use these new icons
* [#510] Add control about the user quota
The user should be able to accept a new video only if his quota allows it.
This commit does the following:
- Update the middleware to control the quota
- Add tests verifying the control
* Correct merge
- Use new modal system
- Move button to new directory `buttons`
* PR reviews - to squash
2018-09-04 01:57:13 -05:00
|
|
|
videosChangeOwnershipValidator,
|
|
|
|
videosTerminateChangeOwnershipValidator,
|
|
|
|
videosAcceptChangeOwnershipValidator,
|
|
|
|
|
2019-02-26 03:55:40 -06:00
|
|
|
getCommonVideoEditAttributes,
|
2018-10-10 04:46:50 -05:00
|
|
|
|
2020-03-11 08:39:28 -05:00
|
|
|
commonVideosFiltersValidator,
|
|
|
|
|
|
|
|
videosOverviewValidator
|
2018-08-02 08:34:09 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
// ---------------------------------------------------------------------------
|
|
|
|
|
|
|
|
function areErrorsInScheduleUpdate (req: express.Request, res: express.Response) {
|
|
|
|
if (req.body.scheduleUpdate) {
|
|
|
|
if (!req.body.scheduleUpdate.updateAt) {
|
2018-11-16 03:05:25 -06:00
|
|
|
logger.warn('Invalid parameters: scheduleUpdate.updateAt is mandatory.')
|
|
|
|
|
2021-05-31 18:36:53 -05:00
|
|
|
res.fail({ message: 'Schedule update at is mandatory.' })
|
2018-08-02 08:34:09 -05:00
|
|
|
return true
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return false
|
|
|
|
}
|
2019-07-18 07:28:37 -05:00
|
|
|
|
2021-05-10 04:13:41 -05:00
|
|
|
async function commonVideoChecksPass (parameters: {
|
|
|
|
req: express.Request
|
|
|
|
res: express.Response
|
|
|
|
user: MUserAccountId
|
|
|
|
videoFileSize: number
|
|
|
|
files: express.UploadFilesForCheck
|
|
|
|
}): Promise<boolean> {
|
|
|
|
const { req, res, user, videoFileSize, files } = parameters
|
|
|
|
|
|
|
|
if (areErrorsInScheduleUpdate(req, res)) return false
|
|
|
|
|
|
|
|
if (!await doesVideoChannelOfAccountExist(req.body.channelId, user, res)) return false
|
|
|
|
|
|
|
|
if (!isVideoFileMimeTypeValid(files)) {
|
2021-05-31 18:36:53 -05:00
|
|
|
res.fail({
|
|
|
|
status: HttpStatusCode.UNSUPPORTED_MEDIA_TYPE_415,
|
|
|
|
message: 'This file is not supported. Please, make sure it is of the following type: ' +
|
|
|
|
CONSTRAINTS_FIELDS.VIDEOS.EXTNAME.join(', ')
|
|
|
|
})
|
2021-05-10 04:13:41 -05:00
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!isVideoFileSizeValid(videoFileSize.toString())) {
|
2021-05-31 18:36:53 -05:00
|
|
|
res.fail({
|
|
|
|
status: HttpStatusCode.PAYLOAD_TOO_LARGE_413,
|
|
|
|
message: 'This file is too large. It exceeds the maximum file size authorized.'
|
|
|
|
})
|
2021-05-10 04:13:41 -05:00
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
|
|
|
if (await isAbleToUploadVideo(user.id, videoFileSize) === false) {
|
2021-05-31 18:36:53 -05:00
|
|
|
res.fail({
|
|
|
|
status: HttpStatusCode.PAYLOAD_TOO_LARGE_413,
|
|
|
|
message: 'The user video quota is exceeded with this video.'
|
|
|
|
})
|
2021-05-10 04:13:41 -05:00
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
|
|
|
|
export async function isVideoAccepted (
|
|
|
|
req: express.Request,
|
|
|
|
res: express.Response,
|
|
|
|
videoFile: express.VideoUploadFile
|
|
|
|
) {
|
2019-07-18 07:28:37 -05:00
|
|
|
// Check we accept this video
|
|
|
|
const acceptParameters = {
|
|
|
|
videoBody: req.body,
|
|
|
|
videoFile,
|
|
|
|
user: res.locals.oauth.token.User
|
|
|
|
}
|
2019-07-19 10:30:41 -05:00
|
|
|
const acceptedResult = await Hooks.wrapFun(
|
|
|
|
isLocalVideoAccepted,
|
|
|
|
acceptParameters,
|
2019-07-18 07:28:37 -05:00
|
|
|
'filter:api.video.upload.accept.result'
|
|
|
|
)
|
|
|
|
|
|
|
|
if (!acceptedResult || acceptedResult.accepted !== true) {
|
|
|
|
logger.info('Refused local video.', { acceptedResult, acceptParameters })
|
2021-05-31 18:36:53 -05:00
|
|
|
res.fail({
|
|
|
|
status: HttpStatusCode.FORBIDDEN_403,
|
|
|
|
message: acceptedResult.errorMessage || 'Refused local video'
|
|
|
|
})
|
2019-07-18 07:28:37 -05:00
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
|
|
|
return true
|
|
|
|
}
|
2021-05-10 04:13:41 -05:00
|
|
|
|
|
|
|
async function addDurationToVideo (videoFile: { path: string, duration?: number }) {
|
|
|
|
const duration: number = await getDurationFromVideoFile(videoFile.path)
|
|
|
|
|
|
|
|
if (isNaN(duration)) throw new Error(`Couldn't get video duration`)
|
|
|
|
|
|
|
|
videoFile.duration = duration
|
|
|
|
}
|