import * as express from 'express' import { body, param } from 'express-validator' import { UserRight } from '../../../../shared' import { isIdOrUUIDValid, isIdValid } from '../../../helpers/custom-validators/misc' import { isValidVideoCommentText } from '../../../helpers/custom-validators/video-comments' import { logger } from '../../../helpers/logger' import { UserModel } from '../../../models/account/user' import { VideoModel } from '../../../models/video/video' import { VideoCommentModel } from '../../../models/video/video-comment' import { areValidationErrors } from '../utils' import { Hooks } from '../../../lib/plugins/hooks' import { isLocalVideoThreadAccepted, isLocalVideoCommentReplyAccepted, AcceptResult } from '../../../lib/moderation' import { doesVideoExist } from '../../../helpers/middlewares' const listVideoCommentThreadsValidator = [ param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'), async (req: express.Request, res: express.Response, next: express.NextFunction) => { logger.debug('Checking listVideoCommentThreads parameters.', { parameters: req.params }) if (areValidationErrors(req, res)) return if (!await doesVideoExist(req.params.videoId, res, 'only-video')) return return next() } ] const listVideoThreadCommentsValidator = [ param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'), param('threadId').custom(isIdValid).not().isEmpty().withMessage('Should have a valid threadId'), async (req: express.Request, res: express.Response, next: express.NextFunction) => { logger.debug('Checking listVideoThreadComments parameters.', { parameters: req.params }) if (areValidationErrors(req, res)) return if (!await doesVideoExist(req.params.videoId, res, 'only-video')) return if (!await doesVideoCommentThreadExist(req.params.threadId, res.locals.video, res)) return return next() } ] const addVideoCommentThreadValidator = [ param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'), body('text').custom(isValidVideoCommentText).not().isEmpty().withMessage('Should have a valid comment text'), async (req: express.Request, res: express.Response, next: express.NextFunction) => { logger.debug('Checking addVideoCommentThread parameters.', { parameters: req.params, body: req.body }) if (areValidationErrors(req, res)) return if (!await doesVideoExist(req.params.videoId, res)) return if (!isVideoCommentsEnabled(res.locals.video, res)) return if (!await isVideoCommentAccepted(req, res, false)) return return next() } ] const addVideoCommentReplyValidator = [ param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'), param('commentId').custom(isIdValid).not().isEmpty().withMessage('Should have a valid commentId'), body('text').custom(isValidVideoCommentText).not().isEmpty().withMessage('Should have a valid comment text'), async (req: express.Request, res: express.Response, next: express.NextFunction) => { logger.debug('Checking addVideoCommentReply parameters.', { parameters: req.params, body: req.body }) if (areValidationErrors(req, res)) return if (!await doesVideoExist(req.params.videoId, res)) return if (!isVideoCommentsEnabled(res.locals.video, res)) return if (!await doesVideoCommentExist(req.params.commentId, res.locals.video, res)) return if (!await isVideoCommentAccepted(req, res, true)) return return next() } ] const videoCommentGetValidator = [ param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'), param('commentId').custom(isIdValid).not().isEmpty().withMessage('Should have a valid commentId'), async (req: express.Request, res: express.Response, next: express.NextFunction) => { logger.debug('Checking videoCommentGetValidator parameters.', { parameters: req.params }) if (areValidationErrors(req, res)) return if (!await doesVideoExist(req.params.videoId, res, 'id')) return if (!await doesVideoCommentExist(req.params.commentId, res.locals.video, res)) return return next() } ] const removeVideoCommentValidator = [ param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'), param('commentId').custom(isIdValid).not().isEmpty().withMessage('Should have a valid commentId'), async (req: express.Request, res: express.Response, next: express.NextFunction) => { logger.debug('Checking removeVideoCommentValidator parameters.', { parameters: req.params }) if (areValidationErrors(req, res)) return if (!await doesVideoExist(req.params.videoId, res)) return if (!await doesVideoCommentExist(req.params.commentId, res.locals.video, res)) return // Check if the user who did the request is able to delete the video if (!checkUserCanDeleteVideoComment(res.locals.oauth.token.User, res.locals.videoComment, res)) return return next() } ] // --------------------------------------------------------------------------- export { listVideoCommentThreadsValidator, listVideoThreadCommentsValidator, addVideoCommentThreadValidator, addVideoCommentReplyValidator, videoCommentGetValidator, removeVideoCommentValidator } // --------------------------------------------------------------------------- async function doesVideoCommentThreadExist (id: number, video: VideoModel, res: express.Response) { const videoComment = await VideoCommentModel.loadById(id) if (!videoComment) { res.status(404) .json({ error: 'Video comment thread not found' }) .end() return false } if (videoComment.videoId !== video.id) { res.status(400) .json({ error: 'Video comment is associated to this video.' }) .end() return false } if (videoComment.inReplyToCommentId !== null) { res.status(400) .json({ error: 'Video comment is not a thread.' }) .end() return false } res.locals.videoCommentThread = videoComment return true } async function doesVideoCommentExist (id: number, video: VideoModel, res: express.Response) { const videoComment = await VideoCommentModel.loadByIdAndPopulateVideoAndAccountAndReply(id) if (!videoComment) { res.status(404) .json({ error: 'Video comment thread not found' }) .end() return false } if (videoComment.videoId !== video.id) { res.status(400) .json({ error: 'Video comment is associated to this video.' }) .end() return false } res.locals.videoComment = videoComment return true } function isVideoCommentsEnabled (video: VideoModel, res: express.Response) { if (video.commentsEnabled !== true) { res.status(409) .json({ error: 'Video comments are disabled for this video.' }) .end() return false } return true } function checkUserCanDeleteVideoComment (user: UserModel, videoComment: VideoCommentModel, res: express.Response) { const account = videoComment.Account if (user.hasRight(UserRight.REMOVE_ANY_VIDEO_COMMENT) === false && account.userId !== user.id) { res.status(403) .json({ error: 'Cannot remove video comment of another user' }) .end() return false } return true } async function isVideoCommentAccepted (req: express.Request, res: express.Response, isReply: boolean) { const acceptParameters = { video: res.locals.video, commentBody: req.body, user: res.locals.oauth.token.User } let acceptedResult: AcceptResult if (isReply) { const acceptReplyParameters = Object.assign(acceptParameters, { parentComment: res.locals.videoComment }) acceptedResult = await Hooks.wrapFun( isLocalVideoCommentReplyAccepted, acceptReplyParameters, 'filter:api.video-comment-reply.create.accept.result' ) } else { acceptedResult = await Hooks.wrapFun( isLocalVideoThreadAccepted, acceptParameters, 'filter:api.video-thread.create.accept.result' ) } if (!acceptedResult || acceptedResult.accepted !== true) { logger.info('Refused local comment.', { acceptedResult, acceptParameters }) res.status(403) .json({ error: acceptedResult.errorMessage || 'Refused local comment' }) return false } return true }