rigelk
/
PeerTube
mirror of https://github.com/Chocobozzz/PeerTube
1
0
Fork 0
Code Releases 107 Activity
Federated video streaming platform using ActivityPub and P2P in the web browser with Angular. https://joinpeertube.org/
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8752 Commits
3 Branches
2.8 GiB
 
 
 
 
 
 
Tree: f8360396ff
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'f8360396ff'
${ noResults }
PeerTube/server/middlewares/validators/videos/videos.ts

687 lines
23 KiB
Raw Blame History 

  1. import express from 'express'

  2. import { body, header, param, query, ValidationChain } from 'express-validator'

  3. import { isTestInstance } from '@server/helpers/core-utils'

  4. import { getResumableUploadPath } from '@server/helpers/upload'

  5. import { Redis } from '@server/lib/redis'

  6. import { isAbleToUploadVideo } from '@server/lib/user'

  7. import { getServerActor } from '@server/models/application/application'

  8. import { ExpressPromiseHandler } from '@server/types/express-handler'

  9. import { MUserAccountId, MVideoFullLight } from '@server/types/models'

  10. import { getAllPrivacies } from '@shared/core-utils'

  11. import { HttpStatusCode, ServerErrorCode, UserRight, VideoInclude, VideoPrivacy } from '@shared/models'

  12. import {

  13.   exists,

  14.   isBooleanValid,

  15.   isDateValid,

  16.   isFileFieldValid,

  17.   isIdValid,

  18.   isUUIDValid,

  19.   toArray,

  20.   toBooleanOrNull,

  21.   toIntOrNull,

  22.   toValueOrNull

  23. } from '../../../helpers/custom-validators/misc'

  24. import { isBooleanBothQueryValid, isNumberArray, isStringArray } from '../../../helpers/custom-validators/search'

  25. import {

  26.   isScheduleVideoUpdatePrivacyValid,

  27.   isVideoCategoryValid,

  28.   isVideoDescriptionValid,

  29.   isVideoFileMimeTypeValid,

  30.   isVideoFileSizeValid,

  31.   isVideoFilterValid,

  32.   isVideoImage,

  33.   isVideoIncludeValid,

  34.   isVideoLanguageValid,

  35.   isVideoLicenceValid,

  36.   isVideoNameValid,

  37.   isVideoOriginallyPublishedAtValid,

  38.   isVideoPrivacyValid,

  39.   isVideoSupportValid,

  40.   isVideoTagsValid

  41. } from '../../../helpers/custom-validators/videos'

  42. import { cleanUpReqFiles } from '../../../helpers/express-utils'

  43. import { getDurationFromVideoFile } from '../../../helpers/ffprobe-utils'

  44. import { logger } from '../../../helpers/logger'

  45. import { deleteFileAndCatch } from '../../../helpers/utils'

  46. import { getVideoWithAttributes } from '../../../helpers/video'

  47. import { CONFIG } from '../../../initializers/config'

  48. import { CONSTRAINTS_FIELDS, OVERVIEWS } from '../../../initializers/constants'

  49. import { isLocalVideoAccepted } from '../../../lib/moderation'

  50. import { Hooks } from '../../../lib/plugins/hooks'

  51. import { VideoModel } from '../../../models/video/video'

  52. import { authenticatePromiseIfNeeded } from '../../auth'

  53. import {

  54.   areValidationErrors,

  55.   checkUserCanManageVideo,

  56.   doesVideoChannelOfAccountExist,

  57.   doesVideoExist,

  58.   doesVideoFileOfVideoExist,

  59.   isValidVideoIdParam

  60. } from '../shared'

  61. 

  62. const videosAddLegacyValidator = getCommonVideoEditAttributes().concat([

  63.   body('videofile')

  64.     .custom((value, { req }) => isFileFieldValid(req.files, 'videofile'))

  65.     .withMessage('Should have a file'),

  66.   body('name')

  67.     .trim()

  68.     .custom(isVideoNameValid).withMessage(

  69.       `Should have a video name between ${CONSTRAINTS_FIELDS.VIDEOS.NAME.min} and ${CONSTRAINTS_FIELDS.VIDEOS.NAME.max} characters long`

  70.     ),

  71.   body('channelId')

  72.     .customSanitizer(toIntOrNull)

  73.     .custom(isIdValid).withMessage('Should have correct video channel id'),

  74. 

  75.   async (req: express.Request, res: express.Response, next: express.NextFunction) => {

  76.     logger.debug('Checking videosAdd parameters', { parameters: req.body, files: req.files })

  77. 

  78.     if (areValidationErrors(req, res)) return cleanUpReqFiles(req)

  79. 

  80.     const videoFile: express.VideoUploadFile = req.files['videofile'][0]

  81.     const user = res.locals.oauth.token.User

  82. 

  83.     if (!await commonVideoChecksPass({ req, res, user, videoFileSize: videoFile.size, files: req.files })) {

  84.       return cleanUpReqFiles(req)

  85.     }

  86. 

  87.     try {

  88.       if (!videoFile.duration) await addDurationToVideo(videoFile)

  89.     } catch (err) {

  90.       logger.error('Invalid input file in videosAddLegacyValidator.', { err })

  91. 

  92.       res.fail({

  93.         status: HttpStatusCode.UNPROCESSABLE_ENTITY_422,

  94.         message: 'Video file unreadable.'

  95.       })

  96.       return cleanUpReqFiles(req)

  97.     }

  98. 

  99.     if (!await isVideoAccepted(req, res, videoFile)) return cleanUpReqFiles(req)

  100. 

  101.     return next()

  102.   }

  103. ])

  104. 

  105. const videosResumableUploadIdValidator = [

  106.   (req: express.Request, res: express.Response, next: express.NextFunction) => {

  107.     const user = res.locals.oauth.token.User

  108.     const uploadId = req.query.upload_id

  109. 

  110.     if (uploadId.startsWith(user.id + '-') !== true) {

  111.       return res.fail({

  112.         status: HttpStatusCode.FORBIDDEN_403,

  113.         message: 'You cannot send chunks in another user upload'

  114.       })

  115.     }

  116. 

  117.     return next()

  118.   }

  119. ]

  120. 

  121. /**

  122.  * Gets called after the last PUT request

  123.  */

  124. const videosAddResumableValidator = [

  125.   async (req: express.Request, res: express.Response, next: express.NextFunction) => {

  126.     const user = res.locals.oauth.token.User

  127.     const body: express.CustomUploadXFile<express.UploadXFileMetadata> = req.body

  128.     const file = { ...body, duration: undefined, path: getResumableUploadPath(body.name), filename: body.metadata.filename }

  129.     const cleanup = () => deleteFileAndCatch(file.path)

  130. 

  131.     const uploadId = req.query.upload_id

  132.     const sessionExists = await Redis.Instance.doesUploadSessionExist(uploadId)

  133. 

  134.     if (sessionExists) {

  135.       const sessionResponse = await Redis.Instance.getUploadSession(uploadId)

  136. 

  137.       if (!sessionResponse) {

  138.         res.setHeader('Retry-After', 300) // ask to retry after 5 min, knowing the upload_id is kept for up to 15 min after completion

  139. 

  140.         return res.fail({

  141.           status: HttpStatusCode.SERVICE_UNAVAILABLE_503,

  142.           message: 'The upload is already being processed'

  143.         })

  144.       }

  145. 

  146.       if (isTestInstance()) {

  147.         res.setHeader('x-resumable-upload-cached', 'true')

  148.       }

  149. 

  150.       return res.json(sessionResponse)

  151.     }

  152. 

  153.     await Redis.Instance.setUploadSession(uploadId)

  154. 

  155.     if (!await doesVideoChannelOfAccountExist(file.metadata.channelId, user, res)) return cleanup()

  156. 

  157.     try {

  158.       if (!file.duration) await addDurationToVideo(file)

  159.     } catch (err) {

  160.       logger.error('Invalid input file in videosAddResumableValidator.', { err })

  161. 

  162.       res.fail({

  163.         status: HttpStatusCode.UNPROCESSABLE_ENTITY_422,

  164.         message: 'Video file unreadable.'

  165.       })

  166.       return cleanup()

  167.     }

  168. 

  169.     if (!await isVideoAccepted(req, res, file)) return cleanup()

  170. 

  171.     res.locals.videoFileResumable = file

  172. 

  173.     return next()

  174.   }

  175. ]

  176. 

  177. /**

  178.  * File is created in POST initialisation, and its body is saved as a 'metadata' field is saved by uploadx for later use.

  179.  * see https://github.com/kukhariev/node-uploadx/blob/dc9fb4a8ac5a6f481902588e93062f591ec6ef03/packages/core/src/handlers/uploadx.ts

  180.  *

  181.  * Uploadx doesn't use next() until the upload completes, so this middleware has to be placed before uploadx

  182.  * see https://github.com/kukhariev/node-uploadx/blob/dc9fb4a8ac5a6f481902588e93062f591ec6ef03/packages/core/src/handlers/base-handler.ts

  183.  *

  184.  */

  185. const videosAddResumableInitValidator = getCommonVideoEditAttributes().concat([

  186.   body('filename')

  187.     .isString()

  188.     .exists()

  189.     .withMessage('Should have a valid filename'),

  190.   body('name')

  191.     .trim()

  192.     .custom(isVideoNameValid).withMessage(

  193.       `Should have a video name between ${CONSTRAINTS_FIELDS.VIDEOS.NAME.min} and ${CONSTRAINTS_FIELDS.VIDEOS.NAME.max} characters long`

  194.     ),

  195.   body('channelId')

  196.     .customSanitizer(toIntOrNull)

  197.     .custom(isIdValid).withMessage('Should have correct video channel id'),

  198. 

  199.   header('x-upload-content-length')

  200.     .isNumeric()

  201.     .exists()

  202.     .withMessage('Should specify the file length'),

  203.   header('x-upload-content-type')

  204.     .isString()

  205.     .exists()

  206.     .withMessage('Should specify the file mimetype'),

  207. 

  208.   async (req: express.Request, res: express.Response, next: express.NextFunction) => {

  209.     const videoFileMetadata = {

  210.       mimetype: req.headers['x-upload-content-type'] as string,

  211.       size: +req.headers['x-upload-content-length'],

  212.       originalname: req.body.filename

  213.     }

  214. 

  215.     const user = res.locals.oauth.token.User

  216.     const cleanup = () => cleanUpReqFiles(req)

  217. 

  218.     logger.debug('Checking videosAddResumableInitValidator parameters and headers', {

  219.       parameters: req.body,

  220.       headers: req.headers,

  221.       files: req.files

  222.     })

  223. 

  224.     if (areValidationErrors(req, res)) return cleanup()

  225. 

  226.     const files = { videofile: [ videoFileMetadata ] }

  227.     if (!await commonVideoChecksPass({ req, res, user, videoFileSize: videoFileMetadata.size, files })) return cleanup()

  228. 

  229.     // multer required unsetting the Content-Type, now we can set it for node-uploadx

  230.     req.headers['content-type'] = 'application/json; charset=utf-8'

  231.     // place previewfile in metadata so that uploadx saves it in .META

  232.     if (req.files?.['previewfile']) req.body.previewfile = req.files['previewfile']

  233. 

  234.     return next()

  235.   }

  236. ])

  237. 

  238. const videosUpdateValidator = getCommonVideoEditAttributes().concat([

  239.   isValidVideoIdParam('id'),

  240. 

  241.   body('name')

  242.     .optional()

  243.     .trim()

  244.     .custom(isVideoNameValid).withMessage(

  245.       `Should have a video name between ${CONSTRAINTS_FIELDS.VIDEOS.NAME.min} and ${CONSTRAINTS_FIELDS.VIDEOS.NAME.max} characters long`

  246.     ),

  247.   body('channelId')

  248.     .optional()

  249.     .customSanitizer(toIntOrNull)

  250.     .custom(isIdValid).withMessage('Should have correct video channel id'),

  251. 

  252.   async (req: express.Request, res: express.Response, next: express.NextFunction) => {

  253.     logger.debug('Checking videosUpdate parameters', { parameters: req.body })

  254. 

  255.     if (areValidationErrors(req, res)) return cleanUpReqFiles(req)

  256.     if (areErrorsInScheduleUpdate(req, res)) return cleanUpReqFiles(req)

  257.     if (!await doesVideoExist(req.params.id, res)) return cleanUpReqFiles(req)

  258. 

  259.     // Check if the user who did the request is able to update the video

  260.     const user = res.locals.oauth.token.User

  261.     if (!checkUserCanManageVideo(user, res.locals.videoAll, UserRight.UPDATE_ANY_VIDEO, res)) return cleanUpReqFiles(req)

  262. 

  263.     if (req.body.channelId && !await doesVideoChannelOfAccountExist(req.body.channelId, user, res)) return cleanUpReqFiles(req)

  264. 

  265.     return next()

  266.   }

  267. ])

  268. 

  269. async function checkVideoFollowConstraints (req: express.Request, res: express.Response, next: express.NextFunction) {

  270.   const video = getVideoWithAttributes(res)

  271. 

  272.   // Anybody can watch local videos

  273.   if (video.isOwned() === true) return next()

  274. 

  275.   // Logged user

  276.   if (res.locals.oauth) {

  277.     // Users can search or watch remote videos

  278.     if (CONFIG.SEARCH.REMOTE_URI.USERS === true) return next()

  279.   }

  280. 

  281.   // Anybody can search or watch remote videos

  282.   if (CONFIG.SEARCH.REMOTE_URI.ANONYMOUS === true) return next()

  283. 

  284.   // Check our instance follows an actor that shared this video

  285.   const serverActor = await getServerActor()

  286.   if (await VideoModel.checkVideoHasInstanceFollow(video.id, serverActor.id) === true) return next()

  287. 

  288.   return res.fail({

  289.     status: HttpStatusCode.FORBIDDEN_403,

  290.     message: 'Cannot get this video regarding follow constraints',

  291.     type: ServerErrorCode.DOES_NOT_RESPECT_FOLLOW_CONSTRAINTS,

  292.     data: {

  293.       originUrl: video.url

  294.     }

  295.   })

  296. }

  297. 

  298. const videosCustomGetValidator = (

  299.   fetchType: 'for-api' | 'all' | 'only-video' | 'only-immutable-attributes',

  300.   authenticateInQuery = false

  301. ) => {

  302.   return [

  303.     isValidVideoIdParam('id'),

  304. 

  305.     async (req: express.Request, res: express.Response, next: express.NextFunction) => {

  306.       logger.debug('Checking videosGet parameters', { parameters: req.params })

  307. 

  308.       if (areValidationErrors(req, res)) return

  309.       if (!await doesVideoExist(req.params.id, res, fetchType)) return

  310. 

  311.       // Controllers does not need to check video rights

  312.       if (fetchType === 'only-immutable-attributes') return next()

  313. 

  314.       const video = getVideoWithAttributes(res) as MVideoFullLight

  315. 

  316.       // Video private or blacklisted

  317.       if (video.requiresAuth()) {

  318.         await authenticatePromiseIfNeeded(req, res, authenticateInQuery)

  319. 

  320.         const user = res.locals.oauth ? res.locals.oauth.token.User : null

  321. 

  322.         // Only the owner or a user that have blocklist rights can see the video

  323.         if (!user || !user.canGetVideo(video)) {

  324.           return res.fail({

  325.             status: HttpStatusCode.FORBIDDEN_403,

  326.             message: 'Cannot get this private/internal or blocklisted video'

  327.           })

  328.         }

  329. 

  330.         return next()

  331.       }

  332. 

  333.       // Video is public, anyone can access it

  334.       if (video.privacy === VideoPrivacy.PUBLIC) return next()

  335. 

  336.       // Video is unlisted, check we used the uuid to fetch it

  337.       if (video.privacy === VideoPrivacy.UNLISTED) {

  338.         if (isUUIDValid(req.params.id)) return next()

  339. 

  340.         // Don't leak this unlisted video

  341.         return res.fail({

  342.           status: HttpStatusCode.NOT_FOUND_404,

  343.           message: 'Video not found'

  344.         })

  345.       }

  346.     }

  347.   ]

  348. }

  349. 

  350. const videosGetValidator = videosCustomGetValidator('all')

  351. const videosDownloadValidator = videosCustomGetValidator('all', true)

  352. 

  353. const videoFileMetadataGetValidator = getCommonVideoEditAttributes().concat([

  354.   isValidVideoIdParam('id'),

  355. 

  356.   param('videoFileId')

  357.     .custom(isIdValid).not().isEmpty().withMessage('Should have a valid videoFileId'),

  358. 

  359.   async (req: express.Request, res: express.Response, next: express.NextFunction) => {

  360.     logger.debug('Checking videoFileMetadataGet parameters', { parameters: req.params })

  361. 

  362.     if (areValidationErrors(req, res)) return

  363.     if (!await doesVideoFileOfVideoExist(+req.params.videoFileId, req.params.id, res)) return

  364. 

  365.     return next()

  366.   }

  367. ])

  368. 

  369. const videosRemoveValidator = [

  370.   isValidVideoIdParam('id'),

  371. 

  372.   async (req: express.Request, res: express.Response, next: express.NextFunction) => {

  373.     logger.debug('Checking videosRemove parameters', { parameters: req.params })

  374. 

  375.     if (areValidationErrors(req, res)) return

  376.     if (!await doesVideoExist(req.params.id, res)) return

  377. 

  378.     // Check if the user who did the request is able to delete the video

  379.     if (!checkUserCanManageVideo(res.locals.oauth.token.User, res.locals.videoAll, UserRight.REMOVE_ANY_VIDEO, res)) return

  380. 

  381.     return next()

  382.   }

  383. ]

  384. 

  385. const videosOverviewValidator = [

  386.   query('page')

  387.     .optional()

  388.     .isInt({ min: 1, max: OVERVIEWS.VIDEOS.SAMPLES_COUNT })

  389.     .withMessage('Should have a valid pagination'),

  390. 

  391.   (req: express.Request, res: express.Response, next: express.NextFunction) => {

  392.     if (areValidationErrors(req, res)) return

  393. 

  394.     return next()

  395.   }

  396. ]

  397. 

  398. function getCommonVideoEditAttributes () {

  399.   return [

  400.     body('thumbnailfile')

  401.       .custom((value, { req }) => isVideoImage(req.files, 'thumbnailfile')).withMessage(

  402.         'This thumbnail file is not supported or too large. Please, make sure it is of the following type: ' +

  403.         CONSTRAINTS_FIELDS.VIDEOS.IMAGE.EXTNAME.join(', ')

  404.       ),

  405.     body('previewfile')

  406.       .custom((value, { req }) => isVideoImage(req.files, 'previewfile')).withMessage(

  407.         'This preview file is not supported or too large. Please, make sure it is of the following type: ' +

  408.         CONSTRAINTS_FIELDS.VIDEOS.IMAGE.EXTNAME.join(', ')

  409.       ),

  410. 

  411.     body('category')

  412.       .optional()

  413.       .customSanitizer(toIntOrNull)

  414.       .custom(isVideoCategoryValid).withMessage('Should have a valid category'),

  415.     body('licence')

  416.       .optional()

  417.       .customSanitizer(toIntOrNull)

  418.       .custom(isVideoLicenceValid).withMessage('Should have a valid licence'),

  419.     body('language')

  420.       .optional()

  421.       .customSanitizer(toValueOrNull)

  422.       .custom(isVideoLanguageValid).withMessage('Should have a valid language'),

  423.     body('nsfw')

  424.       .optional()

  425.       .customSanitizer(toBooleanOrNull)

  426.       .custom(isBooleanValid).withMessage('Should have a valid NSFW attribute'),

  427.     body('waitTranscoding')

  428.       .optional()

  429.       .customSanitizer(toBooleanOrNull)

  430.       .custom(isBooleanValid).withMessage('Should have a valid wait transcoding attribute'),

  431.     body('privacy')

  432.       .optional()

  433.       .customSanitizer(toValueOrNull)

  434.       .custom(isVideoPrivacyValid).withMessage('Should have correct video privacy'),

  435.     body('description')

  436.       .optional()

  437.       .customSanitizer(toValueOrNull)

  438.       .custom(isVideoDescriptionValid).withMessage('Should have a valid description'),

  439.     body('support')

  440.       .optional()

  441.       .customSanitizer(toValueOrNull)

  442.       .custom(isVideoSupportValid).withMessage('Should have a valid support text'),

  443.     body('tags')

  444.       .optional()

  445.       .customSanitizer(toValueOrNull)

  446.       .custom(isVideoTagsValid)

  447.       .withMessage(

  448.         `Should have an array of up to ${CONSTRAINTS_FIELDS.VIDEOS.TAGS.max} tags between ` +

  449.         `${CONSTRAINTS_FIELDS.VIDEOS.TAG.min} and ${CONSTRAINTS_FIELDS.VIDEOS.TAG.max} characters each`

  450.       ),

  451.     body('commentsEnabled')

  452.       .optional()

  453.       .customSanitizer(toBooleanOrNull)

  454.       .custom(isBooleanValid).withMessage('Should have comments enabled boolean'),

  455.     body('downloadEnabled')

  456.       .optional()

  457.       .customSanitizer(toBooleanOrNull)

  458.       .custom(isBooleanValid).withMessage('Should have downloading enabled boolean'),

  459.     body('originallyPublishedAt')

  460.       .optional()

  461.       .customSanitizer(toValueOrNull)

  462.       .custom(isVideoOriginallyPublishedAtValid).withMessage('Should have a valid original publication date'),

  463.     body('scheduleUpdate')

  464.       .optional()

  465.       .customSanitizer(toValueOrNull),

  466.     body('scheduleUpdate.updateAt')

  467.       .optional()

  468.       .custom(isDateValid).withMessage('Should have a schedule update date that conforms to ISO 8601'),

  469.     body('scheduleUpdate.privacy')

  470.       .optional()

  471.       .customSanitizer(toIntOrNull)

  472.       .custom(isScheduleVideoUpdatePrivacyValid).withMessage('Should have correct schedule update privacy')

  473.   ] as (ValidationChain | ExpressPromiseHandler)[]

  474. }

  475. 

  476. const commonVideosFiltersValidator = [

  477.   query('categoryOneOf')

  478.     .optional()

  479.     .customSanitizer(toArray)

  480.     .custom(isNumberArray).withMessage('Should have a valid one of category array'),

  481.   query('licenceOneOf')

  482.     .optional()

  483.     .customSanitizer(toArray)

  484.     .custom(isNumberArray).withMessage('Should have a valid one of licence array'),

  485.   query('languageOneOf')

  486.     .optional()

  487.     .customSanitizer(toArray)

  488.     .custom(isStringArray).withMessage('Should have a valid one of language array'),

  489.   query('privacyOneOf')

  490.     .optional()

  491.     .customSanitizer(toArray)

  492.     .custom(isNumberArray).withMessage('Should have a valid one of privacy array'),

  493.   query('tagsOneOf')

  494.     .optional()

  495.     .customSanitizer(toArray)

  496.     .custom(isStringArray).withMessage('Should have a valid one of tags array'),

  497.   query('tagsAllOf')

  498.     .optional()

  499.     .customSanitizer(toArray)

  500.     .custom(isStringArray).withMessage('Should have a valid all of tags array'),

  501.   query('nsfw')

  502.     .optional()

  503.     .custom(isBooleanBothQueryValid).withMessage('Should have a valid NSFW attribute'),

  504.   query('isLive')

  505.     .optional()

  506.     .customSanitizer(toBooleanOrNull)

  507.     .custom(isBooleanValid).withMessage('Should have a valid live boolean'),

  508.   query('filter')

  509.     .optional()

  510.     .custom(isVideoFilterValid).withMessage('Should have a valid filter attribute'),

  511.   query('include')

  512.     .optional()

  513.     .custom(isVideoIncludeValid).withMessage('Should have a valid include attribute'),

  514.   query('isLocal')

  515.     .optional()

  516.     .customSanitizer(toBooleanOrNull)

  517.     .custom(isBooleanValid).withMessage('Should have a valid local boolean'),

  518.   query('hasHLSFiles')

  519.     .optional()

  520.     .customSanitizer(toBooleanOrNull)

  521.     .custom(isBooleanValid).withMessage('Should have a valid has hls boolean'),

  522.   query('hasWebtorrentFiles')

  523.     .optional()

  524.     .customSanitizer(toBooleanOrNull)

  525.     .custom(isBooleanValid).withMessage('Should have a valid has webtorrent boolean'),

  526.   query('skipCount')

  527.     .optional()

  528.     .customSanitizer(toBooleanOrNull)

  529.     .custom(isBooleanValid).withMessage('Should have a valid skip count boolean'),

  530.   query('search')

  531.     .optional()

  532.     .custom(exists).withMessage('Should have a valid search'),

  533. 

  534.   (req: express.Request, res: express.Response, next: express.NextFunction) => {

  535.     logger.debug('Checking commons video filters query', { parameters: req.query })

  536. 

  537.     if (areValidationErrors(req, res)) return

  538. 

  539.     // FIXME: deprecated in 4.0, to remove

  540.     {

  541.       if (req.query.filter === 'all-local') {

  542.         req.query.include = VideoInclude.NOT_PUBLISHED_STATE

  543.         req.query.isLocal = true

  544.         req.query.privacyOneOf = getAllPrivacies()

  545.       } else if (req.query.filter === 'all') {

  546.         req.query.include = VideoInclude.NOT_PUBLISHED_STATE

  547.         req.query.privacyOneOf = getAllPrivacies()

  548.       } else if (req.query.filter === 'local') {

  549.         req.query.isLocal = true

  550.       }

  551. 

  552.       req.query.filter = undefined

  553.     }

  554. 

  555.     const user = res.locals.oauth?.token.User

  556. 

  557.     if ((!user || user.hasRight(UserRight.SEE_ALL_VIDEOS) !== true)) {

  558.       if (req.query.include || req.query.privacyOneOf) {

  559.         return res.fail({

  560.           status: HttpStatusCode.UNAUTHORIZED_401,

  561.           message: 'You are not allowed to see all videos.'

  562.         })

  563.       }

  564.     }

  565. 

  566.     return next()

  567.   }

  568. ]

  569. 

  570. // ---------------------------------------------------------------------------

  571. 

  572. export {

  573.   videosAddLegacyValidator,

  574.   videosAddResumableValidator,

  575.   videosAddResumableInitValidator,

  576.   videosResumableUploadIdValidator,

  577. 

  578.   videosUpdateValidator,

  579.   videosGetValidator,

  580.   videoFileMetadataGetValidator,

  581.   videosDownloadValidator,

  582.   checkVideoFollowConstraints,

  583.   videosCustomGetValidator,

  584.   videosRemoveValidator,

  585. 

  586.   getCommonVideoEditAttributes,

  587. 

  588.   commonVideosFiltersValidator,

  589. 

  590.   videosOverviewValidator

  591. }

  592. 

  593. // ---------------------------------------------------------------------------

  594. 

  595. function areErrorsInScheduleUpdate (req: express.Request, res: express.Response) {

  596.   if (req.body.scheduleUpdate) {

  597.     if (!req.body.scheduleUpdate.updateAt) {

  598.       logger.warn('Invalid parameters: scheduleUpdate.updateAt is mandatory.')

  599. 

  600.       res.fail({ message: 'Schedule update at is mandatory.' })

  601.       return true

  602.     }

  603.   }

  604. 

  605.   return false

  606. }

  607. 

  608. async function commonVideoChecksPass (parameters: {

  609.   req: express.Request

  610.   res: express.Response

  611.   user: MUserAccountId

  612.   videoFileSize: number

  613.   files: express.UploadFilesForCheck

  614. }): Promise<boolean> {

  615.   const { req, res, user, videoFileSize, files } = parameters

  616. 

  617.   if (areErrorsInScheduleUpdate(req, res)) return false

  618. 

  619.   if (!await doesVideoChannelOfAccountExist(req.body.channelId, user, res)) return false

  620. 

  621.   if (!isVideoFileMimeTypeValid(files)) {

  622.     res.fail({

  623.       status: HttpStatusCode.UNSUPPORTED_MEDIA_TYPE_415,

  624.       message: 'This file is not supported. Please, make sure it is of the following type: ' +

  625.                CONSTRAINTS_FIELDS.VIDEOS.EXTNAME.join(', ')

  626.     })

  627.     return false

  628.   }

  629. 

  630.   if (!isVideoFileSizeValid(videoFileSize.toString())) {

  631.     res.fail({

  632.       status: HttpStatusCode.PAYLOAD_TOO_LARGE_413,

  633.       message: 'This file is too large. It exceeds the maximum file size authorized.',

  634.       type: ServerErrorCode.MAX_FILE_SIZE_REACHED

  635.     })

  636.     return false

  637.   }

  638. 

  639.   if (await isAbleToUploadVideo(user.id, videoFileSize) === false) {

  640.     res.fail({

  641.       status: HttpStatusCode.PAYLOAD_TOO_LARGE_413,

  642.       message: 'The user video quota is exceeded with this video.',

  643.       type: ServerErrorCode.QUOTA_REACHED

  644.     })

  645.     return false

  646.   }

  647. 

  648.   return true

  649. }

  650. 

  651. export async function isVideoAccepted (

  652.   req: express.Request,

  653.   res: express.Response,

  654.   videoFile: express.VideoUploadFile

  655. ) {

  656.   // Check we accept this video

  657.   const acceptParameters = {

  658.     videoBody: req.body,

  659.     videoFile,

  660.     user: res.locals.oauth.token.User

  661.   }

  662.   const acceptedResult = await Hooks.wrapFun(

  663.     isLocalVideoAccepted,

  664.     acceptParameters,

  665.     'filter:api.video.upload.accept.result'

  666.   )

  667. 

  668.   if (!acceptedResult || acceptedResult.accepted !== true) {

  669.     logger.info('Refused local video.', { acceptedResult, acceptParameters })

  670.     res.fail({

  671.       status: HttpStatusCode.FORBIDDEN_403,

  672.       message: acceptedResult.errorMessage || 'Refused local video'

  673.     })

  674.     return false

  675.   }

  676. 

  677.   return true

  678. }

  679. 

  680. async function addDurationToVideo (videoFile: { path: string, duration?: number }) {

  681.   const duration: number = await getDurationFromVideoFile(videoFile.path)

  682. 

  683.   if (isNaN(duration)) throw new Error(`Couldn't get video duration`)

  684. 

  685.   videoFile.duration = duration

  686. }