[github/Chocobozzz/PeerTube.git] / server / tests / api / videos / video-privacy.ts

/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */

import { expect } from 'chai'
import { wait } from '@shared/core-utils'
import { HttpStatusCode, VideoCreateResult, VideoPrivacy } from '@shared/models'
import { cleanupTests, createSingleServer, doubleFollow, PeerTubeServer, setAccessTokensToServers, waitJobs } from '@shared/server-commands'

describe('Test video privacy', function () {
  const servers: PeerTubeServer[] = []
  let anotherUserToken: string

  let privateVideoId: number
  let privateVideoUUID: string

  let internalVideoId: number
  let internalVideoUUID: string

  let unlistedVideo: VideoCreateResult
  let nonFederatedUnlistedVideoUUID: string

  let now: number

  const dontFederateUnlistedConfig = {
    federation: {
      videos: {
        federate_unlisted: false
      }
    }
  }

  before(async function () {
    this.timeout(50000)

    // Run servers
    servers.push(await createSingleServer(1, dontFederateUnlistedConfig))
    servers.push(await createSingleServer(2))

    // Get the access tokens
    await setAccessTokensToServers(servers)

    // Server 1 and server 2 follow each other
    await doubleFollow(servers[0], servers[1])
  })

  describe('Private and internal videos', function () {

    it('Should upload a private and internal videos on server 1', async function () {
      this.timeout(50000)

      for (const privacy of [ VideoPrivacy.PRIVATE, VideoPrivacy.INTERNAL ]) {
        const attributes = { privacy }
        await servers[0].videos.upload({ attributes })
      }

      await waitJobs(servers)
    })

    it('Should not have these private and internal videos on server 2', async function () {
      const { total, data } = await servers[1].videos.list()

      expect(total).to.equal(0)
      expect(data).to.have.lengthOf(0)
    })

    it('Should not list the private and internal videos for an unauthenticated user on server 1', async function () {
      const { total, data } = await servers[0].videos.list()

      expect(total).to.equal(0)
      expect(data).to.have.lengthOf(0)
    })

    it('Should not list the private video and list the internal video for an authenticated user on server 1', async function () {
      const { total, data } = await servers[0].videos.listWithToken()

      expect(total).to.equal(1)
      expect(data).to.have.lengthOf(1)

      expect(data[0].privacy.id).to.equal(VideoPrivacy.INTERNAL)
    })

    it('Should list my (private and internal) videos', async function () {
      const { total, data } = await servers[0].videos.listMyVideos()

      expect(total).to.equal(2)
      expect(data).to.have.lengthOf(2)

      const privateVideo = data.find(v => v.privacy.id === VideoPrivacy.PRIVATE)
      privateVideoId = privateVideo.id
      privateVideoUUID = privateVideo.uuid

      const internalVideo = data.find(v => v.privacy.id === VideoPrivacy.INTERNAL)
      internalVideoId = internalVideo.id
      internalVideoUUID = internalVideo.uuid
    })

    it('Should not be able to watch the private/internal video with non authenticated user', async function () {
      await servers[0].videos.get({ id: privateVideoUUID, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
      await servers[0].videos.get({ id: internalVideoUUID, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
    })

    it('Should not be able to watch the private video with another user', async function () {
      this.timeout(10000)

      const user = {
        username: 'hello',
        password: 'super password'
      }
      await servers[0].users.create({ username: user.username, password: user.password })

      anotherUserToken = await servers[0].login.getAccessToken(user)

      await servers[0].videos.getWithToken({
        token: anotherUserToken,
        id: privateVideoUUID,
        expectedStatus: HttpStatusCode.FORBIDDEN_403
      })
    })

    it('Should be able to watch the internal video with another user', async function () {
      await servers[0].videos.getWithToken({ token: anotherUserToken, id: internalVideoUUID })
    })

    it('Should be able to watch the private video with the correct user', async function () {
      await servers[0].videos.getWithToken({ id: privateVideoUUID })
    })
  })

  describe('Unlisted videos', function () {

    it('Should upload an unlisted video on server 2', async function () {
      this.timeout(120000)

      const attributes = {
        name: 'unlisted video',
        privacy: VideoPrivacy.UNLISTED
      }
      await servers[1].videos.upload({ attributes })

      // Server 2 has transcoding enabled
      await waitJobs(servers)
    })

    it('Should not have this unlisted video listed on server 1 and 2', async function () {
      for (const server of servers) {
        const { total, data } = await server.videos.list()

        expect(total).to.equal(0)
        expect(data).to.have.lengthOf(0)
      }
    })

    it('Should list my (unlisted) videos', async function () {
      const { total, data } = await servers[1].videos.listMyVideos()

      expect(total).to.equal(1)
      expect(data).to.have.lengthOf(1)

      unlistedVideo = data[0]
    })

    it('Should not be able to get this unlisted video using its id', async function () {
      await servers[1].videos.get({ id: unlistedVideo.id, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
    })

    it('Should be able to get this unlisted video using its uuid/shortUUID', async function () {
      for (const server of servers) {
        for (const id of [ unlistedVideo.uuid, unlistedVideo.shortUUID ]) {
          const video = await server.videos.get({ id })

          expect(video.name).to.equal('unlisted video')
        }
      }
    })

    it('Should upload a non-federating unlisted video to server 1', async function () {
      this.timeout(30000)

      const attributes = {
        name: 'unlisted video',
        privacy: VideoPrivacy.UNLISTED
      }
      await servers[0].videos.upload({ attributes })

      await waitJobs(servers)
    })

    it('Should list my new unlisted video', async function () {
      const { total, data } = await servers[0].videos.listMyVideos()

      expect(total).to.equal(3)
      expect(data).to.have.lengthOf(3)

      nonFederatedUnlistedVideoUUID = data[0].uuid
    })

    it('Should be able to get non-federated unlisted video from origin', async function () {
      const video = await servers[0].videos.get({ id: nonFederatedUnlistedVideoUUID })

      expect(video.name).to.equal('unlisted video')
    })

    it('Should not be able to get non-federated unlisted video from federated server', async function () {
      await servers[1].videos.get({ id: nonFederatedUnlistedVideoUUID, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
    })
  })

  describe('Privacy update', function () {

    it('Should update the private and internal videos to public on server 1', async function () {
      this.timeout(100000)

      now = Date.now()

      {
        const attributes = {
          name: 'private video becomes public',
          privacy: VideoPrivacy.PUBLIC
        }

        await servers[0].videos.update({ id: privateVideoId, attributes })
      }

      {
        const attributes = {
          name: 'internal video becomes public',
          privacy: VideoPrivacy.PUBLIC
        }
        await servers[0].videos.update({ id: internalVideoId, attributes })
      }

      await wait(10000)
      await waitJobs(servers)
    })

    it('Should have this new public video listed on server 1 and 2', async function () {
      for (const server of servers) {
        const { total, data } = await server.videos.list()
        expect(total).to.equal(2)
        expect(data).to.have.lengthOf(2)

        const privateVideo = data.find(v => v.name === 'private video becomes public')
        const internalVideo = data.find(v => v.name === 'internal video becomes public')

        expect(privateVideo).to.not.be.undefined
        expect(internalVideo).to.not.be.undefined

        expect(new Date(privateVideo.publishedAt).getTime()).to.be.at.least(now)
        // We don't change the publish date of internal videos
        expect(new Date(internalVideo.publishedAt).getTime()).to.be.below(now)

        expect(privateVideo.privacy.id).to.equal(VideoPrivacy.PUBLIC)
        expect(internalVideo.privacy.id).to.equal(VideoPrivacy.PUBLIC)
      }
    })

    it('Should set these videos as private and internal', async function () {
      this.timeout(10000)

      await servers[0].videos.update({ id: internalVideoId, attributes: { privacy: VideoPrivacy.PRIVATE } })
      await servers[0].videos.update({ id: privateVideoId, attributes: { privacy: VideoPrivacy.INTERNAL } })

      await waitJobs(servers)

      for (const server of servers) {
        const { total, data } = await server.videos.list()

        expect(total).to.equal(0)
        expect(data).to.have.lengthOf(0)
      }

      {
        const { total, data } = await servers[0].videos.listMyVideos()
        expect(total).to.equal(3)
        expect(data).to.have.lengthOf(3)

        const privateVideo = data.find(v => v.name === 'private video becomes public')
        const internalVideo = data.find(v => v.name === 'internal video becomes public')

        expect(privateVideo).to.not.be.undefined
        expect(internalVideo).to.not.be.undefined

        expect(privateVideo.privacy.id).to.equal(VideoPrivacy.INTERNAL)
        expect(internalVideo.privacy.id).to.equal(VideoPrivacy.PRIVATE)
      }
    })
  })

  after(async function () {
    await cleanupTests(servers)
  })
})
Commit	Line	Data
	1	/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
	2
	3	import { expect } from 'chai'
	4	import { wait } from '@shared/core-utils'
	5	import { HttpStatusCode, VideoCreateResult, VideoPrivacy } from '@shared/models'
	6	import { cleanupTests, createSingleServer, doubleFollow, PeerTubeServer, setAccessTokensToServers, waitJobs } from '@shared/server-commands'
	7
	8	describe('Test video privacy', function () {
	9	const servers: PeerTubeServer[] = []
	10	let anotherUserToken: string
	11
	12	let privateVideoId: number
	13	let privateVideoUUID: string
	14
	15	let internalVideoId: number
	16	let internalVideoUUID: string
	17
	18	let unlistedVideo: VideoCreateResult
	19	let nonFederatedUnlistedVideoUUID: string
	20
	21	let now: number
	22
	23	const dontFederateUnlistedConfig = {
	24	federation: {
	25	videos: {
	26	federate_unlisted: false
	27	}
	28	}
	29	}
	30
	31	before(async function () {
	32	this.timeout(50000)
	33
	34	// Run servers
	35	servers.push(await createSingleServer(1, dontFederateUnlistedConfig))
	36	servers.push(await createSingleServer(2))
	37
	38	// Get the access tokens
	39	await setAccessTokensToServers(servers)
	40
	41	// Server 1 and server 2 follow each other
	42	await doubleFollow(servers[0], servers[1])
	43	})
	44
	45	describe('Private and internal videos', function () {
	46
	47	it('Should upload a private and internal videos on server 1', async function () {
	48	this.timeout(50000)
	49
	50	for (const privacy of [ VideoPrivacy.PRIVATE, VideoPrivacy.INTERNAL ]) {
	51	const attributes = { privacy }
	52	await servers[0].videos.upload({ attributes })
	53	}
	54
	55	await waitJobs(servers)
	56	})
	57
	58	it('Should not have these private and internal videos on server 2', async function () {
	59	const { total, data } = await servers[1].videos.list()
	60
	61	expect(total).to.equal(0)
	62	expect(data).to.have.lengthOf(0)
	63	})
	64
	65	it('Should not list the private and internal videos for an unauthenticated user on server 1', async function () {
	66	const { total, data } = await servers[0].videos.list()
	67
	68	expect(total).to.equal(0)
	69	expect(data).to.have.lengthOf(0)
	70	})
	71
	72	it('Should not list the private video and list the internal video for an authenticated user on server 1', async function () {
	73	const { total, data } = await servers[0].videos.listWithToken()
	74
	75	expect(total).to.equal(1)
	76	expect(data).to.have.lengthOf(1)
	77
	78	expect(data[0].privacy.id).to.equal(VideoPrivacy.INTERNAL)
	79	})
	80
	81	it('Should list my (private and internal) videos', async function () {
	82	const { total, data } = await servers[0].videos.listMyVideos()
	83
	84	expect(total).to.equal(2)
	85	expect(data).to.have.lengthOf(2)
	86
	87	const privateVideo = data.find(v => v.privacy.id === VideoPrivacy.PRIVATE)
	88	privateVideoId = privateVideo.id
	89	privateVideoUUID = privateVideo.uuid
	90
	91	const internalVideo = data.find(v => v.privacy.id === VideoPrivacy.INTERNAL)
	92	internalVideoId = internalVideo.id
	93	internalVideoUUID = internalVideo.uuid
	94	})
	95
	96	it('Should not be able to watch the private/internal video with non authenticated user', async function () {
	97	await servers[0].videos.get({ id: privateVideoUUID, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
	98	await servers[0].videos.get({ id: internalVideoUUID, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
	99	})
	100
	101	it('Should not be able to watch the private video with another user', async function () {
	102	this.timeout(10000)
	103
	104	const user = {
	105	username: 'hello',
	106	password: 'super password'
	107	}
	108	await servers[0].users.create({ username: user.username, password: user.password })
	109
	110	anotherUserToken = await servers[0].login.getAccessToken(user)
	111
	112	await servers[0].videos.getWithToken({
	113	token: anotherUserToken,
	114	id: privateVideoUUID,
	115	expectedStatus: HttpStatusCode.FORBIDDEN_403
	116	})
	117	})
	118
	119	it('Should be able to watch the internal video with another user', async function () {
	120	await servers[0].videos.getWithToken({ token: anotherUserToken, id: internalVideoUUID })
	121	})
	122
	123	it('Should be able to watch the private video with the correct user', async function () {
	124	await servers[0].videos.getWithToken({ id: privateVideoUUID })
	125	})
	126	})
	127
	128	describe('Unlisted videos', function () {
	129
	130	it('Should upload an unlisted video on server 2', async function () {
	131	this.timeout(120000)
	132
	133	const attributes = {
	134	name: 'unlisted video',
	135	privacy: VideoPrivacy.UNLISTED
	136	}
	137	await servers[1].videos.upload({ attributes })
	138
	139	// Server 2 has transcoding enabled
	140	await waitJobs(servers)
	141	})
	142
	143	it('Should not have this unlisted video listed on server 1 and 2', async function () {
	144	for (const server of servers) {
	145	const { total, data } = await server.videos.list()
	146
	147	expect(total).to.equal(0)
	148	expect(data).to.have.lengthOf(0)
	149	}
	150	})
	151
	152	it('Should list my (unlisted) videos', async function () {
	153	const { total, data } = await servers[1].videos.listMyVideos()
	154
	155	expect(total).to.equal(1)
	156	expect(data).to.have.lengthOf(1)
	157
	158	unlistedVideo = data[0]
	159	})
	160
	161	it('Should not be able to get this unlisted video using its id', async function () {
	162	await servers[1].videos.get({ id: unlistedVideo.id, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
	163	})
	164
	165	it('Should be able to get this unlisted video using its uuid/shortUUID', async function () {
	166	for (const server of servers) {
	167	for (const id of [ unlistedVideo.uuid, unlistedVideo.shortUUID ]) {
	168	const video = await server.videos.get({ id })
	169
	170	expect(video.name).to.equal('unlisted video')
	171	}
	172	}
	173	})
	174
	175	it('Should upload a non-federating unlisted video to server 1', async function () {
	176	this.timeout(30000)
	177
	178	const attributes = {
	179	name: 'unlisted video',
	180	privacy: VideoPrivacy.UNLISTED
	181	}
	182	await servers[0].videos.upload({ attributes })
	183
	184	await waitJobs(servers)
	185	})
	186
	187	it('Should list my new unlisted video', async function () {
	188	const { total, data } = await servers[0].videos.listMyVideos()
	189
	190	expect(total).to.equal(3)
	191	expect(data).to.have.lengthOf(3)
	192
	193	nonFederatedUnlistedVideoUUID = data[0].uuid
	194	})
	195
	196	it('Should be able to get non-federated unlisted video from origin', async function () {
	197	const video = await servers[0].videos.get({ id: nonFederatedUnlistedVideoUUID })
	198
	199	expect(video.name).to.equal('unlisted video')
	200	})
	201
	202	it('Should not be able to get non-federated unlisted video from federated server', async function () {
	203	await servers[1].videos.get({ id: nonFederatedUnlistedVideoUUID, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
	204	})
	205	})
	206
	207	describe('Privacy update', function () {
	208
	209	it('Should update the private and internal videos to public on server 1', async function () {
	210	this.timeout(100000)
	211
	212	now = Date.now()
	213
	214	{
	215	const attributes = {
	216	name: 'private video becomes public',
	217	privacy: VideoPrivacy.PUBLIC
	218	}
	219
	220	await servers[0].videos.update({ id: privateVideoId, attributes })
	221	}
	222
	223	{
	224	const attributes = {
	225	name: 'internal video becomes public',
	226	privacy: VideoPrivacy.PUBLIC
	227	}
	228	await servers[0].videos.update({ id: internalVideoId, attributes })
	229	}
	230
	231	await wait(10000)
	232	await waitJobs(servers)
	233	})
	234
	235	it('Should have this new public video listed on server 1 and 2', async function () {
	236	for (const server of servers) {
	237	const { total, data } = await server.videos.list()
	238	expect(total).to.equal(2)
	239	expect(data).to.have.lengthOf(2)
	240
	241	const privateVideo = data.find(v => v.name === 'private video becomes public')
	242	const internalVideo = data.find(v => v.name === 'internal video becomes public')
	243
	244	expect(privateVideo).to.not.be.undefined
	245	expect(internalVideo).to.not.be.undefined
	246
	247	expect(new Date(privateVideo.publishedAt).getTime()).to.be.at.least(now)
	248	// We don't change the publish date of internal videos
	249	expect(new Date(internalVideo.publishedAt).getTime()).to.be.below(now)
	250
	251	expect(privateVideo.privacy.id).to.equal(VideoPrivacy.PUBLIC)
	252	expect(internalVideo.privacy.id).to.equal(VideoPrivacy.PUBLIC)
	253	}
	254	})
	255
	256	it('Should set these videos as private and internal', async function () {
	257	this.timeout(10000)
	258
	259	await servers[0].videos.update({ id: internalVideoId, attributes: { privacy: VideoPrivacy.PRIVATE } })
	260	await servers[0].videos.update({ id: privateVideoId, attributes: { privacy: VideoPrivacy.INTERNAL } })
	261
	262	await waitJobs(servers)
	263
	264	for (const server of servers) {
	265	const { total, data } = await server.videos.list()
	266
	267	expect(total).to.equal(0)
	268	expect(data).to.have.lengthOf(0)
	269	}
	270
	271	{
	272	const { total, data } = await servers[0].videos.listMyVideos()
	273	expect(total).to.equal(3)
	274	expect(data).to.have.lengthOf(3)
	275
	276	const privateVideo = data.find(v => v.name === 'private video becomes public')
	277	const internalVideo = data.find(v => v.name === 'internal video becomes public')
	278
	279	expect(privateVideo).to.not.be.undefined
	280	expect(internalVideo).to.not.be.undefined
	281
	282	expect(privateVideo.privacy.id).to.equal(VideoPrivacy.INTERNAL)
	283	expect(internalVideo.privacy.id).to.equal(VideoPrivacy.PRIVATE)
	284	}
	285	})
	286	})
	287
	288	after(async function () {
	289	await cleanupTests(servers)
	290	})
	291	})