[github/Chocobozzz/PeerTube.git] / server / tests / api / videos / video-privacy.ts

/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */

import { expect } from 'chai'
import { wait } from '@shared/core-utils'
import { HttpStatusCode, VideoCreateResult, VideoPrivacy } from '@shared/models'
import { cleanupTests, createSingleServer, doubleFollow, PeerTubeServer, setAccessTokensToServers, waitJobs } from '@shared/server-commands'

describe('Test video privacy', function () {
  const servers: PeerTubeServer[] = []
  let anotherUserToken: string

  let privateVideoId: number
  let privateVideoUUID: string

  let internalVideoId: number
  let internalVideoUUID: string

  let unlistedVideo: VideoCreateResult
  let nonFederatedUnlistedVideoUUID: string

  let now: number

  const dontFederateUnlistedConfig = {
    federation: {
      videos: {
        federate_unlisted: false
      }
    }
  }

  before(async function () {
    this.timeout(50000)

    // Run servers
    servers.push(await createSingleServer(1, dontFederateUnlistedConfig))
    servers.push(await createSingleServer(2))

    // Get the access tokens
    await setAccessTokensToServers(servers)

    // Server 1 and server 2 follow each other
    await doubleFollow(servers[0], servers[1])
  })

  describe('Private and internal videos', function () {

    it('Should upload a private and internal videos on server 1', async function () {
      this.timeout(50000)

      for (const privacy of [ VideoPrivacy.PRIVATE, VideoPrivacy.INTERNAL ]) {
        const attributes = { privacy }
        await servers[0].videos.upload({ attributes })
      }

      await waitJobs(servers)
    })

    it('Should not have these private and internal videos on server 2', async function () {
      const { total, data } = await servers[1].videos.list()

      expect(total).to.equal(0)
      expect(data).to.have.lengthOf(0)
    })

    it('Should not list the private and internal videos for an unauthenticated user on server 1', async function () {
      const { total, data } = await servers[0].videos.list()

      expect(total).to.equal(0)
      expect(data).to.have.lengthOf(0)
    })

    it('Should not list the private video and list the internal video for an authenticated user on server 1', async function () {
      const { total, data } = await servers[0].videos.listWithToken()

      expect(total).to.equal(1)
      expect(data).to.have.lengthOf(1)

      expect(data[0].privacy.id).to.equal(VideoPrivacy.INTERNAL)
    })

    it('Should list my (private and internal) videos', async function () {
      const { total, data } = await servers[0].videos.listMyVideos()

      expect(total).to.equal(2)
      expect(data).to.have.lengthOf(2)

      const privateVideo = data.find(v => v.privacy.id === VideoPrivacy.PRIVATE)
      privateVideoId = privateVideo.id
      privateVideoUUID = privateVideo.uuid

      const internalVideo = data.find(v => v.privacy.id === VideoPrivacy.INTERNAL)
      internalVideoId = internalVideo.id
      internalVideoUUID = internalVideo.uuid
    })

    it('Should not be able to watch the private/internal video with non authenticated user', async function () {
      await servers[0].videos.get({ id: privateVideoUUID, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
      await servers[0].videos.get({ id: internalVideoUUID, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
    })

    it('Should not be able to watch the private video with another user', async function () {
      const user = {
        username: 'hello',
        password: 'super password'
      }
      await servers[0].users.create({ username: user.username, password: user.password })

      anotherUserToken = await servers[0].login.getAccessToken(user)

      await servers[0].videos.getWithToken({
        token: anotherUserToken,
        id: privateVideoUUID,
        expectedStatus: HttpStatusCode.FORBIDDEN_403
      })
    })

    it('Should be able to watch the internal video with another user', async function () {
      await servers[0].videos.getWithToken({ token: anotherUserToken, id: internalVideoUUID })
    })

    it('Should be able to watch the private video with the correct user', async function () {
      await servers[0].videos.getWithToken({ id: privateVideoUUID })
    })
  })

  describe('Unlisted videos', function () {

    it('Should upload an unlisted video on server 2', async function () {
      this.timeout(120000)

      const attributes = {
        name: 'unlisted video',
        privacy: VideoPrivacy.UNLISTED
      }
      await servers[1].videos.upload({ attributes })

      // Server 2 has transcoding enabled
      await waitJobs(servers)
    })

    it('Should not have this unlisted video listed on server 1 and 2', async function () {
      for (const server of servers) {
        const { total, data } = await server.videos.list()

        expect(total).to.equal(0)
        expect(data).to.have.lengthOf(0)
      }
    })

    it('Should list my (unlisted) videos', async function () {
      const { total, data } = await servers[1].videos.listMyVideos()

      expect(total).to.equal(1)
      expect(data).to.have.lengthOf(1)

      unlistedVideo = data[0]
    })

    it('Should not be able to get this unlisted video using its id', async function () {
      await servers[1].videos.get({ id: unlistedVideo.id, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
    })

    it('Should be able to get this unlisted video using its uuid/shortUUID', async function () {
      for (const server of servers) {
        for (const id of [ unlistedVideo.uuid, unlistedVideo.shortUUID ]) {
          const video = await server.videos.get({ id })

          expect(video.name).to.equal('unlisted video')
        }
      }
    })

    it('Should upload a non-federating unlisted video to server 1', async function () {
      this.timeout(30000)

      const attributes = {
        name: 'unlisted video',
        privacy: VideoPrivacy.UNLISTED
      }
      await servers[0].videos.upload({ attributes })

      await waitJobs(servers)
    })

    it('Should list my new unlisted video', async function () {
      const { total, data } = await servers[0].videos.listMyVideos()

      expect(total).to.equal(3)
      expect(data).to.have.lengthOf(3)

      nonFederatedUnlistedVideoUUID = data[0].uuid
    })

    it('Should be able to get non-federated unlisted video from origin', async function () {
      const video = await servers[0].videos.get({ id: nonFederatedUnlistedVideoUUID })

      expect(video.name).to.equal('unlisted video')
    })

    it('Should not be able to get non-federated unlisted video from federated server', async function () {
      await servers[1].videos.get({ id: nonFederatedUnlistedVideoUUID, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
    })
  })

  describe('Privacy update', function () {

    it('Should update the private and internal videos to public on server 1', async function () {
      this.timeout(100000)

      now = Date.now()

      {
        const attributes = {
          name: 'private video becomes public',
          privacy: VideoPrivacy.PUBLIC
        }

        await servers[0].videos.update({ id: privateVideoId, attributes })
      }

      {
        const attributes = {
          name: 'internal video becomes public',
          privacy: VideoPrivacy.PUBLIC
        }
        await servers[0].videos.update({ id: internalVideoId, attributes })
      }

      await wait(10000)
      await waitJobs(servers)
    })

    it('Should have this new public video listed on server 1 and 2', async function () {
      for (const server of servers) {
        const { total, data } = await server.videos.list()
        expect(total).to.equal(2)
        expect(data).to.have.lengthOf(2)

        const privateVideo = data.find(v => v.name === 'private video becomes public')
        const internalVideo = data.find(v => v.name === 'internal video becomes public')

        expect(privateVideo).to.not.be.undefined
        expect(internalVideo).to.not.be.undefined

        expect(new Date(privateVideo.publishedAt).getTime()).to.be.at.least(now)
        // We don't change the publish date of internal videos
        expect(new Date(internalVideo.publishedAt).getTime()).to.be.below(now)

        expect(privateVideo.privacy.id).to.equal(VideoPrivacy.PUBLIC)
        expect(internalVideo.privacy.id).to.equal(VideoPrivacy.PUBLIC)
      }
    })

    it('Should set these videos as private and internal', async function () {
      await servers[0].videos.update({ id: internalVideoId, attributes: { privacy: VideoPrivacy.PRIVATE } })
      await servers[0].videos.update({ id: privateVideoId, attributes: { privacy: VideoPrivacy.INTERNAL } })

      await waitJobs(servers)

      for (const server of servers) {
        const { total, data } = await server.videos.list()

        expect(total).to.equal(0)
        expect(data).to.have.lengthOf(0)
      }

      {
        const { total, data } = await servers[0].videos.listMyVideos()
        expect(total).to.equal(3)
        expect(data).to.have.lengthOf(3)

        const privateVideo = data.find(v => v.name === 'private video becomes public')
        const internalVideo = data.find(v => v.name === 'internal video becomes public')

        expect(privateVideo).to.not.be.undefined
        expect(internalVideo).to.not.be.undefined

        expect(privateVideo.privacy.id).to.equal(VideoPrivacy.INTERNAL)
        expect(internalVideo.privacy.id).to.equal(VideoPrivacy.PRIVATE)
      }
    })
  })

  after(async function () {
    await cleanupTests(servers)
  })
})
Commit	Line	Data
	1	/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
	2
	3	import { expect } from 'chai'
	4	import { wait } from '@shared/core-utils'
	5	import { HttpStatusCode, VideoCreateResult, VideoPrivacy } from '@shared/models'
	6	import { cleanupTests, createSingleServer, doubleFollow, PeerTubeServer, setAccessTokensToServers, waitJobs } from '@shared/server-commands'
	7
	8	describe('Test video privacy', function () {
	9	const servers: PeerTubeServer[] = []
	10	let anotherUserToken: string
	11
	12	let privateVideoId: number
	13	let privateVideoUUID: string
	14
	15	let internalVideoId: number
	16	let internalVideoUUID: string
	17
	18	let unlistedVideo: VideoCreateResult
	19	let nonFederatedUnlistedVideoUUID: string
	20
	21	let now: number
	22
	23	const dontFederateUnlistedConfig = {
	24	federation: {
	25	videos: {
	26	federate_unlisted: false
	27	}
	28	}
	29	}
	30
	31	before(async function () {
	32	this.timeout(50000)
	33
	34	// Run servers
	35	servers.push(await createSingleServer(1, dontFederateUnlistedConfig))
	36	servers.push(await createSingleServer(2))
	37
	38	// Get the access tokens
	39	await setAccessTokensToServers(servers)
	40
	41	// Server 1 and server 2 follow each other
	42	await doubleFollow(servers[0], servers[1])
	43	})
	44
	45	describe('Private and internal videos', function () {
	46
	47	it('Should upload a private and internal videos on server 1', async function () {
	48	this.timeout(50000)
	49
	50	for (const privacy of [ VideoPrivacy.PRIVATE, VideoPrivacy.INTERNAL ]) {
	51	const attributes = { privacy }
	52	await servers[0].videos.upload({ attributes })
	53	}
	54
	55	await waitJobs(servers)
	56	})
	57
	58	it('Should not have these private and internal videos on server 2', async function () {
	59	const { total, data } = await servers[1].videos.list()
	60
	61	expect(total).to.equal(0)
	62	expect(data).to.have.lengthOf(0)
	63	})
	64
	65	it('Should not list the private and internal videos for an unauthenticated user on server 1', async function () {
	66	const { total, data } = await servers[0].videos.list()
	67
	68	expect(total).to.equal(0)
	69	expect(data).to.have.lengthOf(0)
	70	})
	71
	72	it('Should not list the private video and list the internal video for an authenticated user on server 1', async function () {
	73	const { total, data } = await servers[0].videos.listWithToken()
	74
	75	expect(total).to.equal(1)
	76	expect(data).to.have.lengthOf(1)
	77
	78	expect(data[0].privacy.id).to.equal(VideoPrivacy.INTERNAL)
	79	})
	80
	81	it('Should list my (private and internal) videos', async function () {
	82	const { total, data } = await servers[0].videos.listMyVideos()
	83
	84	expect(total).to.equal(2)
	85	expect(data).to.have.lengthOf(2)
	86
	87	const privateVideo = data.find(v => v.privacy.id === VideoPrivacy.PRIVATE)
	88	privateVideoId = privateVideo.id
	89	privateVideoUUID = privateVideo.uuid
	90
	91	const internalVideo = data.find(v => v.privacy.id === VideoPrivacy.INTERNAL)
	92	internalVideoId = internalVideo.id
	93	internalVideoUUID = internalVideo.uuid
	94	})
	95
	96	it('Should not be able to watch the private/internal video with non authenticated user', async function () {
	97	await servers[0].videos.get({ id: privateVideoUUID, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
	98	await servers[0].videos.get({ id: internalVideoUUID, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
	99	})
	100
	101	it('Should not be able to watch the private video with another user', async function () {
	102	const user = {
	103	username: 'hello',
	104	password: 'super password'
	105	}
	106	await servers[0].users.create({ username: user.username, password: user.password })
	107
	108	anotherUserToken = await servers[0].login.getAccessToken(user)
	109
	110	await servers[0].videos.getWithToken({
	111	token: anotherUserToken,
	112	id: privateVideoUUID,
	113	expectedStatus: HttpStatusCode.FORBIDDEN_403
	114	})
	115	})
	116
	117	it('Should be able to watch the internal video with another user', async function () {
	118	await servers[0].videos.getWithToken({ token: anotherUserToken, id: internalVideoUUID })
	119	})
	120
	121	it('Should be able to watch the private video with the correct user', async function () {
	122	await servers[0].videos.getWithToken({ id: privateVideoUUID })
	123	})
	124	})
	125
	126	describe('Unlisted videos', function () {
	127
	128	it('Should upload an unlisted video on server 2', async function () {
	129	this.timeout(120000)
	130
	131	const attributes = {
	132	name: 'unlisted video',
	133	privacy: VideoPrivacy.UNLISTED
	134	}
	135	await servers[1].videos.upload({ attributes })
	136
	137	// Server 2 has transcoding enabled
	138	await waitJobs(servers)
	139	})
	140
	141	it('Should not have this unlisted video listed on server 1 and 2', async function () {
	142	for (const server of servers) {
	143	const { total, data } = await server.videos.list()
	144
	145	expect(total).to.equal(0)
	146	expect(data).to.have.lengthOf(0)
	147	}
	148	})
	149
	150	it('Should list my (unlisted) videos', async function () {
	151	const { total, data } = await servers[1].videos.listMyVideos()
	152
	153	expect(total).to.equal(1)
	154	expect(data).to.have.lengthOf(1)
	155
	156	unlistedVideo = data[0]
	157	})
	158
	159	it('Should not be able to get this unlisted video using its id', async function () {
	160	await servers[1].videos.get({ id: unlistedVideo.id, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
	161	})
	162
	163	it('Should be able to get this unlisted video using its uuid/shortUUID', async function () {
	164	for (const server of servers) {
	165	for (const id of [ unlistedVideo.uuid, unlistedVideo.shortUUID ]) {
	166	const video = await server.videos.get({ id })
	167
	168	expect(video.name).to.equal('unlisted video')
	169	}
	170	}
	171	})
	172
	173	it('Should upload a non-federating unlisted video to server 1', async function () {
	174	this.timeout(30000)
	175
	176	const attributes = {
	177	name: 'unlisted video',
	178	privacy: VideoPrivacy.UNLISTED
	179	}
	180	await servers[0].videos.upload({ attributes })
	181
	182	await waitJobs(servers)
	183	})
	184
	185	it('Should list my new unlisted video', async function () {
	186	const { total, data } = await servers[0].videos.listMyVideos()
	187
	188	expect(total).to.equal(3)
	189	expect(data).to.have.lengthOf(3)
	190
	191	nonFederatedUnlistedVideoUUID = data[0].uuid
	192	})
	193
	194	it('Should be able to get non-federated unlisted video from origin', async function () {
	195	const video = await servers[0].videos.get({ id: nonFederatedUnlistedVideoUUID })
	196
	197	expect(video.name).to.equal('unlisted video')
	198	})
	199
	200	it('Should not be able to get non-federated unlisted video from federated server', async function () {
	201	await servers[1].videos.get({ id: nonFederatedUnlistedVideoUUID, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
	202	})
	203	})
	204
	205	describe('Privacy update', function () {
	206
	207	it('Should update the private and internal videos to public on server 1', async function () {
	208	this.timeout(100000)
	209
	210	now = Date.now()
	211
	212	{
	213	const attributes = {
	214	name: 'private video becomes public',
	215	privacy: VideoPrivacy.PUBLIC
	216	}
	217
	218	await servers[0].videos.update({ id: privateVideoId, attributes })
	219	}
	220
	221	{
	222	const attributes = {
	223	name: 'internal video becomes public',
	224	privacy: VideoPrivacy.PUBLIC
	225	}
	226	await servers[0].videos.update({ id: internalVideoId, attributes })
	227	}
	228
	229	await wait(10000)
	230	await waitJobs(servers)
	231	})
	232
	233	it('Should have this new public video listed on server 1 and 2', async function () {
	234	for (const server of servers) {
	235	const { total, data } = await server.videos.list()
	236	expect(total).to.equal(2)
	237	expect(data).to.have.lengthOf(2)
	238
	239	const privateVideo = data.find(v => v.name === 'private video becomes public')
	240	const internalVideo = data.find(v => v.name === 'internal video becomes public')
	241
	242	expect(privateVideo).to.not.be.undefined
	243	expect(internalVideo).to.not.be.undefined
	244
	245	expect(new Date(privateVideo.publishedAt).getTime()).to.be.at.least(now)
	246	// We don't change the publish date of internal videos
	247	expect(new Date(internalVideo.publishedAt).getTime()).to.be.below(now)
	248
	249	expect(privateVideo.privacy.id).to.equal(VideoPrivacy.PUBLIC)
	250	expect(internalVideo.privacy.id).to.equal(VideoPrivacy.PUBLIC)
	251	}
	252	})
	253
	254	it('Should set these videos as private and internal', async function () {
	255	await servers[0].videos.update({ id: internalVideoId, attributes: { privacy: VideoPrivacy.PRIVATE } })
	256	await servers[0].videos.update({ id: privateVideoId, attributes: { privacy: VideoPrivacy.INTERNAL } })
	257
	258	await waitJobs(servers)
	259
	260	for (const server of servers) {
	261	const { total, data } = await server.videos.list()
	262
	263	expect(total).to.equal(0)
	264	expect(data).to.have.lengthOf(0)
	265	}
	266
	267	{
	268	const { total, data } = await servers[0].videos.listMyVideos()
	269	expect(total).to.equal(3)
	270	expect(data).to.have.lengthOf(3)
	271
	272	const privateVideo = data.find(v => v.name === 'private video becomes public')
	273	const internalVideo = data.find(v => v.name === 'internal video becomes public')
	274
	275	expect(privateVideo).to.not.be.undefined
	276	expect(internalVideo).to.not.be.undefined
	277
	278	expect(privateVideo.privacy.id).to.equal(VideoPrivacy.INTERNAL)
	279	expect(internalVideo.privacy.id).to.equal(VideoPrivacy.PRIVATE)
	280	}
	281	})
	282	})
	283
	284	after(async function () {
	285	await cleanupTests(servers)
	286	})
	287	})