]> git.immae.eu Git - github/Chocobozzz/PeerTube.git/blob - server/tests/api/check-params/video-imports.ts
projects / github / Chocobozzz / PeerTube.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Prevent video import on non unicast ips
[github/Chocobozzz/PeerTube.git] / server / tests / api / check-params / video-imports.ts
1 /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
2
3 import 'mocha'
4 import { omit } from 'lodash'
5 import {
6 buildAbsoluteFixturePath,
7 checkBadCountPagination,
8 checkBadSortPagination,
9 checkBadStartPagination,
10 cleanupTests,
11 createSingleServer,
12 FIXTURE_URLS,
13 makeGetRequest,
14 makePostBodyRequest,
15 makeUploadRequest,
16 PeerTubeServer,
17 setAccessTokensToServers
18 } from '@shared/extra-utils'
19 import { HttpStatusCode, VideoPrivacy } from '@shared/models'
20
21 describe('Test video imports API validator', function () {
22 const path = '/api/v1/videos/imports'
23 let server: PeerTubeServer
24 let userAccessToken = ''
25 let channelId: number
26
27 // ---------------------------------------------------------------
28
29 before(async function () {
30 this.timeout(30000)
31
32 server = await createSingleServer(1)
33
34 await setAccessTokensToServers([ server ])
35
36 const username = 'user1'
37 const password = 'my super password'
38 await server.users.create({ username: username, password: password })
39 userAccessToken = await server.login.getAccessToken({ username, password })
40
41 {
42 const { videoChannels } = await server.users.getMyInfo()
43 channelId = videoChannels[0].id
44 }
45 })
46
47 describe('When listing my video imports', function () {
48 const myPath = '/api/v1/users/me/videos/imports'
49
50 it('Should fail with a bad start pagination', async function () {
51 await checkBadStartPagination(server.url, myPath, server.accessToken)
52 })
53
54 it('Should fail with a bad count pagination', async function () {
55 await checkBadCountPagination(server.url, myPath, server.accessToken)
56 })
57
58 it('Should fail with an incorrect sort', async function () {
59 await checkBadSortPagination(server.url, myPath, server.accessToken)
60 })
61
62 it('Should success with the correct parameters', async function () {
63 await makeGetRequest({ url: server.url, path: myPath, expectedStatus: HttpStatusCode.OK_200, token: server.accessToken })
64 })
65 })
66
67 describe('When adding a video import', function () {
68 let baseCorrectParams
69
70 before(function () {
71 baseCorrectParams = {
72 targetUrl: FIXTURE_URLS.goodVideo,
73 name: 'my super name',
74 category: 5,
75 licence: 1,
76 language: 'pt',
77 nsfw: false,
78 commentsEnabled: true,
79 downloadEnabled: true,
80 waitTranscoding: true,
81 description: 'my super description',
82 support: 'my super support text',
83 tags: [ 'tag1', 'tag2' ],
84 privacy: VideoPrivacy.PUBLIC,
85 channelId
86 }
87 })
88
89 it('Should fail with nothing', async function () {
90 const fields = {}
91 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
92 })
93
94 it('Should fail without a target url', async function () {
95 const fields = omit(baseCorrectParams, 'targetUrl')
96 await makePostBodyRequest({
97 url: server.url,
98 path,
99 token: server.accessToken,
100 fields,
101 expectedStatus: HttpStatusCode.BAD_REQUEST_400
102 })
103 })
104
105 it('Should fail with a bad target url', async function () {
106 const fields = { ...baseCorrectParams, targetUrl: 'htt://hello' }
107
108 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
109 })
110
111 it('Should fail with localhost', async function () {
112 const fields = { ...baseCorrectParams, targetUrl: 'http://localhost:8000' }
113
114 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
115 })
116
117 it('Should fail with a private IP target urls', async function () {
118 const targetUrls = [
119 'http://127.0.0.1:8000',
120 'http://127.0.0.1',
121 'http://127.0.0.1/hello',
122 'https://192.168.1.42',
123 'http://192.168.1.42'
124 ]
125
126 for (const targetUrl of targetUrls) {
127 const fields = { ...baseCorrectParams, targetUrl }
128
129 await makePostBodyRequest({
130 url: server.url,
131 path,
132 token: server.accessToken,
133 fields,
134 expectedStatus: HttpStatusCode.FORBIDDEN_403
135 })
136 }
137 })
138
139 it('Should fail with a long name', async function () {
140 const fields = { ...baseCorrectParams, name: 'super'.repeat(65) }
141
142 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
143 })
144
145 it('Should fail with a bad category', async function () {
146 const fields = { ...baseCorrectParams, category: 125 }
147
148 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
149 })
150
151 it('Should fail with a bad licence', async function () {
152 const fields = { ...baseCorrectParams, licence: 125 }
153
154 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
155 })
156
157 it('Should fail with a bad language', async function () {
158 const fields = { ...baseCorrectParams, language: 'a'.repeat(15) }
159
160 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
161 })
162
163 it('Should fail with a long description', async function () {
164 const fields = { ...baseCorrectParams, description: 'super'.repeat(2500) }
165
166 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
167 })
168
169 it('Should fail with a long support text', async function () {
170 const fields = { ...baseCorrectParams, support: 'super'.repeat(201) }
171
172 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
173 })
174
175 it('Should fail without a channel', async function () {
176 const fields = omit(baseCorrectParams, 'channelId')
177
178 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
179 })
180
181 it('Should fail with a bad channel', async function () {
182 const fields = { ...baseCorrectParams, channelId: 545454 }
183
184 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
185 })
186
187 it('Should fail with another user channel', async function () {
188 const user = {
189 username: 'fake',
190 password: 'fake_password'
191 }
192 await server.users.create({ username: user.username, password: user.password })
193
194 const accessTokenUser = await server.login.getAccessToken(user)
195 const { videoChannels } = await server.users.getMyInfo({ token: accessTokenUser })
196 const customChannelId = videoChannels[0].id
197
198 const fields = { ...baseCorrectParams, channelId: customChannelId }
199
200 await makePostBodyRequest({ url: server.url, path, token: userAccessToken, fields })
201 })
202
203 it('Should fail with too many tags', async function () {
204 const fields = { ...baseCorrectParams, tags: [ 'tag1', 'tag2', 'tag3', 'tag4', 'tag5', 'tag6' ] }
205
206 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
207 })
208
209 it('Should fail with a tag length too low', async function () {
210 const fields = { ...baseCorrectParams, tags: [ 'tag1', 't' ] }
211
212 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
213 })
214
215 it('Should fail with a tag length too big', async function () {
216 const fields = { ...baseCorrectParams, tags: [ 'tag1', 'my_super_tag_too_long_long_long_long_long_long' ] }
217
218 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
219 })
220
221 it('Should fail with an incorrect thumbnail file', async function () {
222 const fields = baseCorrectParams
223 const attaches = {
224 thumbnailfile: buildAbsoluteFixturePath('video_short.mp4')
225 }
226
227 await makeUploadRequest({ url: server.url, path, token: server.accessToken, fields, attaches })
228 })
229
230 it('Should fail with a big thumbnail file', async function () {
231 const fields = baseCorrectParams
232 const attaches = {
233 thumbnailfile: buildAbsoluteFixturePath('preview-big.png')
234 }
235
236 await makeUploadRequest({ url: server.url, path, token: server.accessToken, fields, attaches })
237 })
238
239 it('Should fail with an incorrect preview file', async function () {
240 const fields = baseCorrectParams
241 const attaches = {
242 previewfile: buildAbsoluteFixturePath('video_short.mp4')
243 }
244
245 await makeUploadRequest({ url: server.url, path, token: server.accessToken, fields, attaches })
246 })
247
248 it('Should fail with a big preview file', async function () {
249 const fields = baseCorrectParams
250 const attaches = {
251 previewfile: buildAbsoluteFixturePath('preview-big.png')
252 }
253
254 await makeUploadRequest({ url: server.url, path, token: server.accessToken, fields, attaches })
255 })
256
257 it('Should fail with an invalid torrent file', async function () {
258 const fields = omit(baseCorrectParams, 'targetUrl')
259 const attaches = {
260 torrentfile: buildAbsoluteFixturePath('avatar-big.png')
261 }
262
263 await makeUploadRequest({ url: server.url, path, token: server.accessToken, fields, attaches })
264 })
265
266 it('Should fail with an invalid magnet URI', async function () {
267 let fields = omit(baseCorrectParams, 'targetUrl')
268 fields = { ...fields, magnetUri: 'blabla' }
269
270 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
271 })
272
273 it('Should succeed with the correct parameters', async function () {
274 this.timeout(30000)
275
276 await makePostBodyRequest({
277 url: server.url,
278 path,
279 token: server.accessToken,
280 fields: baseCorrectParams,
281 expectedStatus: HttpStatusCode.OK_200
282 })
283 })
284
285 it('Should forbid to import http videos', async function () {
286 await server.config.updateCustomSubConfig({
287 newConfig: {
288 import: {
289 videos: {
290 http: {
291 enabled: false
292 },
293 torrent: {
294 enabled: true
295 }
296 }
297 }
298 }
299 })
300
301 await makePostBodyRequest({
302 url: server.url,
303 path,
304 token: server.accessToken,
305 fields: baseCorrectParams,
306 expectedStatus: HttpStatusCode.CONFLICT_409
307 })
308 })
309
310 it('Should forbid to import torrent videos', async function () {
311 await server.config.updateCustomSubConfig({
312 newConfig: {
313 import: {
314 videos: {
315 http: {
316 enabled: true
317 },
318 torrent: {
319 enabled: false
320 }
321 }
322 }
323 }
324 })
325
326 let fields = omit(baseCorrectParams, 'targetUrl')
327 fields = { ...fields, magnetUri: FIXTURE_URLS.magnet }
328
329 await makePostBodyRequest({
330 url: server.url,
331 path,
332 token: server.accessToken,
333 fields,
334 expectedStatus: HttpStatusCode.CONFLICT_409
335 })
336
337 fields = omit(fields, 'magnetUri')
338 const attaches = {
339 torrentfile: buildAbsoluteFixturePath('video-720p.torrent')
340 }
341
342 await makeUploadRequest({
343 url: server.url,
344 path,
345 token: server.accessToken,
346 fields,
347 attaches,
348 expectedStatus: HttpStatusCode.CONFLICT_409
349 })
350 })
351 })
352
353 after(async function () {
354 await cleanupTests([ server ])
355 })
356 })
ActivityPub-federated video streaming platform using P2P directly in your web browser