1 /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
3 import { expect } from 'chai'
4 import { basename } from 'path'
5 import { checkVideoFileTokenReinjection, expectStartWith, SQLCommand } from '@server/tests/shared'
6 import { areScalewayObjectStorageTestsDisabled, getAllFiles, getHLS } from '@shared/core-utils'
7 import { HttpStatusCode, LiveVideo, VideoDetails, VideoPrivacy } from '@shared/models'
11 findExternalSavedVideo,
16 setAccessTokensToServers,
17 setDefaultVideoChannel,
20 } from '@shared/server-commands'
22 function extractFilenameFromUrl (url: string) {
23 const parts = basename(url).split(':')
25 return parts[parts.length - 1]
28 describe('Object storage for video static file privacy', function () {
29 // We need real world object storage to check ACL
30 if (areScalewayObjectStorageTestsDisabled()) return
32 let server: PeerTubeServer
33 let sqlCommand: SQLCommand
36 // ---------------------------------------------------------------------------
38 async function checkPrivateVODFiles (uuid: string) {
39 const video = await server.videos.getWithToken({ id: uuid })
41 for (const file of video.files) {
42 expectStartWith(file.fileUrl, server.url + '/object-storage-proxy/webseed/private/')
44 await makeRawRequest({ url: file.fileUrl, token: server.accessToken, expectedStatus: HttpStatusCode.OK_200 })
47 for (const file of getAllFiles(video)) {
48 const internalFileUrl = await sqlCommand.getInternalFileUrl(file.id)
49 expectStartWith(internalFileUrl, ObjectStorageCommand.getScalewayBaseUrl())
50 await makeRawRequest({ url: internalFileUrl, token: server.accessToken, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
53 const hls = getHLS(video)
56 for (const url of [ hls.playlistUrl, hls.segmentsSha256Url ]) {
57 expectStartWith(url, server.url + '/object-storage-proxy/streaming-playlists/hls/private/')
60 await makeRawRequest({ url: hls.playlistUrl, token: server.accessToken, expectedStatus: HttpStatusCode.OK_200 })
61 await makeRawRequest({ url: hls.segmentsSha256Url, token: server.accessToken, expectedStatus: HttpStatusCode.OK_200 })
63 for (const file of hls.files) {
64 expectStartWith(file.fileUrl, server.url + '/object-storage-proxy/streaming-playlists/hls/private/')
66 await makeRawRequest({ url: file.fileUrl, token: server.accessToken, expectedStatus: HttpStatusCode.OK_200 })
71 async function checkPublicVODFiles (uuid: string) {
72 const video = await server.videos.getWithToken({ id: uuid })
74 for (const file of getAllFiles(video)) {
75 expectStartWith(file.fileUrl, ObjectStorageCommand.getScalewayBaseUrl())
77 await makeRawRequest({ url: file.fileUrl, expectedStatus: HttpStatusCode.OK_200 })
80 const hls = getHLS(video)
83 expectStartWith(hls.playlistUrl, ObjectStorageCommand.getScalewayBaseUrl())
84 expectStartWith(hls.segmentsSha256Url, ObjectStorageCommand.getScalewayBaseUrl())
86 await makeRawRequest({ url: hls.playlistUrl, expectedStatus: HttpStatusCode.OK_200 })
87 await makeRawRequest({ url: hls.segmentsSha256Url, expectedStatus: HttpStatusCode.OK_200 })
91 // ---------------------------------------------------------------------------
93 before(async function () {
96 server = await createSingleServer(1, ObjectStorageCommand.getDefaultScalewayConfig({ serverNumber: 1 }))
97 await setAccessTokensToServers([ server ])
98 await setDefaultVideoChannel([ server ])
100 await server.config.enableMinimumTranscoding()
102 userToken = await server.users.generateUserAndToken('user1')
104 sqlCommand = new SQLCommand(server)
107 describe('VOD', function () {
108 let privateVideoUUID: string
109 let publicVideoUUID: string
110 let userPrivateVideoUUID: string
112 // ---------------------------------------------------------------------------
114 async function getSampleFileUrls (videoId: string) {
115 const video = await server.videos.getWithToken({ id: videoId })
118 webTorrentFile: video.files[0].fileUrl,
119 hlsFile: getHLS(video).files[0].fileUrl
123 // ---------------------------------------------------------------------------
125 it('Should upload a private video and have appropriate object storage ACL', async function () {
129 const { uuid } = await server.videos.quickUpload({ name: 'video', privacy: VideoPrivacy.PRIVATE })
130 privateVideoUUID = uuid
134 const { uuid } = await server.videos.quickUpload({ name: 'user video', token: userToken, privacy: VideoPrivacy.PRIVATE })
135 userPrivateVideoUUID = uuid
138 await waitJobs([ server ])
140 await checkPrivateVODFiles(privateVideoUUID)
143 it('Should upload a public video and have appropriate object storage ACL', async function () {
146 const { uuid } = await server.videos.quickUpload({ name: 'video', privacy: VideoPrivacy.UNLISTED })
147 await waitJobs([ server ])
149 publicVideoUUID = uuid
151 await checkPublicVODFiles(publicVideoUUID)
154 it('Should not get files without appropriate OAuth token', async function () {
157 const { webTorrentFile, hlsFile } = await getSampleFileUrls(privateVideoUUID)
159 await makeRawRequest({ url: webTorrentFile, token: userToken, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
160 await makeRawRequest({ url: webTorrentFile, token: server.accessToken, expectedStatus: HttpStatusCode.OK_200 })
162 await makeRawRequest({ url: hlsFile, token: userToken, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
163 await makeRawRequest({ url: hlsFile, token: server.accessToken, expectedStatus: HttpStatusCode.OK_200 })
166 it('Should not get HLS file of another video', async function () {
169 const privateVideo = await server.videos.getWithToken({ id: privateVideoUUID })
170 const hlsFilename = basename(getHLS(privateVideo).files[0].fileUrl)
172 const badUrl = server.url + '/object-storage-proxy/streaming-playlists/hls/private/' + userPrivateVideoUUID + '/' + hlsFilename
173 const goodUrl = server.url + '/object-storage-proxy/streaming-playlists/hls/private/' + privateVideoUUID + '/' + hlsFilename
175 await makeRawRequest({ url: badUrl, token: server.accessToken, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
176 await makeRawRequest({ url: goodUrl, token: server.accessToken, expectedStatus: HttpStatusCode.OK_200 })
179 it('Should correctly check OAuth or video file token', async function () {
182 const badVideoFileToken = await server.videoToken.getVideoFileToken({ token: userToken, videoId: userPrivateVideoUUID })
183 const goodVideoFileToken = await server.videoToken.getVideoFileToken({ videoId: privateVideoUUID })
185 const { webTorrentFile, hlsFile } = await getSampleFileUrls(privateVideoUUID)
187 for (const url of [ webTorrentFile, hlsFile ]) {
188 await makeRawRequest({ url, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
189 await makeRawRequest({ url, token: userToken, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
190 await makeRawRequest({ url, token: server.accessToken, expectedStatus: HttpStatusCode.OK_200 })
192 await makeRawRequest({ url, query: { videoFileToken: badVideoFileToken }, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
193 await makeRawRequest({ url, query: { videoFileToken: goodVideoFileToken }, expectedStatus: HttpStatusCode.OK_200 })
197 it('Should reinject video file token', async function () {
200 const videoFileToken = await server.videoToken.getVideoFileToken({ videoId: privateVideoUUID })
202 await checkVideoFileTokenReinjection({
204 videoUUID: privateVideoUUID,
206 resolutions: [ 240, 720 ],
211 it('Should update public video to private', async function () {
214 await server.videos.update({ id: publicVideoUUID, attributes: { privacy: VideoPrivacy.INTERNAL } })
216 await checkPrivateVODFiles(publicVideoUUID)
219 it('Should update private video to public', async function () {
222 await server.videos.update({ id: publicVideoUUID, attributes: { privacy: VideoPrivacy.PUBLIC } })
224 await checkPublicVODFiles(publicVideoUUID)
228 describe('Live', function () {
229 let normalLiveId: string
230 let normalLive: LiveVideo
232 let permanentLiveId: string
233 let permanentLive: LiveVideo
235 let unrelatedFileToken: string
237 // ---------------------------------------------------------------------------
239 async function checkLiveFiles (live: LiveVideo, liveId: string) {
240 const ffmpegCommand = sendRTMPStream({ rtmpBaseUrl: live.rtmpUrl, streamKey: live.streamKey })
241 await server.live.waitUntilPublished({ videoId: liveId })
243 const video = await server.videos.getWithToken({ id: liveId })
244 const fileToken = await server.videoToken.getVideoFileToken({ videoId: video.uuid })
246 const hls = video.streamingPlaylists[0]
248 for (const url of [ hls.playlistUrl, hls.segmentsSha256Url ]) {
249 expectStartWith(url, server.url + '/object-storage-proxy/streaming-playlists/hls/private/')
251 await makeRawRequest({ url: hls.playlistUrl, token: server.accessToken, expectedStatus: HttpStatusCode.OK_200 })
252 await makeRawRequest({ url: hls.segmentsSha256Url, token: server.accessToken, expectedStatus: HttpStatusCode.OK_200 })
254 await makeRawRequest({ url, token: server.accessToken, expectedStatus: HttpStatusCode.OK_200 })
255 await makeRawRequest({ url, query: { videoFileToken: fileToken }, expectedStatus: HttpStatusCode.OK_200 })
257 await makeRawRequest({ url, token: userToken, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
258 await makeRawRequest({ url, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
259 await makeRawRequest({ url, query: { videoFileToken: unrelatedFileToken }, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
262 await stopFfmpeg(ffmpegCommand)
265 async function checkReplay (replay: VideoDetails) {
266 const fileToken = await server.videoToken.getVideoFileToken({ videoId: replay.uuid })
268 const hls = replay.streamingPlaylists[0]
269 expect(hls.files).to.not.have.lengthOf(0)
271 for (const file of hls.files) {
272 await makeRawRequest({ url: file.fileUrl, token: server.accessToken, expectedStatus: HttpStatusCode.OK_200 })
273 await makeRawRequest({ url: file.fileUrl, query: { videoFileToken: fileToken }, expectedStatus: HttpStatusCode.OK_200 })
275 await makeRawRequest({ url: file.fileUrl, token: userToken, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
276 await makeRawRequest({ url: file.fileUrl, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
277 await makeRawRequest({
279 query: { videoFileToken: unrelatedFileToken },
280 expectedStatus: HttpStatusCode.FORBIDDEN_403
284 for (const url of [ hls.playlistUrl, hls.segmentsSha256Url ]) {
285 expectStartWith(url, server.url + '/object-storage-proxy/streaming-playlists/hls/private/')
287 await makeRawRequest({ url, token: server.accessToken, expectedStatus: HttpStatusCode.OK_200 })
288 await makeRawRequest({ url, query: { videoFileToken: fileToken }, expectedStatus: HttpStatusCode.OK_200 })
290 await makeRawRequest({ url, token: userToken, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
291 await makeRawRequest({ url, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
292 await makeRawRequest({ url, query: { videoFileToken: unrelatedFileToken }, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
296 // ---------------------------------------------------------------------------
298 before(async function () {
299 await server.config.enableMinimumTranscoding()
301 const { uuid } = await server.videos.quickUpload({ name: 'another video' })
302 unrelatedFileToken = await server.videoToken.getVideoFileToken({ videoId: uuid })
304 await server.config.enableLive({
311 const { video, live } = await server.live.quickCreate({
313 permanentLive: false,
314 privacy: VideoPrivacy.PRIVATE
316 normalLiveId = video.uuid
321 const { video, live } = await server.live.quickCreate({
324 privacy: VideoPrivacy.PRIVATE
326 permanentLiveId = video.uuid
331 it('Should create a private normal live and have a private static path', async function () {
334 await checkLiveFiles(normalLive, normalLiveId)
337 it('Should create a private permanent live and have a private static path', async function () {
340 await checkLiveFiles(permanentLive, permanentLiveId)
343 it('Should reinject video file token in permanent live', async function () {
346 const ffmpegCommand = sendRTMPStream({ rtmpBaseUrl: permanentLive.rtmpUrl, streamKey: permanentLive.streamKey })
347 await server.live.waitUntilPublished({ videoId: permanentLiveId })
349 const video = await server.videos.getWithToken({ id: permanentLiveId })
350 const videoFileToken = await server.videoToken.getVideoFileToken({ videoId: video.uuid })
352 await checkVideoFileTokenReinjection({
354 videoUUID: permanentLiveId,
356 resolutions: [ 720 ],
360 await stopFfmpeg(ffmpegCommand)
363 it('Should have created a replay of the normal live with a private static path', async function () {
366 await server.live.waitUntilReplacedByReplay({ videoId: normalLiveId })
368 const replay = await server.videos.getWithToken({ id: normalLiveId })
369 await checkReplay(replay)
372 it('Should have created a replay of the permanent live with a private static path', async function () {
375 await server.live.waitUntilWaiting({ videoId: permanentLiveId })
376 await waitJobs([ server ])
378 const live = await server.videos.getWithToken({ id: permanentLiveId })
379 const replayFromList = await findExternalSavedVideo(server, live)
380 const replay = await server.videos.getWithToken({ id: replayFromList.id })
382 await checkReplay(replay)
386 describe('With private files proxy disabled and public ACL for private files', function () {
387 let videoUUID: string
389 before(async function () {
394 const config = ObjectStorageCommand.getDefaultScalewayConfig({
396 enablePrivateProxy: false,
397 privateACL: 'public-read'
399 await server.run(config)
401 const { uuid } = await server.videos.quickUpload({ name: 'video', privacy: VideoPrivacy.PRIVATE })
404 await waitJobs([ server ])
407 it('Should display object storage path for a private video and be able to access them', async function () {
410 await checkPublicVODFiles(videoUUID)
413 it('Should not be able to access object storage proxy', async function () {
414 const privateVideo = await server.videos.getWithToken({ id: videoUUID })
415 const webtorrentFilename = extractFilenameFromUrl(privateVideo.files[0].fileUrl)
416 const hlsFilename = extractFilenameFromUrl(getHLS(privateVideo).files[0].fileUrl)
418 await makeRawRequest({
419 url: server.url + '/object-storage-proxy/webseed/private/' + webtorrentFilename,
420 token: server.accessToken,
421 expectedStatus: HttpStatusCode.BAD_REQUEST_400
424 await makeRawRequest({
425 url: server.url + '/object-storage-proxy/streaming-playlists/hls/private/' + videoUUID + '/' + hlsFilename,
426 token: server.accessToken,
427 expectedStatus: HttpStatusCode.BAD_REQUEST_400
432 after(async function () {
435 const { data } = await server.videos.listAllForAdmin()
437 for (const v of data) {
438 await server.videos.remove({ id: v.uuid })
441 for (const v of data) {
442 await server.servers.waitUntilLog('Removed files of video ' + v.url)
445 await sqlCommand.cleanup()
446 await cleanupTests([ server ])