1 /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
3 import { expect } from 'chai'
4 import { decode } from 'magnet-uri'
5 import { checkVideoFileTokenReinjection, expectStartWith } from '@server/tests/shared'
6 import { getAllFiles, wait } from '@shared/core-utils'
7 import { HttpStatusCode, LiveVideo, VideoDetails, VideoPrivacy } from '@shared/models'
11 findExternalSavedVideo,
16 setAccessTokensToServers,
17 setDefaultVideoChannel,
20 } from '@shared/server-commands'
22 describe('Test video static file privacy', function () {
23 let server: PeerTubeServer
26 before(async function () {
29 server = await createSingleServer(1)
30 await setAccessTokensToServers([ server ])
31 await setDefaultVideoChannel([ server ])
33 userToken = await server.users.generateUserAndToken('user1')
36 describe('VOD static file path', function () {
38 function runSuite () {
40 async function checkPrivateFiles (uuid: string) {
41 const video = await server.videos.getWithToken({ id: uuid })
43 for (const file of video.files) {
44 expect(file.fileDownloadUrl).to.not.include('/private/')
45 expectStartWith(file.fileUrl, server.url + '/static/webseed/private/')
47 const torrent = await parseTorrentVideo(server, file)
48 expect(torrent.urlList).to.have.lengthOf(0)
50 const magnet = decode(file.magnetUri)
51 expect(magnet.urlList).to.have.lengthOf(0)
53 await makeRawRequest({ url: file.fileUrl, token: server.accessToken, expectedStatus: HttpStatusCode.OK_200 })
56 const hls = video.streamingPlaylists[0]
58 expectStartWith(hls.playlistUrl, server.url + '/static/streaming-playlists/hls/private/')
59 expectStartWith(hls.segmentsSha256Url, server.url + '/static/streaming-playlists/hls/private/')
61 await makeRawRequest({ url: hls.playlistUrl, token: server.accessToken, expectedStatus: HttpStatusCode.OK_200 })
62 await makeRawRequest({ url: hls.segmentsSha256Url, token: server.accessToken, expectedStatus: HttpStatusCode.OK_200 })
66 async function checkPublicFiles (uuid: string) {
67 const video = await server.videos.get({ id: uuid })
69 for (const file of getAllFiles(video)) {
70 expect(file.fileDownloadUrl).to.not.include('/private/')
71 expect(file.fileUrl).to.not.include('/private/')
73 const torrent = await parseTorrentVideo(server, file)
74 expect(torrent.urlList[0]).to.not.include('private')
76 const magnet = decode(file.magnetUri)
77 expect(magnet.urlList[0]).to.not.include('private')
79 await makeRawRequest({ url: file.fileUrl, expectedStatus: HttpStatusCode.OK_200 })
80 await makeRawRequest({ url: torrent.urlList[0], expectedStatus: HttpStatusCode.OK_200 })
81 await makeRawRequest({ url: magnet.urlList[0], expectedStatus: HttpStatusCode.OK_200 })
84 const hls = video.streamingPlaylists[0]
86 expect(hls.playlistUrl).to.not.include('private')
87 expect(hls.segmentsSha256Url).to.not.include('private')
89 await makeRawRequest({ url: hls.playlistUrl, expectedStatus: HttpStatusCode.OK_200 })
90 await makeRawRequest({ url: hls.segmentsSha256Url, expectedStatus: HttpStatusCode.OK_200 })
94 it('Should upload a private/internal video and have a private static path', async function () {
97 for (const privacy of [ VideoPrivacy.PRIVATE, VideoPrivacy.INTERNAL ]) {
98 const { uuid } = await server.videos.quickUpload({ name: 'video', privacy })
99 await waitJobs([ server ])
101 await checkPrivateFiles(uuid)
105 it('Should upload a public video and update it as private/internal to have a private static path', async function () {
108 for (const privacy of [ VideoPrivacy.PRIVATE, VideoPrivacy.INTERNAL ]) {
109 const { uuid } = await server.videos.quickUpload({ name: 'video', privacy: VideoPrivacy.PUBLIC })
110 await waitJobs([ server ])
112 await server.videos.update({ id: uuid, attributes: { privacy } })
113 await waitJobs([ server ])
115 await checkPrivateFiles(uuid)
119 it('Should upload a private video and update it to unlisted to have a public static path', async function () {
122 const { uuid } = await server.videos.quickUpload({ name: 'video', privacy: VideoPrivacy.PRIVATE })
123 await waitJobs([ server ])
125 await server.videos.update({ id: uuid, attributes: { privacy: VideoPrivacy.UNLISTED } })
126 await waitJobs([ server ])
128 await checkPublicFiles(uuid)
131 it('Should upload an internal video and update it to public to have a public static path', async function () {
134 const { uuid } = await server.videos.quickUpload({ name: 'video', privacy: VideoPrivacy.INTERNAL })
135 await waitJobs([ server ])
137 await server.videos.update({ id: uuid, attributes: { privacy: VideoPrivacy.PUBLIC } })
138 await waitJobs([ server ])
140 await checkPublicFiles(uuid)
143 it('Should upload an internal video and schedule a public publish', async function () {
148 privacy: VideoPrivacy.PRIVATE,
150 updateAt: new Date(Date.now() + 1000).toISOString(),
151 privacy: VideoPrivacy.PUBLIC as VideoPrivacy.PUBLIC
155 const { uuid } = await server.videos.upload({ attributes })
157 await waitJobs([ server ])
159 await server.debug.sendCommand({ body: { command: 'process-update-videos-scheduler' } })
161 await waitJobs([ server ])
163 await checkPublicFiles(uuid)
167 describe('Without transcoding', function () {
171 describe('With transcoding', function () {
173 before(async function () {
174 await server.config.enableMinimumTranscoding()
181 describe('VOD static file right check', function () {
182 let unrelatedFileToken: string
184 async function checkVideoFiles (options: {
186 expectedStatus: HttpStatusCode
188 videoFileToken: string
190 const { id, expectedStatus, token, videoFileToken } = options
192 const video = await server.videos.getWithToken({ id })
194 for (const file of getAllFiles(video)) {
195 await makeRawRequest({ url: file.fileUrl, token, expectedStatus })
196 await makeRawRequest({ url: file.fileDownloadUrl, token, expectedStatus })
198 await makeRawRequest({ url: file.fileUrl, query: { videoFileToken }, expectedStatus })
199 await makeRawRequest({ url: file.fileDownloadUrl, query: { videoFileToken }, expectedStatus })
202 const hls = video.streamingPlaylists[0]
203 await makeRawRequest({ url: hls.playlistUrl, token, expectedStatus })
204 await makeRawRequest({ url: hls.segmentsSha256Url, token, expectedStatus })
206 await makeRawRequest({ url: hls.playlistUrl, query: { videoFileToken }, expectedStatus })
207 await makeRawRequest({ url: hls.segmentsSha256Url, query: { videoFileToken }, expectedStatus })
210 before(async function () {
211 await server.config.enableMinimumTranscoding()
213 const { uuid } = await server.videos.quickUpload({ name: 'another video' })
214 unrelatedFileToken = await server.videoToken.getVideoFileToken({ videoId: uuid })
217 it('Should not be able to access a private video files without OAuth token and file token', async function () {
220 const { uuid } = await server.videos.quickUpload({ name: 'video', privacy: VideoPrivacy.INTERNAL })
221 await waitJobs([ server ])
223 await checkVideoFiles({ id: uuid, expectedStatus: HttpStatusCode.FORBIDDEN_403, token: null, videoFileToken: null })
226 it('Should not be able to access an internal video files without appropriate OAuth token and file token', async function () {
229 const { uuid } = await server.videos.quickUpload({ name: 'video', privacy: VideoPrivacy.PRIVATE })
230 await waitJobs([ server ])
232 await checkVideoFiles({
234 expectedStatus: HttpStatusCode.FORBIDDEN_403,
236 videoFileToken: unrelatedFileToken
240 it('Should be able to access a private video files with appropriate OAuth token or file token', async function () {
243 const { uuid } = await server.videos.quickUpload({ name: 'video', privacy: VideoPrivacy.PRIVATE })
244 const videoFileToken = await server.videoToken.getVideoFileToken({ videoId: uuid })
246 await waitJobs([ server ])
248 await checkVideoFiles({ id: uuid, expectedStatus: HttpStatusCode.OK_200, token: server.accessToken, videoFileToken })
251 it('Should reinject video file token', async function () {
254 const { uuid } = await server.videos.quickUpload({ name: 'video', privacy: VideoPrivacy.PRIVATE })
256 const videoFileToken = await server.videoToken.getVideoFileToken({ videoId: uuid })
257 await waitJobs([ server ])
260 const video = await server.videos.getWithToken({ id: uuid })
261 const hls = video.streamingPlaylists[0]
262 const query = { videoFileToken }
263 const { text } = await makeRawRequest({ url: hls.playlistUrl, query, expectedStatus: HttpStatusCode.OK_200 })
265 expect(text).to.not.include(videoFileToken)
269 await checkVideoFileTokenReinjection({
273 resolutions: [ 240, 720 ],
279 it('Should be able to access a private video of another user with an admin OAuth token or file token', async function () {
282 const { uuid } = await server.videos.quickUpload({ name: 'video', token: userToken, privacy: VideoPrivacy.PRIVATE })
283 const videoFileToken = await server.videoToken.getVideoFileToken({ videoId: uuid })
285 await waitJobs([ server ])
287 await checkVideoFiles({ id: uuid, expectedStatus: HttpStatusCode.OK_200, token: server.accessToken, videoFileToken })
291 describe('Live static file path and check', function () {
292 let normalLiveId: string
293 let normalLive: LiveVideo
295 let permanentLiveId: string
296 let permanentLive: LiveVideo
298 let unrelatedFileToken: string
300 async function checkLiveFiles (live: LiveVideo, liveId: string) {
301 const ffmpegCommand = sendRTMPStream({ rtmpBaseUrl: live.rtmpUrl, streamKey: live.streamKey })
302 await server.live.waitUntilPublished({ videoId: liveId })
304 const video = await server.videos.getWithToken({ id: liveId })
305 const fileToken = await server.videoToken.getVideoFileToken({ videoId: video.uuid })
307 const hls = video.streamingPlaylists[0]
309 for (const url of [ hls.playlistUrl, hls.segmentsSha256Url ]) {
310 expectStartWith(url, server.url + '/static/streaming-playlists/hls/private/')
312 await makeRawRequest({ url, token: server.accessToken, expectedStatus: HttpStatusCode.OK_200 })
313 await makeRawRequest({ url, query: { videoFileToken: fileToken }, expectedStatus: HttpStatusCode.OK_200 })
315 await makeRawRequest({ url, token: userToken, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
316 await makeRawRequest({ url, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
317 await makeRawRequest({ url, query: { videoFileToken: unrelatedFileToken }, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
320 await stopFfmpeg(ffmpegCommand)
323 async function checkReplay (replay: VideoDetails) {
324 const fileToken = await server.videoToken.getVideoFileToken({ videoId: replay.uuid })
326 const hls = replay.streamingPlaylists[0]
327 expect(hls.files).to.not.have.lengthOf(0)
329 for (const file of hls.files) {
330 await makeRawRequest({ url: file.fileUrl, token: server.accessToken, expectedStatus: HttpStatusCode.OK_200 })
331 await makeRawRequest({ url: file.fileUrl, query: { videoFileToken: fileToken }, expectedStatus: HttpStatusCode.OK_200 })
333 await makeRawRequest({ url: file.fileUrl, token: userToken, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
334 await makeRawRequest({ url: file.fileUrl, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
335 await makeRawRequest({
337 query: { videoFileToken: unrelatedFileToken },
338 expectedStatus: HttpStatusCode.FORBIDDEN_403
342 for (const url of [ hls.playlistUrl, hls.segmentsSha256Url ]) {
343 expectStartWith(url, server.url + '/static/streaming-playlists/hls/private/')
345 await makeRawRequest({ url, token: server.accessToken, expectedStatus: HttpStatusCode.OK_200 })
346 await makeRawRequest({ url, query: { videoFileToken: fileToken }, expectedStatus: HttpStatusCode.OK_200 })
348 await makeRawRequest({ url, token: userToken, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
349 await makeRawRequest({ url, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
350 await makeRawRequest({ url, query: { videoFileToken: unrelatedFileToken }, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
354 before(async function () {
355 await server.config.enableMinimumTranscoding()
357 const { uuid } = await server.videos.quickUpload({ name: 'another video' })
358 unrelatedFileToken = await server.videoToken.getVideoFileToken({ videoId: uuid })
360 await server.config.enableLive({
367 const { video, live } = await server.live.quickCreate({ saveReplay: true, permanentLive: false, privacy: VideoPrivacy.PRIVATE })
368 normalLiveId = video.uuid
373 const { video, live } = await server.live.quickCreate({ saveReplay: true, permanentLive: true, privacy: VideoPrivacy.PRIVATE })
374 permanentLiveId = video.uuid
379 it('Should create a private normal live and have a private static path', async function () {
382 await checkLiveFiles(normalLive, normalLiveId)
385 it('Should create a private permanent live and have a private static path', async function () {
388 await checkLiveFiles(permanentLive, permanentLiveId)
391 it('Should reinject video file token on permanent live', async function () {
394 const ffmpegCommand = sendRTMPStream({ rtmpBaseUrl: permanentLive.rtmpUrl, streamKey: permanentLive.streamKey })
395 await server.live.waitUntilPublished({ videoId: permanentLiveId })
397 const video = await server.videos.getWithToken({ id: permanentLiveId })
398 const videoFileToken = await server.videoToken.getVideoFileToken({ videoId: video.uuid })
399 const hls = video.streamingPlaylists[0]
402 const query = { videoFileToken }
403 const { text } = await makeRawRequest({ url: hls.playlistUrl, query, expectedStatus: HttpStatusCode.OK_200 })
405 expect(text).to.not.include(videoFileToken)
409 await checkVideoFileTokenReinjection({
411 videoUUID: permanentLiveId,
413 resolutions: [ 720 ],
418 await stopFfmpeg(ffmpegCommand)
421 it('Should have created a replay of the normal live with a private static path', async function () {
424 await server.live.waitUntilReplacedByReplay({ videoId: normalLiveId })
426 const replay = await server.videos.getWithToken({ id: normalLiveId })
427 await checkReplay(replay)
430 it('Should have created a replay of the permanent live with a private static path', async function () {
433 await server.live.waitUntilWaiting({ videoId: permanentLiveId })
434 await waitJobs([ server ])
436 const live = await server.videos.getWithToken({ id: permanentLiveId })
437 const replayFromList = await findExternalSavedVideo(server, live)
438 const replay = await server.videos.getWithToken({ id: replayFromList.id })
440 await checkReplay(replay)
444 describe('With static file right check disabled', function () {
445 let videoUUID: string
447 before(async function () {
454 private_files_require_auth: false
458 const { uuid } = await server.videos.quickUpload({ name: 'video', privacy: VideoPrivacy.INTERNAL })
461 await waitJobs([ server ])
464 it('Should not check auth for private static files', async function () {
465 const video = await server.videos.getWithToken({ id: videoUUID })
467 for (const file of getAllFiles(video)) {
468 await makeRawRequest({ url: file.fileUrl, expectedStatus: HttpStatusCode.OK_200 })
471 const hls = video.streamingPlaylists[0]
472 await makeRawRequest({ url: hls.playlistUrl, expectedStatus: HttpStatusCode.OK_200 })
473 await makeRawRequest({ url: hls.segmentsSha256Url, expectedStatus: HttpStatusCode.OK_200 })
477 after(async function () {
478 await cleanupTests([ server ])