server/tests/api/videos/video-static-file-privacy.ts

   1 /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
   2
   3 import { expect } from 'chai'
   4 import { decode } from 'magnet-uri'
   5 import { expectStartWith } from '@server/tests/shared'
   6 import { getAllFiles, wait } from '@shared/core-utils'
   7 import { HttpStatusCode, LiveVideo, VideoDetails, VideoPrivacy } from '@shared/models'
   8 import {
   9   cleanupTests,
  10   createSingleServer,
  11   findExternalSavedVideo,
  12   makeRawRequest,
  13   parseTorrentVideo,
  14   PeerTubeServer,
  15   sendRTMPStream,
  16   setAccessTokensToServers,
  17   setDefaultVideoChannel,
  18   stopFfmpeg,
  19   waitJobs
  20 } from '@shared/server-commands'
  21
  22 describe('Test video static file privacy', function () {
  23   let server: PeerTubeServer
  24   let userToken: string
  25
  26   before(async function () {
  27     this.timeout(50000)
  28
  29     server = await createSingleServer(1)
  30     await setAccessTokensToServers([ server ])
  31     await setDefaultVideoChannel([ server ])
  32
  33     userToken = await server.users.generateUserAndToken('user1')
  34   })
  35
  36   describe('VOD static file path', function () {
  37
  38     function runSuite () {
  39
  40       async function checkPrivateFiles (uuid: string) {
  41         const video = await server.videos.getWithToken({ id: uuid })
  42
  43         for (const file of video.files) {
  44           expect(file.fileDownloadUrl).to.not.include('/private/')
  45           expectStartWith(file.fileUrl, server.url + '/static/webseed/private/')
  46
  47           const torrent = await parseTorrentVideo(server, file)
  48           expect(torrent.urlList).to.have.lengthOf(0)
  49
  50           const magnet = decode(file.magnetUri)
  51           expect(magnet.urlList).to.have.lengthOf(0)
  52
  53           await makeRawRequest({ url: file.fileUrl, token: server.accessToken, expectedStatus: HttpStatusCode.OK_200 })
  54         }
  55
  56         const hls = video.streamingPlaylists[0]
  57         if (hls) {
  58           expectStartWith(hls.playlistUrl, server.url + '/static/streaming-playlists/hls/private/')
  59           expectStartWith(hls.segmentsSha256Url, server.url + '/static/streaming-playlists/hls/private/')
  60
  61           await makeRawRequest({ url: hls.playlistUrl, token: server.accessToken, expectedStatus: HttpStatusCode.OK_200 })
  62           await makeRawRequest({ url: hls.segmentsSha256Url, token: server.accessToken, expectedStatus: HttpStatusCode.OK_200 })
  63         }
  64       }
  65
  66       async function checkPublicFiles (uuid: string) {
  67         const video = await server.videos.get({ id: uuid })
  68
  69         for (const file of getAllFiles(video)) {
  70           expect(file.fileDownloadUrl).to.not.include('/private/')
  71           expect(file.fileUrl).to.not.include('/private/')
  72
  73           const torrent = await parseTorrentVideo(server, file)
  74           expect(torrent.urlList[0]).to.not.include('private')
  75
  76           const magnet = decode(file.magnetUri)
  77           expect(magnet.urlList[0]).to.not.include('private')
  78
  79           await makeRawRequest({ url: file.fileUrl, expectedStatus: HttpStatusCode.OK_200 })
  80           await makeRawRequest({ url: torrent.urlList[0], expectedStatus: HttpStatusCode.OK_200 })
  81           await makeRawRequest({ url: magnet.urlList[0], expectedStatus: HttpStatusCode.OK_200 })
  82         }
  83
  84         const hls = video.streamingPlaylists[0]
  85         if (hls) {
  86           expect(hls.playlistUrl).to.not.include('private')
  87           expect(hls.segmentsSha256Url).to.not.include('private')
  88
  89           await makeRawRequest({ url: hls.playlistUrl, expectedStatus: HttpStatusCode.OK_200 })
  90           await makeRawRequest({ url: hls.segmentsSha256Url, expectedStatus: HttpStatusCode.OK_200 })
  91         }
  92       }
  93
  94       it('Should upload a private/internal video and have a private static path', async function () {
  95         this.timeout(120000)
  96
  97         for (const privacy of [ VideoPrivacy.PRIVATE, VideoPrivacy.INTERNAL ]) {
  98           const { uuid } = await server.videos.quickUpload({ name: 'video', privacy })
  99           await waitJobs([ server ])
 100
 101           await checkPrivateFiles(uuid)
 102         }
 103       })
 104
 105       it('Should upload a public video and update it as private/internal to have a private static path', async function () {
 106         this.timeout(120000)
 107
 108         for (const privacy of [ VideoPrivacy.PRIVATE, VideoPrivacy.INTERNAL ]) {
 109           const { uuid } = await server.videos.quickUpload({ name: 'video', privacy: VideoPrivacy.PUBLIC })
 110           await waitJobs([ server ])
 111
 112           await server.videos.update({ id: uuid, attributes: { privacy } })
 113           await waitJobs([ server ])
 114
 115           await checkPrivateFiles(uuid)
 116         }
 117       })
 118
 119       it('Should upload a private video and update it to unlisted to have a public static path', async function () {
 120         this.timeout(120000)
 121
 122         const { uuid } = await server.videos.quickUpload({ name: 'video', privacy: VideoPrivacy.PRIVATE })
 123         await waitJobs([ server ])
 124
 125         await server.videos.update({ id: uuid, attributes: { privacy: VideoPrivacy.UNLISTED } })
 126         await waitJobs([ server ])
 127
 128         await checkPublicFiles(uuid)
 129       })
 130
 131       it('Should upload an internal video and update it to public to have a public static path', async function () {
 132         this.timeout(120000)
 133
 134         const { uuid } = await server.videos.quickUpload({ name: 'video', privacy: VideoPrivacy.INTERNAL })
 135         await waitJobs([ server ])
 136
 137         await server.videos.update({ id: uuid, attributes: { privacy: VideoPrivacy.PUBLIC } })
 138         await waitJobs([ server ])
 139
 140         await checkPublicFiles(uuid)
 141       })
 142
 143       it('Should upload an internal video and schedule a public publish', async function () {
 144         this.timeout(120000)
 145
 146         const attributes = {
 147           name: 'video',
 148           privacy: VideoPrivacy.PRIVATE,
 149           scheduleUpdate: {
 150             updateAt: new Date(Date.now() + 1000).toISOString(),
 151             privacy: VideoPrivacy.PUBLIC as VideoPrivacy.PUBLIC
 152           }
 153         }
 154
 155         const { uuid } = await server.videos.upload({ attributes })
 156
 157         await waitJobs([ server ])
 158         await wait(1000)
 159         await server.debug.sendCommand({ body: { command: 'process-update-videos-scheduler' } })
 160
 161         await waitJobs([ server ])
 162
 163         await checkPublicFiles(uuid)
 164       })
 165     }
 166
 167     describe('Without transcoding', function () {
 168       runSuite()
 169     })
 170
 171     describe('With transcoding', function () {
 172
 173       before(async function () {
 174         await server.config.enableMinimumTranscoding()
 175       })
 176
 177       runSuite()
 178     })
 179   })
 180
 181   describe('VOD static file right check', function () {
 182     let unrelatedFileToken: string
 183
 184     async function checkVideoFiles (options: {
 185       id: string
 186       expectedStatus: HttpStatusCode
 187       token: string
 188       videoFileToken: string
 189     }) {
 190       const { id, expectedStatus, token, videoFileToken } = options
 191
 192       const video = await server.videos.getWithToken({ id })
 193
 194       for (const file of getAllFiles(video)) {
 195         await makeRawRequest({ url: file.fileUrl, token, expectedStatus })
 196         await makeRawRequest({ url: file.fileDownloadUrl, token, expectedStatus })
 197
 198         await makeRawRequest({ url: file.fileUrl, query: { videoFileToken }, expectedStatus })
 199         await makeRawRequest({ url: file.fileDownloadUrl, query: { videoFileToken }, expectedStatus })
 200       }
 201
 202       const hls = video.streamingPlaylists[0]
 203       await makeRawRequest({ url: hls.playlistUrl, token, expectedStatus })
 204       await makeRawRequest({ url: hls.segmentsSha256Url, token, expectedStatus })
 205
 206       await makeRawRequest({ url: hls.playlistUrl, query: { videoFileToken }, expectedStatus })
 207       await makeRawRequest({ url: hls.segmentsSha256Url, query: { videoFileToken }, expectedStatus })
 208     }
 209
 210     before(async function () {
 211       await server.config.enableMinimumTranscoding()
 212
 213       const { uuid } = await server.videos.quickUpload({ name: 'another video' })
 214       unrelatedFileToken = await server.videoToken.getVideoFileToken({ videoId: uuid })
 215     })
 216
 217     it('Should not be able to access a private video files without OAuth token and file token', async function () {
 218       this.timeout(120000)
 219
 220       const { uuid } = await server.videos.quickUpload({ name: 'video', privacy: VideoPrivacy.INTERNAL })
 221       await waitJobs([ server ])
 222
 223       await checkVideoFiles({ id: uuid, expectedStatus: HttpStatusCode.FORBIDDEN_403, token: null, videoFileToken: null })
 224     })
 225
 226     it('Should not be able to access an internal video files without appropriate OAuth token and file token', async function () {
 227       this.timeout(120000)
 228
 229       const { uuid } = await server.videos.quickUpload({ name: 'video', privacy: VideoPrivacy.PRIVATE })
 230       await waitJobs([ server ])
 231
 232       await checkVideoFiles({
 233         id: uuid,
 234         expectedStatus: HttpStatusCode.FORBIDDEN_403,
 235         token: userToken,
 236         videoFileToken: unrelatedFileToken
 237       })
 238     })
 239
 240     it('Should be able to access a private video files with appropriate OAuth token or file token', async function () {
 241       this.timeout(120000)
 242
 243       const { uuid } = await server.videos.quickUpload({ name: 'video', privacy: VideoPrivacy.PRIVATE })
 244       const videoFileToken = await server.videoToken.getVideoFileToken({ videoId: uuid })
 245
 246       await waitJobs([ server ])
 247
 248       await checkVideoFiles({ id: uuid, expectedStatus: HttpStatusCode.OK_200, token: server.accessToken, videoFileToken })
 249     })
 250
 251     it('Should be able to access a private video of another user with an admin OAuth token or file token', async function () {
 252       this.timeout(120000)
 253
 254       const { uuid } = await server.videos.quickUpload({ name: 'video', token: userToken, privacy: VideoPrivacy.PRIVATE })
 255       const videoFileToken = await server.videoToken.getVideoFileToken({ videoId: uuid })
 256
 257       await waitJobs([ server ])
 258
 259       await checkVideoFiles({ id: uuid, expectedStatus: HttpStatusCode.OK_200, token: server.accessToken, videoFileToken })
 260     })
 261   })
 262
 263   describe('Live static file path and check', function () {
 264     let normalLiveId: string
 265     let normalLive: LiveVideo
 266
 267     let permanentLiveId: string
 268     let permanentLive: LiveVideo
 269
 270     let unrelatedFileToken: string
 271
 272     async function checkLiveFiles (live: LiveVideo, liveId: string) {
 273       const ffmpegCommand = sendRTMPStream({ rtmpBaseUrl: live.rtmpUrl, streamKey: live.streamKey })
 274       await server.live.waitUntilPublished({ videoId: liveId })
 275
 276       const video = await server.videos.getWithToken({ id: liveId })
 277       const fileToken = await server.videoToken.getVideoFileToken({ videoId: video.uuid })
 278
 279       const hls = video.streamingPlaylists[0]
 280
 281       for (const url of [ hls.playlistUrl, hls.segmentsSha256Url ]) {
 282         expectStartWith(url, server.url + '/static/streaming-playlists/hls/private/')
 283
 284         await makeRawRequest({ url, token: server.accessToken, expectedStatus: HttpStatusCode.OK_200 })
 285         await makeRawRequest({ url, query: { videoFileToken: fileToken }, expectedStatus: HttpStatusCode.OK_200 })
 286
 287         await makeRawRequest({ url, token: userToken, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
 288         await makeRawRequest({ url, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
 289         await makeRawRequest({ url, query: { videoFileToken: unrelatedFileToken }, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
 290       }
 291
 292       await stopFfmpeg(ffmpegCommand)
 293     }
 294
 295     async function checkReplay (replay: VideoDetails) {
 296       const fileToken = await server.videoToken.getVideoFileToken({ videoId: replay.uuid })
 297
 298       const hls = replay.streamingPlaylists[0]
 299       expect(hls.files).to.not.have.lengthOf(0)
 300
 301       for (const file of hls.files) {
 302         await makeRawRequest({ url: file.fileUrl, token: server.accessToken, expectedStatus: HttpStatusCode.OK_200 })
 303         await makeRawRequest({ url: file.fileUrl, query: { videoFileToken: fileToken }, expectedStatus: HttpStatusCode.OK_200 })
 304
 305         await makeRawRequest({ url: file.fileUrl, token: userToken, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
 306         await makeRawRequest({ url: file.fileUrl, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
 307         await makeRawRequest({
 308           url: file.fileUrl,
 309           query: { videoFileToken: unrelatedFileToken },
 310           expectedStatus: HttpStatusCode.FORBIDDEN_403
 311         })
 312       }
 313
 314       for (const url of [ hls.playlistUrl, hls.segmentsSha256Url ]) {
 315         expectStartWith(url, server.url + '/static/streaming-playlists/hls/private/')
 316
 317         await makeRawRequest({ url, token: server.accessToken, expectedStatus: HttpStatusCode.OK_200 })
 318         await makeRawRequest({ url, query: { videoFileToken: fileToken }, expectedStatus: HttpStatusCode.OK_200 })
 319
 320         await makeRawRequest({ url, token: userToken, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
 321         await makeRawRequest({ url, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
 322         await makeRawRequest({ url, query: { videoFileToken: unrelatedFileToken }, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
 323       }
 324     }
 325
 326     before(async function () {
 327       await server.config.enableMinimumTranscoding()
 328
 329       const { uuid } = await server.videos.quickUpload({ name: 'another video' })
 330       unrelatedFileToken = await server.videoToken.getVideoFileToken({ videoId: uuid })
 331
 332       await server.config.enableLive({
 333         allowReplay: true,
 334         transcoding: true,
 335         resolutions: 'min'
 336       })
 337
 338       {
 339         const { video, live } = await server.live.quickCreate({ saveReplay: true, permanentLive: false, privacy: VideoPrivacy.PRIVATE })
 340         normalLiveId = video.uuid
 341         normalLive = live
 342       }
 343
 344       {
 345         const { video, live } = await server.live.quickCreate({ saveReplay: true, permanentLive: true, privacy: VideoPrivacy.PRIVATE })
 346         permanentLiveId = video.uuid
 347         permanentLive = live
 348       }
 349     })
 350
 351     it('Should create a private normal live and have a private static path', async function () {
 352       this.timeout(240000)
 353
 354       await checkLiveFiles(normalLive, normalLiveId)
 355     })
 356
 357     it('Should create a private permanent live and have a private static path', async function () {
 358       this.timeout(240000)
 359
 360       await checkLiveFiles(permanentLive, permanentLiveId)
 361     })
 362
 363     it('Should have created a replay of the normal live with a private static path', async function () {
 364       this.timeout(240000)
 365
 366       await server.live.waitUntilReplacedByReplay({ videoId: normalLiveId })
 367
 368       const replay = await server.videos.getWithToken({ id: normalLiveId })
 369       await checkReplay(replay)
 370     })
 371
 372     it('Should have created a replay of the permanent live with a private static path', async function () {
 373       this.timeout(240000)
 374
 375       await server.live.waitUntilWaiting({ videoId: permanentLiveId })
 376       await waitJobs([ server ])
 377
 378       const live = await server.videos.getWithToken({ id: permanentLiveId })
 379       const replayFromList = await findExternalSavedVideo(server, live)
 380       const replay = await server.videos.getWithToken({ id: replayFromList.id })
 381
 382       await checkReplay(replay)
 383     })
 384   })
 385
 386   after(async function () {
 387     await cleanupTests([ server ])
 388   })
 389 })