+// ---------------------------------------------------------------------------
+
+async function checkCanSeeVideo (options: {
+ req: Request
+ res: Response
+ paramId: string
+ video: MVideo
+}) {
+ const { req, res, video, paramId } = options
+
+ if (video.requiresAuth({ urlParamId: paramId, checkBlacklist: true })) {
+ return checkCanSeeAuthVideo(req, res, video)
+ }
+
+ if (video.privacy === VideoPrivacy.UNLISTED || video.privacy === VideoPrivacy.PUBLIC) {
+ return true
+ }
+
+ throw new Error('Unknown video privacy when checking video right ' + video.url)
+}
+
+async function checkCanSeeAuthVideo (req: Request, res: Response, video: MVideoId | MVideoWithRights) {
+ const fail = () => {
+ res.fail({
+ status: HttpStatusCode.FORBIDDEN_403,
+ message: 'Cannot fetch information of private/internal/blocked video'
+ })
+
+ return false
+ }
+
+ await authenticatePromise(req, res)
+
+ const user = res.locals.oauth?.token.User
+ if (!user) return fail()
+
+ const videoWithRights = (video as MVideoWithRights).VideoChannel?.Account?.userId
+ ? video as MVideoWithRights
+ : await VideoModel.loadFull(video.id)
+
+ const privacy = videoWithRights.privacy
+
+ if (privacy === VideoPrivacy.INTERNAL) {
+ // We know we have a user
+ return true
+ }
+
+ const isOwnedByUser = videoWithRights.VideoChannel.Account.userId === user.id
+
+ if (videoWithRights.isBlacklisted()) {
+ if (isOwnedByUser || user.hasRight(UserRight.MANAGE_VIDEO_BLACKLIST)) return true
+
+ return fail()
+ }
+
+ if (privacy === VideoPrivacy.PRIVATE || privacy === VideoPrivacy.UNLISTED) {
+ if (isOwnedByUser || user.hasRight(UserRight.SEE_ALL_VIDEOS)) return true
+
+ return fail()
+ }
+
+ // Should not happen
+ return fail()
+}
+
+// ---------------------------------------------------------------------------
+
+async function checkCanAccessVideoStaticFiles (options: {
+ video: MVideo
+ req: Request
+ res: Response
+ paramId: string
+}) {
+ const { video, req, res } = options
+
+ if (res.locals.oauth?.token.User) {
+ return checkCanSeeVideo(options)
+ }
+
+ const videoFileToken = req.query.videoFileToken
+ if (videoFileToken && VideoTokensManager.Instance.hasToken({ token: videoFileToken, videoUUID: video.uuid })) {
+ const user = VideoTokensManager.Instance.getUserFromToken({ token: videoFileToken })
+
+ res.locals.videoFileToken = { user }
+ return true
+ }
+
+ if (!video.hasPrivateStaticPath()) return true
+
+ res.sendStatus(HttpStatusCode.FORBIDDEN_403)
+ return false
+}
+
+// ---------------------------------------------------------------------------
+