Merge branch 'release/5.0.0' into develop

[github/Chocobozzz/PeerTube.git] / server / middlewares / validators / shared / videos.ts

diff --git a/server/middlewares/validators/shared/videos.ts b/server/middlewares/validators/shared/videos.ts
index c29751eca875b4047c3a79b8f9ecb81d224dd8ef..0033a32ff1af454f6a7794ce3403e49965b5526a 100644 (file)
--- a/server/middlewares/validators/shared/videos.ts
+++ b/server/middlewares/validators/shared/videos.ts
@@ -111,7 +111,7 @@ async function checkCanSeeVideo (options: {
 }) {
   const { req, res, video, paramId } = options
 
-  if (video.requiresAuth(paramId)) {
+  if (video.requiresAuth({ urlParamId: paramId, checkBlacklist: true })) {
     return checkCanSeeAuthVideo(req, res, video)
   }
 
@@ -174,24 +174,22 @@ async function checkCanAccessVideoStaticFiles (options: {
   res: Response
   paramId: string
 }) {
-  const { video, req, res, paramId } = options
+  const { video, req, res } = options
 
   if (res.locals.oauth?.token.User) {
     return checkCanSeeVideo(options)
   }
 
-  if (!video.requiresAuth(paramId)) return true
-
   const videoFileToken = req.query.videoFileToken
-  if (!videoFileToken) {
-    res.sendStatus(HttpStatusCode.FORBIDDEN_403)
-    return false
-  }
+  if (videoFileToken && VideoTokensManager.Instance.hasToken({ token: videoFileToken, videoUUID: video.uuid })) {
+    const user = VideoTokensManager.Instance.getUserFromToken({ token: videoFileToken })
 
-  if (VideoTokensManager.Instance.hasToken({ token: videoFileToken, videoUUID: video.uuid })) {
+    res.locals.videoFileToken = { user }
     return true
   }
 
+  if (!video.hasPrivateStaticPath()) return true
+
   res.sendStatus(HttpStatusCode.FORBIDDEN_403)
   return false
 }