import { Request, Response } from 'express'
-import { isUUIDValid } from '@server/helpers/custom-validators/misc'
import { loadVideo, VideoLoadType } from '@server/lib/model-loaders'
import { isAbleToUploadVideo } from '@server/lib/user'
+import { VideoTokensManager } from '@server/lib/video-tokens-manager'
import { authenticatePromise } from '@server/middlewares/auth'
import { VideoModel } from '@server/models/video/video'
import { VideoChannelModel } from '@server/models/video/video-channel'
res: Response
paramId: string
video: MVideo
- authenticateInQuery?: boolean // default false
}) {
- const { req, res, video, paramId, authenticateInQuery = false } = options
+ const { req, res, video, paramId } = options
- if (video.requiresAuth()) {
- return checkCanSeeAuthVideo(req, res, video, authenticateInQuery)
+ if (video.requiresAuth({ urlParamId: paramId, checkBlacklist: true })) {
+ return checkCanSeeAuthVideo(req, res, video)
}
- if (video.privacy === VideoPrivacy.UNLISTED) {
- if (isUUIDValid(paramId)) return true
-
- return checkCanSeeAuthVideo(req, res, video, authenticateInQuery)
+ if (video.privacy === VideoPrivacy.UNLISTED || video.privacy === VideoPrivacy.PUBLIC) {
+ return true
}
- if (video.privacy === VideoPrivacy.PUBLIC) return true
-
- throw new Error('Fatal error when checking video right ' + video.url)
+ throw new Error('Unknown video privacy when checking video right ' + video.url)
}
-async function checkCanSeeAuthVideo (req: Request, res: Response, video: MVideoId | MVideoWithRights, authenticateInQuery = false) {
+async function checkCanSeeAuthVideo (req: Request, res: Response, video: MVideoId | MVideoWithRights) {
const fail = () => {
res.fail({
status: HttpStatusCode.FORBIDDEN_403,
return false
}
- await authenticatePromise(req, res, authenticateInQuery)
+ await authenticatePromise(req, res)
const user = res.locals.oauth?.token.User
if (!user) return fail()
// ---------------------------------------------------------------------------
+async function checkCanAccessVideoStaticFiles (options: {
+ video: MVideo
+ req: Request
+ res: Response
+ paramId: string
+}) {
+ const { video, req, res } = options
+
+ if (res.locals.oauth?.token.User) {
+ return checkCanSeeVideo(options)
+ }
+
+ const videoFileToken = req.query.videoFileToken
+ if (videoFileToken && VideoTokensManager.Instance.hasToken({ token: videoFileToken, videoUUID: video.uuid })) {
+ const user = VideoTokensManager.Instance.getUserFromToken({ token: videoFileToken })
+
+ res.locals.videoFileToken = { user }
+ return true
+ }
+
+ if (!video.hasPrivateStaticPath()) return true
+
+ res.sendStatus(HttpStatusCode.FORBIDDEN_403)
+ return false
+}
+
+// ---------------------------------------------------------------------------
+
function checkUserCanManageVideo (user: MUser, video: MVideoAccountLight, right: UserRight, res: Response, onlyOwned = true) {
// Retrieve the user who did the request
if (onlyOwned && video.isOwned() === false) {
doesVideoExist,
doesVideoFileOfVideoExist,
+ checkCanAccessVideoStaticFiles,
checkUserCanManageVideo,
checkCanSeeVideo,
checkUserQuota
projects / github / Chocobozzz / PeerTube.git / blobdiff