waitJobs
} from '@shared/server-commands'
+function extractFilenameFromUrl (url: string) {
+ const parts = basename(url).split(':')
+
+ return parts[parts.length - 1]
+}
+
describe('Object storage for video static file privacy', function () {
// We need real world object storage to check ACL
if (areScalewayObjectStorageTestsDisabled()) return
let server: PeerTubeServer
let userToken: string
- before(async function () {
- this.timeout(120000)
+ // ---------------------------------------------------------------------------
- server = await createSingleServer(1, ObjectStorageCommand.getDefaultScalewayConfig(1))
- await setAccessTokensToServers([ server ])
- await setDefaultVideoChannel([ server ])
+ async function checkPrivateVODFiles (uuid: string) {
+ const video = await server.videos.getWithToken({ id: uuid })
- await server.config.enableMinimumTranscoding()
+ for (const file of video.files) {
+ expectStartWith(file.fileUrl, server.url + '/object-storage-proxy/webseed/private/')
- userToken = await server.users.generateUserAndToken('user1')
- })
+ await makeRawRequest({ url: file.fileUrl, token: server.accessToken, expectedStatus: HttpStatusCode.OK_200 })
+ }
- describe('VOD', function () {
- let privateVideoUUID: string
- let publicVideoUUID: string
- let userPrivateVideoUUID: string
+ for (const file of getAllFiles(video)) {
+ const internalFileUrl = await server.sql.getInternalFileUrl(file.id)
+ expectStartWith(internalFileUrl, ObjectStorageCommand.getScalewayBaseUrl())
+ await makeRawRequest({ url: internalFileUrl, token: server.accessToken, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
+ }
+
+ const hls = getHLS(video)
+
+ if (hls) {
+ for (const url of [ hls.playlistUrl, hls.segmentsSha256Url ]) {
+ expectStartWith(url, server.url + '/object-storage-proxy/streaming-playlists/hls/private/')
+ }
- async function checkPrivateFiles (uuid: string) {
- const video = await server.videos.getWithToken({ id: uuid })
+ await makeRawRequest({ url: hls.playlistUrl, token: server.accessToken, expectedStatus: HttpStatusCode.OK_200 })
+ await makeRawRequest({ url: hls.segmentsSha256Url, token: server.accessToken, expectedStatus: HttpStatusCode.OK_200 })
- for (const file of video.files) {
- expectStartWith(file.fileUrl, server.url + '/object-storage-proxy/webseed/private/')
+ for (const file of hls.files) {
+ expectStartWith(file.fileUrl, server.url + '/object-storage-proxy/streaming-playlists/hls/private/')
await makeRawRequest({ url: file.fileUrl, token: server.accessToken, expectedStatus: HttpStatusCode.OK_200 })
}
+ }
+ }
- for (const file of getAllFiles(video)) {
- const internalFileUrl = await server.sql.getInternalFileUrl(file.id)
- expectStartWith(internalFileUrl, ObjectStorageCommand.getScalewayBaseUrl())
- await makeRawRequest({ url: internalFileUrl, token: server.accessToken, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
- }
+ async function checkPublicVODFiles (uuid: string) {
+ const video = await server.videos.getWithToken({ id: uuid })
- const hls = getHLS(video)
+ for (const file of getAllFiles(video)) {
+ expectStartWith(file.fileUrl, ObjectStorageCommand.getScalewayBaseUrl())
- if (hls) {
- for (const url of [ hls.playlistUrl, hls.segmentsSha256Url ]) {
- expectStartWith(url, server.url + '/object-storage-proxy/streaming-playlists/hls/private/')
- }
+ await makeRawRequest({ url: file.fileUrl, expectedStatus: HttpStatusCode.OK_200 })
+ }
- await makeRawRequest({ url: hls.playlistUrl, token: server.accessToken, expectedStatus: HttpStatusCode.OK_200 })
- await makeRawRequest({ url: hls.segmentsSha256Url, token: server.accessToken, expectedStatus: HttpStatusCode.OK_200 })
+ const hls = getHLS(video)
- for (const file of hls.files) {
- expectStartWith(file.fileUrl, server.url + '/object-storage-proxy/streaming-playlists/hls/private/')
+ if (hls) {
+ expectStartWith(hls.playlistUrl, ObjectStorageCommand.getScalewayBaseUrl())
+ expectStartWith(hls.segmentsSha256Url, ObjectStorageCommand.getScalewayBaseUrl())
- await makeRawRequest({ url: file.fileUrl, token: server.accessToken, expectedStatus: HttpStatusCode.OK_200 })
- }
- }
+ await makeRawRequest({ url: hls.playlistUrl, expectedStatus: HttpStatusCode.OK_200 })
+ await makeRawRequest({ url: hls.segmentsSha256Url, expectedStatus: HttpStatusCode.OK_200 })
}
+ }
- async function checkPublicFiles (uuid: string) {
- const video = await server.videos.getWithToken({ id: uuid })
+ // ---------------------------------------------------------------------------
- for (const file of getAllFiles(video)) {
- expectStartWith(file.fileUrl, ObjectStorageCommand.getScalewayBaseUrl())
+ before(async function () {
+ this.timeout(120000)
- await makeRawRequest({ url: file.fileUrl, expectedStatus: HttpStatusCode.OK_200 })
- }
+ server = await createSingleServer(1, ObjectStorageCommand.getDefaultScalewayConfig({ serverNumber: 1 }))
+ await setAccessTokensToServers([ server ])
+ await setDefaultVideoChannel([ server ])
- const hls = getHLS(video)
+ await server.config.enableMinimumTranscoding()
- if (hls) {
- expectStartWith(hls.playlistUrl, ObjectStorageCommand.getScalewayBaseUrl())
- expectStartWith(hls.segmentsSha256Url, ObjectStorageCommand.getScalewayBaseUrl())
+ userToken = await server.users.generateUserAndToken('user1')
+ })
- await makeRawRequest({ url: hls.playlistUrl, expectedStatus: HttpStatusCode.OK_200 })
- await makeRawRequest({ url: hls.segmentsSha256Url, expectedStatus: HttpStatusCode.OK_200 })
- }
- }
+ describe('VOD', function () {
+ let privateVideoUUID: string
+ let publicVideoUUID: string
+ let userPrivateVideoUUID: string
+
+ // ---------------------------------------------------------------------------
async function getSampleFileUrls (videoId: string) {
const video = await server.videos.getWithToken({ id: videoId })
}
}
+ // ---------------------------------------------------------------------------
+
it('Should upload a private video and have appropriate object storage ACL', async function () {
this.timeout(60000)
await waitJobs([ server ])
- await checkPrivateFiles(privateVideoUUID)
+ await checkPrivateVODFiles(privateVideoUUID)
})
it('Should upload a public video and have appropriate object storage ACL', async function () {
publicVideoUUID = uuid
- await checkPublicFiles(publicVideoUUID)
+ await checkPublicVODFiles(publicVideoUUID)
})
it('Should not get files without appropriate OAuth token', async function () {
await server.videos.update({ id: publicVideoUUID, attributes: { privacy: VideoPrivacy.INTERNAL } })
- await checkPrivateFiles(publicVideoUUID)
+ await checkPrivateVODFiles(publicVideoUUID)
})
it('Should update private video to public', async function () {
await server.videos.update({ id: publicVideoUUID, attributes: { privacy: VideoPrivacy.PUBLIC } })
- await checkPublicFiles(publicVideoUUID)
+ await checkPublicVODFiles(publicVideoUUID)
})
})
let unrelatedFileToken: string
+ // ---------------------------------------------------------------------------
+
async function checkLiveFiles (live: LiveVideo, liveId: string) {
const ffmpegCommand = sendRTMPStream({ rtmpBaseUrl: live.rtmpUrl, streamKey: live.streamKey })
await server.live.waitUntilPublished({ videoId: liveId })
}
}
+ // ---------------------------------------------------------------------------
+
before(async function () {
await server.config.enableMinimumTranscoding()
})
})
+ describe('With private files proxy disabled and public ACL for private files', function () {
+ let videoUUID: string
+
+ before(async function () {
+ this.timeout(240000)
+
+ await server.kill()
+
+ const config = ObjectStorageCommand.getDefaultScalewayConfig({
+ serverNumber: server.internalServerNumber,
+ enablePrivateProxy: false,
+ privateACL: 'public-read'
+ })
+ await server.run(config)
+
+ const { uuid } = await server.videos.quickUpload({ name: 'video', privacy: VideoPrivacy.PRIVATE })
+ videoUUID = uuid
+
+ await waitJobs([ server ])
+ })
+
+ it('Should display object storage path for a private video and be able to access them', async function () {
+ this.timeout(60000)
+
+ await checkPublicVODFiles(videoUUID)
+ })
+
+ it('Should not be able to access object storage proxy', async function () {
+ const privateVideo = await server.videos.getWithToken({ id: videoUUID })
+ const webtorrentFilename = extractFilenameFromUrl(privateVideo.files[0].fileUrl)
+ const hlsFilename = extractFilenameFromUrl(getHLS(privateVideo).files[0].fileUrl)
+
+ await makeRawRequest({
+ url: server.url + '/object-storage-proxy/webseed/private/' + webtorrentFilename,
+ token: server.accessToken,
+ expectedStatus: HttpStatusCode.BAD_REQUEST_400
+ })
+
+ await makeRawRequest({
+ url: server.url + '/object-storage-proxy/streaming-playlists/hls/private/' + videoUUID + '/' + hlsFilename,
+ token: server.accessToken,
+ expectedStatus: HttpStatusCode.BAD_REQUEST_400
+ })
+ })
+ })
+
after(async function () {
this.timeout(60000)