X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=server%2Fcontrollers%2Fclient.ts;h=f9514d988f9be01d262aaa6837251351a3695814;hb=44e702ded455c118f9908b70d25e7c7e5512abe9;hp=13ca15e9d3ffe5ea2ddffd8a9e5db0e719f97b76;hpb=d00e2393d4269c0b4e280753e5f82ac06bd218c6;p=github%2FChocobozzz%2FPeerTube.git
diff --git a/server/controllers/client.ts b/server/controllers/client.ts
index 13ca15e9d..f9514d988 100644
--- a/server/controllers/client.ts
+++ b/server/controllers/client.ts
@@ -1,89 +1,94 @@
-import * as Bluebird from 'bluebird'
-import * as express from 'express'
-import * as helmet from 'helmet'
+import express from 'express'
+import { constants, promises as fs } from 'fs'
+import { readFile } from 'fs-extra'
import { join } from 'path'
-import * as validator from 'validator'
-import { escapeHTML, readFileBufferPromise, root } from '../helpers/core-utils'
-import { ACCEPT_HEADERS, CONFIG, EMBED_SIZE, OPENGRAPH_AND_OEMBED_COMMENT, STATIC_MAX_AGE, STATIC_PATHS } from '../initializers'
-import { asyncMiddleware } from '../middlewares'
-import { VideoModel } from '../models/video/video'
-import { VideoPrivacy } from '../../shared/models/videos'
-import {
- buildFileLocale,
- getCompleteLocale,
- getDefaultLocale,
- is18nLocale,
- LOCALE_FILES,
- POSSIBLE_LOCALES
-} from '../../shared/models/i18n/i18n'
+import { logger } from '@server/helpers/logger'
+import { CONFIG } from '@server/initializers/config'
+import { Hooks } from '@server/lib/plugins/hooks'
+import { buildFileLocale, getCompleteLocale, is18nLocale, LOCALE_FILES } from '@shared/core-utils/i18n'
+import { HttpStatusCode } from '@shared/models'
+import { root } from '@shared/core-utils'
+import { STATIC_MAX_AGE } from '../initializers/constants'
+import { ClientHtml, sendHTML, serveIndexHTML } from '../lib/client-html'
+import { asyncMiddleware, embedCSP } from '../middlewares'
const clientsRouter = express.Router()
const distPath = join(root(), 'client', 'dist')
-const assetsImagesPath = join(root(), 'client', 'dist', 'assets', 'images')
-const embedPath = join(distPath, 'standalone', 'videos', 'embed.html')
const testEmbedPath = join(distPath, 'standalone', 'videos', 'test-embed.html')
// Special route that add OpenGraph and oEmbed tags
// Do not use a template engine for a so little thing
-clientsRouter.use('/videos/watch/:id',
- asyncMiddleware(generateWatchHtmlPage)
-)
-
-clientsRouter.use('' +
- '/videos/embed',
+clientsRouter.use([ '/w/p/:id', '/videos/watch/playlist/:id' ], asyncMiddleware(generateWatchPlaylistHtmlPage))
+clientsRouter.use([ '/w/:id', '/videos/watch/:id' ], asyncMiddleware(generateWatchHtmlPage))
+clientsRouter.use([ '/accounts/:nameWithHost', '/a/:nameWithHost' ], asyncMiddleware(generateAccountHtmlPage))
+clientsRouter.use([ '/video-channels/:nameWithHost', '/c/:nameWithHost' ], asyncMiddleware(generateVideoChannelHtmlPage))
+clientsRouter.use('/@:nameWithHost', asyncMiddleware(generateActorHtmlPage))
+
+const embedMiddlewares = [
+ CONFIG.CSP.ENABLED
+ ? embedCSP
+ : (req: express.Request, res: express.Response, next: express.NextFunction) => next(),
+
+ // Set headers
(req: express.Request, res: express.Response, next: express.NextFunction) => {
res.removeHeader('X-Frame-Options')
- res.sendFile(embedPath)
- }
-)
-clientsRouter.use('' +
- '/videos/test-embed', (req: express.Request, res: express.Response, next: express.NextFunction) => {
- res.sendFile(testEmbedPath)
-})
-// Static HTML/CSS/JS client files
+ // Don't cache HTML file since it's an index to the immutable JS/CSS files
+ res.setHeader('Cache-Control', 'public, max-age=0')
-const staticClientFiles = [
- 'manifest.json',
- 'ngsw-worker.js',
- 'ngsw.json'
-]
-for (const staticClientFile of staticClientFiles) {
- const path = join(root(), 'client', 'dist', staticClientFile)
- clientsRouter.use('/' + staticClientFile, express.static(path, { maxAge: STATIC_MAX_AGE }))
-}
+ next()
+ },
-clientsRouter.use('/client', express.static(distPath, { maxAge: STATIC_MAX_AGE }))
-clientsRouter.use('/client/assets/images', express.static(assetsImagesPath, { maxAge: STATIC_MAX_AGE }))
+ asyncMiddleware(generateEmbedHtmlPage)
+]
-clientsRouter.use('/client/locales/:locale/:file.json', function (req, res) {
- const locale = req.params.locale
- const file = req.params.file
+clientsRouter.use('/videos/embed', ...embedMiddlewares)
+clientsRouter.use('/video-playlists/embed', ...embedMiddlewares)
+
+const testEmbedController = (req: express.Request, res: express.Response) => res.sendFile(testEmbedPath)
+
+clientsRouter.use('/videos/test-embed', testEmbedController)
+clientsRouter.use('/video-playlists/test-embed', testEmbedController)
+
+// Dynamic PWA manifest
+clientsRouter.get('/manifest.webmanifest', asyncMiddleware(generateManifest))
+
+// Static client overrides
+// Must be consistent with static client overrides redirections in /support/nginx/peertube
+const staticClientOverrides = [
+ 'assets/images/logo.svg',
+ 'assets/images/favicon.png',
+ 'assets/images/icons/icon-36x36.png',
+ 'assets/images/icons/icon-48x48.png',
+ 'assets/images/icons/icon-72x72.png',
+ 'assets/images/icons/icon-96x96.png',
+ 'assets/images/icons/icon-144x144.png',
+ 'assets/images/icons/icon-192x192.png',
+ 'assets/images/icons/icon-512x512.png',
+ 'assets/images/default-playlist.jpg',
+ 'assets/images/default-avatar-account.png',
+ 'assets/images/default-avatar-account-48x48.png',
+ 'assets/images/default-avatar-video-channel.png',
+ 'assets/images/default-avatar-video-channel-48x48.png'
+]
- if (is18nLocale(locale) && LOCALE_FILES.indexOf(file) !== -1) {
- const completeLocale = getCompleteLocale(locale)
- const completeFileLocale = buildFileLocale(completeLocale)
- return res.sendFile(join(__dirname, `../../../client/dist/locale/${file}_${completeFileLocale}.json`))
- }
+for (const staticClientOverride of staticClientOverrides) {
+ const overridePhysicalPath = join(CONFIG.STORAGE.CLIENT_OVERRIDES_DIR, staticClientOverride)
+ clientsRouter.use(`/client/${staticClientOverride}`, asyncMiddleware(serveClientOverride(overridePhysicalPath)))
+}
- return res.sendStatus(404)
-})
+clientsRouter.use('/client/locales/:locale/:file.json', serveServerTranslations)
+clientsRouter.use('/client', express.static(distPath, { maxAge: STATIC_MAX_AGE.CLIENT }))
// 404 for static files not found
-clientsRouter.use('/client/*', (req: express.Request, res: express.Response, next: express.NextFunction) => {
- res.sendStatus(404)
+clientsRouter.use('/client/*', (req: express.Request, res: express.Response) => {
+ res.status(HttpStatusCode.NOT_FOUND_404).end()
})
// Always serve index client page (the client is a single page application, let it handle routing)
// Try to provide the right language index.html
-clientsRouter.use('/(:language)?', function (req, res) {
- if (req.accepts(ACCEPT_HEADERS) === 'html') {
- return res.sendFile(getIndexPath(req, res, req.params.language))
- }
-
- return res.status(404).end()
-})
+clientsRouter.use('/(:language)?', asyncMiddleware(serveIndexHTML))
// ---------------------------------------------------------------------------
@@ -93,131 +98,103 @@ export {
// ---------------------------------------------------------------------------
-function getIndexPath (req: express.Request, res: express.Response, paramLang?: string) {
- let lang: string
-
- // Check param lang validity
- if (paramLang && is18nLocale(paramLang)) {
- lang = paramLang
+function serveServerTranslations (req: express.Request, res: express.Response) {
+ const locale = req.params.locale
+ const file = req.params.file
- // Save locale in cookies
- res.cookie('clientLanguage', lang, {
- secure: CONFIG.WEBSERVER.SCHEME === 'https',
- sameSite: true,
- maxAge: 1000 * 3600 * 24 * 90 // 3 months
- })
+ if (is18nLocale(locale) && LOCALE_FILES.includes(file)) {
+ const completeLocale = getCompleteLocale(locale)
+ const completeFileLocale = buildFileLocale(completeLocale)
- } else if (req.cookies.clientLanguage && is18nLocale(req.cookies.clientLanguage)) {
- lang = req.cookies.clientLanguage
- } else {
- lang = req.acceptsLanguages(POSSIBLE_LOCALES) || getDefaultLocale()
+ const path = join(__dirname, `../../../client/dist/locale/${file}.${completeFileLocale}.json`)
+ return res.sendFile(path, { maxAge: STATIC_MAX_AGE.SERVER })
}
- return join(__dirname, '../../../client/dist/' + buildFileLocale(lang) + '/index.html')
+ return res.status(HttpStatusCode.NOT_FOUND_404).end()
}
-function addOpenGraphAndOEmbedTags (htmlStringPage: string, video: VideoModel) {
- const previewUrl = CONFIG.WEBSERVER.URL + STATIC_PATHS.PREVIEWS + video.getPreviewName()
- const videoUrl = CONFIG.WEBSERVER.URL + '/videos/watch/' + video.uuid
-
- const videoNameEscaped = escapeHTML(video.name)
- const videoDescriptionEscaped = escapeHTML(video.description)
- const embedUrl = CONFIG.WEBSERVER.URL + video.getEmbedStaticPath()
-
- const openGraphMetaTags = {
- 'og:type': 'video',
- 'og:title': videoNameEscaped,
- 'og:image': previewUrl,
- 'og:url': videoUrl,
- 'og:description': videoDescriptionEscaped,
-
- 'og:video:url': embedUrl,
- 'og:video:secure_url': embedUrl,
- 'og:video:type': 'text/html',
- 'og:video:width': EMBED_SIZE.width,
- 'og:video:height': EMBED_SIZE.height,
-
- 'name': videoNameEscaped,
- 'description': videoDescriptionEscaped,
- 'image': previewUrl,
-
- 'twitter:card': CONFIG.SERVICES.TWITTER.WHITELISTED ? 'player' : 'summary_large_image',
- 'twitter:site': CONFIG.SERVICES.TWITTER.USERNAME,
- 'twitter:title': videoNameEscaped,
- 'twitter:description': videoDescriptionEscaped,
- 'twitter:image': previewUrl,
- 'twitter:player': embedUrl,
- 'twitter:player:width': EMBED_SIZE.width,
- 'twitter:player:height': EMBED_SIZE.height
- }
+async function generateEmbedHtmlPage (req: express.Request, res: express.Response) {
+ const hookName = req.originalUrl.startsWith('/video-playlists/')
+ ? 'filter:html.embed.video-playlist.allowed.result'
+ : 'filter:html.embed.video.allowed.result'
- const oembedLinkTags = [
- {
- type: 'application/json+oembed',
- href: CONFIG.WEBSERVER.URL + '/services/oembed?url=' + encodeURIComponent(videoUrl),
- title: videoNameEscaped
- }
- ]
-
- const schemaTags = {
- '@context': 'http://schema.org',
- '@type': 'VideoObject',
- name: videoNameEscaped,
- description: videoDescriptionEscaped,
- thumbnailUrl: previewUrl,
- uploadDate: video.createdAt.toISOString(),
- duration: video.getActivityStreamDuration(),
- contentUrl: videoUrl,
- embedUrl: embedUrl,
- interactionCount: video.views
+ const allowParameters = { req }
+
+ const allowedResult = await Hooks.wrapFun(
+ isEmbedAllowed,
+ allowParameters,
+ hookName
+ )
+
+ if (!allowedResult || allowedResult.allowed !== true) {
+ logger.info('Embed is not allowed.', { allowedResult })
+
+ return sendHTML(allowedResult?.html || '', res)
}
- let tagsString = ''
+ const html = await ClientHtml.getEmbedHTML()
- // Opengraph
- Object.keys(openGraphMetaTags).forEach(tagName => {
- const tagValue = openGraphMetaTags[tagName]
+ return sendHTML(html, res)
+}
- tagsString += ``
- })
+async function generateWatchHtmlPage (req: express.Request, res: express.Response) {
+ const html = await ClientHtml.getWatchHTMLPage(req.params.id + '', req, res)
- // OEmbed
- for (const oembedLinkTag of oembedLinkTags) {
- tagsString += ``
- }
+ return sendHTML(html, res, true)
+}
- // Schema.org
- tagsString += ``
+async function generateWatchPlaylistHtmlPage (req: express.Request, res: express.Response) {
+ const html = await ClientHtml.getWatchPlaylistHTMLPage(req.params.id + '', req, res)
- // SEO
- tagsString += ``
+ return sendHTML(html, res, true)
+}
- return htmlStringPage.replace(OPENGRAPH_AND_OEMBED_COMMENT, tagsString)
+async function generateAccountHtmlPage (req: express.Request, res: express.Response) {
+ const html = await ClientHtml.getAccountHTMLPage(req.params.nameWithHost, req, res)
+
+ return sendHTML(html, res, true)
}
-async function generateWatchHtmlPage (req: express.Request, res: express.Response, next: express.NextFunction) {
- const videoId = '' + req.params.id
- let videoPromise: Bluebird
-
- // Let Angular application handle errors
- if (validator.isUUID(videoId, 4)) {
- videoPromise = VideoModel.loadByUUIDAndPopulateAccountAndServerAndTags(videoId)
- } else if (validator.isInt(videoId)) {
- videoPromise = VideoModel.loadAndPopulateAccountAndServerAndTags(+videoId)
- } else {
- return res.sendFile(getIndexPath(req, res))
- }
+async function generateVideoChannelHtmlPage (req: express.Request, res: express.Response) {
+ const html = await ClientHtml.getVideoChannelHTMLPage(req.params.nameWithHost, req, res)
- let [ file, video ] = await Promise.all([
- readFileBufferPromise(getIndexPath(req, res)),
- videoPromise
- ])
+ return sendHTML(html, res, true)
+}
+
+async function generateActorHtmlPage (req: express.Request, res: express.Response) {
+ const html = await ClientHtml.getActorHTMLPage(req.params.nameWithHost, req, res)
+
+ return sendHTML(html, res, true)
+}
+
+async function generateManifest (req: express.Request, res: express.Response) {
+ const manifestPhysicalPath = join(root(), 'client', 'dist', 'manifest.webmanifest')
+ const manifestJson = await readFile(manifestPhysicalPath, 'utf8')
+ const manifest = JSON.parse(manifestJson)
- const html = file.toString()
+ manifest.name = CONFIG.INSTANCE.NAME
+ manifest.short_name = CONFIG.INSTANCE.NAME
+ manifest.description = CONFIG.INSTANCE.SHORT_DESCRIPTION
- // Let Angular application handle errors
- if (!video || video.privacy === VideoPrivacy.PRIVATE) return res.sendFile(getIndexPath(req, res))
+ res.json(manifest)
+}
+
+function serveClientOverride (path: string) {
+ return async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+ try {
+ await fs.access(path, constants.F_OK)
+ // Serve override client
+ res.sendFile(path, { maxAge: STATIC_MAX_AGE.SERVER })
+ } catch {
+ // Serve dist client
+ next()
+ }
+ }
+}
- const htmlStringPageWithTags = addOpenGraphAndOEmbedTags(html, video)
- res.set('Content-Type', 'text/html; charset=UTF-8').send(htmlStringPageWithTags)
+type AllowedResult = { allowed: boolean, html?: string }
+function isEmbedAllowed (_object: {
+ req: express.Request
+}): AllowedResult {
+ return { allowed: true }
}