X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=server%2Fcontrollers%2Fstatic.ts;h=9baff94c0f0295edf2076e9255abe5d55517b2d1;hb=6a4905602636afd6650c9e6f4d0fcc2105d91100;hp=0f47723100ef165f9f290553b76dba237e1f6293;hpb=5c5e587307a27e173333789b5b5167d35f468b01;p=github%2FChocobozzz%2FPeerTube.git diff --git a/server/controllers/static.ts b/server/controllers/static.ts index 0f4772310..9baff94c0 100644 --- a/server/controllers/static.ts +++ b/server/controllers/static.ts @@ -1,173 +1,83 @@ -import * as cors from 'cors' -import * as express from 'express' -import { - HLS_STREAMING_PLAYLIST_DIRECTORY, - PEERTUBE_VERSION, - ROUTE_CACHE_LIFETIME, - STATIC_DOWNLOAD_PATHS, - STATIC_MAX_AGE, - STATIC_PATHS, - WEBSERVER -} from '../initializers/constants' -import { cacheRoute } from '../middlewares/cache' -import { asyncMiddleware, videosGetValidator } from '../middlewares' -import { VideoModel } from '../models/video/video' -import { UserModel } from '../models/account/user' -import { VideoCommentModel } from '../models/video/video-comment' -import { HttpNodeinfoDiasporaSoftwareNsSchema20 } from '../../shared/models/nodeinfo' +import cors from 'cors' +import express from 'express' +import { readFile } from 'fs-extra' import { join } from 'path' -import { root } from '../helpers/core-utils' +import { injectQueryToPlaylistUrls } from '@server/lib/hls' +import { + asyncMiddleware, + ensureCanAccessPrivateVideoHLSFiles, + ensureCanAccessVideoPrivateWebTorrentFiles, + handleStaticError, + optionalAuthenticate +} from '@server/middlewares' +import { HttpStatusCode } from '@shared/models' import { CONFIG } from '../initializers/config' -import { getPreview, getVideoCaption } from './lazy-static' +import { DIRECTORIES, STATIC_MAX_AGE, STATIC_PATHS } from '../initializers/constants' +import { buildReinjectVideoFileTokenQuery, doReinjectVideoFileToken } from './shared/m3u8-playlist' const staticRouter = express.Router() +// Cors is very important to let other servers access torrent and video files staticRouter.use(cors()) -/* - Cors is very important to let other servers access torrent and video files -*/ +// --------------------------------------------------------------------------- +// WebTorrent/Classic videos +// --------------------------------------------------------------------------- -const torrentsPhysicalPath = CONFIG.STORAGE.TORRENTS_DIR -staticRouter.use( - STATIC_PATHS.TORRENTS, - cors(), - express.static(torrentsPhysicalPath, { maxAge: 0 }) // Don't cache because we could regenerate the torrent file -) -staticRouter.use( - STATIC_DOWNLOAD_PATHS.TORRENTS + ':id-:resolution([0-9]+).torrent', - asyncMiddleware(videosGetValidator), - asyncMiddleware(downloadTorrent) -) +const privateWebTorrentStaticMiddlewares = CONFIG.STATIC_FILES.PRIVATE_FILES_REQUIRE_AUTH === true + ? [ optionalAuthenticate, asyncMiddleware(ensureCanAccessVideoPrivateWebTorrentFiles) ] + : [] -// Videos path for webseeding staticRouter.use( - STATIC_PATHS.WEBSEED, - cors(), - express.static(CONFIG.STORAGE.VIDEOS_DIR, { fallthrough: false }) // 404 because we don't have this video + STATIC_PATHS.PRIVATE_WEBSEED, + ...privateWebTorrentStaticMiddlewares, + express.static(DIRECTORIES.VIDEOS.PRIVATE, { fallthrough: false }), + handleStaticError ) staticRouter.use( - STATIC_PATHS.REDUNDANCY, - cors(), - express.static(CONFIG.STORAGE.REDUNDANCY_DIR, { fallthrough: false }) // 404 because we don't have this video + STATIC_PATHS.WEBSEED, + express.static(DIRECTORIES.VIDEOS.PUBLIC, { fallthrough: false }), + handleStaticError ) staticRouter.use( - STATIC_DOWNLOAD_PATHS.VIDEOS + ':id-:resolution([0-9]+).:extension', - asyncMiddleware(videosGetValidator), - asyncMiddleware(downloadVideoFile) + STATIC_PATHS.REDUNDANCY, + express.static(CONFIG.STORAGE.REDUNDANCY_DIR, { fallthrough: false }), + handleStaticError ) +// --------------------------------------------------------------------------- // HLS -staticRouter.use( - STATIC_PATHS.STREAMING_PLAYLISTS.HLS, - cors(), - express.static(HLS_STREAMING_PLAYLIST_DIRECTORY, { fallthrough: false }) // 404 if the file does not exist -) +// --------------------------------------------------------------------------- -// Thumbnails path for express -const thumbnailsPhysicalPath = CONFIG.STORAGE.THUMBNAILS_DIR -staticRouter.use( - STATIC_PATHS.THUMBNAILS, - express.static(thumbnailsPhysicalPath, { maxAge: STATIC_MAX_AGE.SERVER, fallthrough: false }) // 404 if the file does not exist -) +const privateHLSStaticMiddlewares = CONFIG.STATIC_FILES.PRIVATE_FILES_REQUIRE_AUTH === true + ? [ optionalAuthenticate, asyncMiddleware(ensureCanAccessPrivateVideoHLSFiles) ] + : [] -// DEPRECATED: use lazy-static route instead -const avatarsPhysicalPath = CONFIG.STORAGE.AVATARS_DIR staticRouter.use( - STATIC_PATHS.AVATARS, - express.static(avatarsPhysicalPath, { maxAge: STATIC_MAX_AGE.SERVER, fallthrough: false }) // 404 if the file does not exist + STATIC_PATHS.STREAMING_PLAYLISTS.PRIVATE_HLS + ':videoUUID/:playlistName.m3u8', + ...privateHLSStaticMiddlewares, + asyncMiddleware(servePrivateM3U8) ) -// DEPRECATED: use lazy-static route instead staticRouter.use( - STATIC_PATHS.PREVIEWS + ':uuid.jpg', - asyncMiddleware(getPreview) + STATIC_PATHS.STREAMING_PLAYLISTS.PRIVATE_HLS, + ...privateHLSStaticMiddlewares, + express.static(DIRECTORIES.HLS_STREAMING_PLAYLIST.PRIVATE, { fallthrough: false }), + handleStaticError ) - -// DEPRECATED: use lazy-static route instead staticRouter.use( - STATIC_PATHS.VIDEO_CAPTIONS + ':videoId-:captionLanguage([a-z]+).vtt', - asyncMiddleware(getVideoCaption) -) - -// robots.txt service -staticRouter.get('/robots.txt', - asyncMiddleware(cacheRoute(ROUTE_CACHE_LIFETIME.ROBOTS)), - (_, res: express.Response) => { - res.type('text/plain') - return res.send(CONFIG.INSTANCE.ROBOTS) - } -) - -// security.txt service -staticRouter.get('/security.txt', - (_, res: express.Response) => { - return res.redirect(301, '/.well-known/security.txt') - } -) - -staticRouter.get('/.well-known/security.txt', - asyncMiddleware(cacheRoute(ROUTE_CACHE_LIFETIME.SECURITYTXT)), - (_, res: express.Response) => { - res.type('text/plain') - return res.send(CONFIG.INSTANCE.SECURITYTXT + CONFIG.INSTANCE.SECURITYTXT_CONTACT) - } -) - -// nodeinfo service -staticRouter.use('/.well-known/nodeinfo', - asyncMiddleware(cacheRoute(ROUTE_CACHE_LIFETIME.NODEINFO)), - (_, res: express.Response) => { - return res.json({ - links: [ - { - rel: 'http://nodeinfo.diaspora.software/ns/schema/2.0', - href: WEBSERVER.URL + '/nodeinfo/2.0.json' - } - ] - }) - } -) -staticRouter.use('/nodeinfo/:version.json', - asyncMiddleware(cacheRoute(ROUTE_CACHE_LIFETIME.NODEINFO)), - asyncMiddleware(generateNodeinfo) -) - -// dnt-policy.txt service (see https://www.eff.org/dnt-policy) -staticRouter.use('/.well-known/dnt-policy.txt', - asyncMiddleware(cacheRoute(ROUTE_CACHE_LIFETIME.DNT_POLICY)), - (_, res: express.Response) => { - res.type('text/plain') - - return res.sendFile(join(root(), 'dist/server/static/dnt-policy/dnt-policy-1.0.txt')) - } -) - -// dnt service (see https://www.w3.org/TR/tracking-dnt/#status-resource) -staticRouter.use('/.well-known/dnt/', - (_, res: express.Response) => { - res.json({ tracking: 'N' }) - } -) - -staticRouter.use('/.well-known/change-password', - (_, res: express.Response) => { - res.redirect('/my-account/settings') - } + STATIC_PATHS.STREAMING_PLAYLISTS.HLS, + express.static(DIRECTORIES.HLS_STREAMING_PLAYLIST.PUBLIC, { fallthrough: false }), + handleStaticError ) -staticRouter.use('/.well-known/host-meta', - (_, res: express.Response) => { - res.type('application/xml') - - const xml = '\n' + - '\n' + - ` \n` + - '' - - res.send(xml).end() - } +// Thumbnails path for express +const thumbnailsPhysicalPath = CONFIG.STORAGE.THUMBNAILS_DIR +staticRouter.use( + STATIC_PATHS.THUMBNAILS, + express.static(thumbnailsPhysicalPath, { maxAge: STATIC_MAX_AGE.SERVER, fallthrough: false }), + handleStaticError ) // --------------------------------------------------------------------------- @@ -178,73 +88,29 @@ export { // --------------------------------------------------------------------------- -async function generateNodeinfo (req: express.Request, res: express.Response) { - const { totalVideos } = await VideoModel.getStats() - const { totalLocalVideoComments } = await VideoCommentModel.getStats() - const { totalUsers } = await UserModel.getStats() - let json = {} - - if (req.params.version && (req.params.version === '2.0')) { - json = { - version: '2.0', - software: { - name: 'peertube', - version: PEERTUBE_VERSION - }, - protocols: [ - 'activitypub' - ], - services: { - inbound: [], - outbound: [ - 'atom1.0', - 'rss2.0' - ] - }, - openRegistrations: CONFIG.SIGNUP.ENABLED, - usage: { - users: { - total: totalUsers - }, - localPosts: totalVideos, - localComments: totalLocalVideoComments - }, - metadata: { - taxonomy: { - postsName: 'Videos' - }, - nodeName: CONFIG.INSTANCE.NAME, - nodeDescription: CONFIG.INSTANCE.SHORT_DESCRIPTION - } - } as HttpNodeinfoDiasporaSoftwareNsSchema20 - res.contentType('application/json; profile="http://nodeinfo.diaspora.software/ns/schema/2.0#"') - } else { - json = { error: 'Nodeinfo schema version not handled' } - res.status(404) - } +async function servePrivateM3U8 (req: express.Request, res: express.Response) { + const path = join(DIRECTORIES.HLS_STREAMING_PLAYLIST.PRIVATE, req.params.videoUUID, req.params.playlistName + '.m3u8') + const filename = req.params.playlistName + '.m3u8' - return res.send(json).end() -} - -async function downloadTorrent (req: express.Request, res: express.Response) { - const { video, videoFile } = getVideoAndFile(req, res) - if (!videoFile) return res.status(404).end() - - return res.download(video.getTorrentFilePath(videoFile), `${video.name}-${videoFile.resolution}p.torrent`) -} + let playlistContent: string -async function downloadVideoFile (req: express.Request, res: express.Response) { - const { video, videoFile } = getVideoAndFile(req, res) - if (!videoFile) return res.status(404).end() + try { + playlistContent = await readFile(path, 'utf-8') + } catch (err) { + if (err.message.includes('ENOENT')) { + return res.fail({ + status: HttpStatusCode.NOT_FOUND_404, + message: 'File not found' + }) + } - return res.download(video.getVideoFilePath(videoFile), `${video.name}-${videoFile.resolution}p${videoFile.extname}`) -} - -function getVideoAndFile (req: express.Request, res: express.Response) { - const resolution = parseInt(req.params.resolution, 10) - const video = res.locals.videoAll + throw err + } - const videoFile = video.VideoFiles.find(f => f.resolution === resolution) + // Inject token in playlist so players that cannot alter the HTTP request can still watch the video + const transformedContent = doReinjectVideoFileToken(req) + ? injectQueryToPlaylistUrls(playlistContent, buildReinjectVideoFileTokenQuery(req, filename.endsWith('master.m3u8'))) + : playlistContent - return { video, videoFile } + return res.set('content-type', 'application/vnd.apple.mpegurl').send(transformedContent).end() }