X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=server%2Fmiddlewares%2Fvalidators%2Fshared%2Fvideos.ts;h=0033a32ff1af454f6a7794ce3403e49965b5526a;hb=8ca52bcc2c37d457e8b19a237c66b8dd1c00b6b9;hp=2c2ae381127f4294e3b42ef24cd5bff2f6b3d654;hpb=a2fb5fb8b1007e3ce82e707917f5d9a37374e99b;p=github%2FChocobozzz%2FPeerTube.git diff --git a/server/middlewares/validators/shared/videos.ts b/server/middlewares/validators/shared/videos.ts index 2c2ae3811..0033a32ff 100644 --- a/server/middlewares/validators/shared/videos.ts +++ b/server/middlewares/validators/shared/videos.ts @@ -1,7 +1,7 @@ import { Request, Response } from 'express' -import { isUUIDValid } from '@server/helpers/custom-validators/misc' import { loadVideo, VideoLoadType } from '@server/lib/model-loaders' import { isAbleToUploadVideo } from '@server/lib/user' +import { VideoTokensManager } from '@server/lib/video-tokens-manager' import { authenticatePromise } from '@server/middlewares/auth' import { VideoModel } from '@server/models/video/video' import { VideoChannelModel } from '@server/models/video/video-channel' @@ -108,26 +108,21 @@ async function checkCanSeeVideo (options: { res: Response paramId: string video: MVideo - authenticateInQuery?: boolean // default false }) { - const { req, res, video, paramId, authenticateInQuery = false } = options + const { req, res, video, paramId } = options - if (video.requiresAuth()) { - return checkCanSeeAuthVideo(req, res, video, authenticateInQuery) + if (video.requiresAuth({ urlParamId: paramId, checkBlacklist: true })) { + return checkCanSeeAuthVideo(req, res, video) } - if (video.privacy === VideoPrivacy.UNLISTED) { - if (isUUIDValid(paramId)) return true - - return checkCanSeeAuthVideo(req, res, video, authenticateInQuery) + if (video.privacy === VideoPrivacy.UNLISTED || video.privacy === VideoPrivacy.PUBLIC) { + return true } - if (video.privacy === VideoPrivacy.PUBLIC) return true - - throw new Error('Fatal error when checking video right ' + video.url) + throw new Error('Unknown video privacy when checking video right ' + video.url) } -async function checkCanSeeAuthVideo (req: Request, res: Response, video: MVideoId | MVideoWithRights, authenticateInQuery = false) { +async function checkCanSeeAuthVideo (req: Request, res: Response, video: MVideoId | MVideoWithRights) { const fail = () => { res.fail({ status: HttpStatusCode.FORBIDDEN_403, @@ -137,14 +132,14 @@ async function checkCanSeeAuthVideo (req: Request, res: Response, video: MVideoI return false } - await authenticatePromise(req, res, authenticateInQuery) + await authenticatePromise(req, res) const user = res.locals.oauth?.token.User if (!user) return fail() const videoWithRights = (video as MVideoWithRights).VideoChannel?.Account?.userId ? video as MVideoWithRights - : await VideoModel.loadAndPopulateAccountAndServerAndTags(video.id) + : await VideoModel.loadFull(video.id) const privacy = videoWithRights.privacy @@ -173,6 +168,34 @@ async function checkCanSeeAuthVideo (req: Request, res: Response, video: MVideoI // --------------------------------------------------------------------------- +async function checkCanAccessVideoStaticFiles (options: { + video: MVideo + req: Request + res: Response + paramId: string +}) { + const { video, req, res } = options + + if (res.locals.oauth?.token.User) { + return checkCanSeeVideo(options) + } + + const videoFileToken = req.query.videoFileToken + if (videoFileToken && VideoTokensManager.Instance.hasToken({ token: videoFileToken, videoUUID: video.uuid })) { + const user = VideoTokensManager.Instance.getUserFromToken({ token: videoFileToken }) + + res.locals.videoFileToken = { user } + return true + } + + if (!video.hasPrivateStaticPath()) return true + + res.sendStatus(HttpStatusCode.FORBIDDEN_403) + return false +} + +// --------------------------------------------------------------------------- + function checkUserCanManageVideo (user: MUser, video: MVideoAccountLight, right: UserRight, res: Response, onlyOwned = true) { // Retrieve the user who did the request if (onlyOwned && video.isOwned() === false) { @@ -220,6 +243,7 @@ export { doesVideoExist, doesVideoFileOfVideoExist, + checkCanAccessVideoStaticFiles, checkUserCanManageVideo, checkCanSeeVideo, checkUserQuota