aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorChocobozzz <me@florianbigard.com>2019-12-03 10:41:23 +0100
committerChocobozzz <me@florianbigard.com>2019-12-03 10:41:23 +0100
commiteccf70f020cb8b0d9ceddc2561713ccfddb72095 (patch)
treebae9d9285a00c2958666becbb50427cabcea7aed
parent3f6b7aa1cfa28ee02eec8c8ab16b623f2bbab928 (diff)
downloadPeerTube-eccf70f020cb8b0d9ceddc2561713ccfddb72095.tar.gz
PeerTube-eccf70f020cb8b0d9ceddc2561713ccfddb72095.tar.zst
PeerTube-eccf70f020cb8b0d9ceddc2561713ccfddb72095.zip
Fix private video download
-rw-r--r--client/src/app/shared/video/modals/video-download.component.ts12
-rw-r--r--server/controllers/static.ts10
-rw-r--r--server/middlewares/oauth.ts12
-rw-r--r--server/middlewares/validators/videos/videos.ts6
4 files changed, 24 insertions, 16 deletions
diff --git a/client/src/app/shared/video/modals/video-download.component.ts b/client/src/app/shared/video/modals/video-download.component.ts
index 0e9e44de7..5849ee458 100644
--- a/client/src/app/shared/video/modals/video-download.component.ts
+++ b/client/src/app/shared/video/modals/video-download.component.ts
@@ -2,7 +2,8 @@ import { Component, ElementRef, ViewChild } from '@angular/core'
2import { VideoDetails } from '../../../shared/video/video-details.model' 2import { VideoDetails } from '../../../shared/video/video-details.model'
3import { NgbActiveModal, NgbModal } from '@ng-bootstrap/ng-bootstrap' 3import { NgbActiveModal, NgbModal } from '@ng-bootstrap/ng-bootstrap'
4import { I18n } from '@ngx-translate/i18n-polyfill' 4import { I18n } from '@ngx-translate/i18n-polyfill'
5import { Notifier } from '@app/core' 5import { AuthService, Notifier } from '@app/core'
6import { VideoPrivacy } from '@shared/models'
6 7
7@Component({ 8@Component({
8 selector: 'my-video-download', 9 selector: 'my-video-download',
@@ -21,6 +22,7 @@ export class VideoDownloadComponent {
21 constructor ( 22 constructor (
22 private notifier: Notifier, 23 private notifier: Notifier,
23 private modalService: NgbModal, 24 private modalService: NgbModal,
25 private auth: AuthService,
24 private i18n: I18n 26 private i18n: I18n
25 ) { } 27 ) { }
26 28
@@ -57,12 +59,16 @@ export class VideoDownloadComponent {
57 return 59 return
58 } 60 }
59 61
62 const suffix = this.video.privacy.id === VideoPrivacy.PRIVATE
63 ? '?access_token=' + this.auth.getAccessToken()
64 : ''
65
60 switch (this.downloadType) { 66 switch (this.downloadType) {
61 case 'direct': 67 case 'direct':
62 return file.fileDownloadUrl 68 return file.fileDownloadUrl + suffix
63 69
64 case 'torrent': 70 case 'torrent':
65 return file.torrentDownloadUrl 71 return file.torrentDownloadUrl + suffix
66 } 72 }
67 } 73 }
68 74
diff --git a/server/controllers/static.ts b/server/controllers/static.ts
index 7c900be92..0aab12756 100644
--- a/server/controllers/static.ts
+++ b/server/controllers/static.ts
@@ -10,7 +10,7 @@ import {
10 WEBSERVER 10 WEBSERVER
11} from '../initializers/constants' 11} from '../initializers/constants'
12import { cacheRoute } from '../middlewares/cache' 12import { cacheRoute } from '../middlewares/cache'
13import { asyncMiddleware, videosGetValidator } from '../middlewares' 13import { asyncMiddleware, videosDownloadValidator } from '../middlewares'
14import { VideoModel } from '../models/video/video' 14import { VideoModel } from '../models/video/video'
15import { UserModel } from '../models/account/user' 15import { UserModel } from '../models/account/user'
16import { VideoCommentModel } from '../models/video/video-comment' 16import { VideoCommentModel } from '../models/video/video-comment'
@@ -39,12 +39,12 @@ staticRouter.use(
39) 39)
40staticRouter.use( 40staticRouter.use(
41 STATIC_DOWNLOAD_PATHS.TORRENTS + ':id-:resolution([0-9]+).torrent', 41 STATIC_DOWNLOAD_PATHS.TORRENTS + ':id-:resolution([0-9]+).torrent',
42 asyncMiddleware(videosGetValidator), 42 asyncMiddleware(videosDownloadValidator),
43 asyncMiddleware(downloadTorrent) 43 asyncMiddleware(downloadTorrent)
44) 44)
45staticRouter.use( 45staticRouter.use(
46 STATIC_DOWNLOAD_PATHS.TORRENTS + ':id-:resolution([0-9]+)-hls.torrent', 46 STATIC_DOWNLOAD_PATHS.TORRENTS + ':id-:resolution([0-9]+)-hls.torrent',
47 asyncMiddleware(videosGetValidator), 47 asyncMiddleware(videosDownloadValidator),
48 asyncMiddleware(downloadHLSVideoFileTorrent) 48 asyncMiddleware(downloadHLSVideoFileTorrent)
49) 49)
50 50
@@ -62,13 +62,13 @@ staticRouter.use(
62 62
63staticRouter.use( 63staticRouter.use(
64 STATIC_DOWNLOAD_PATHS.VIDEOS + ':id-:resolution([0-9]+).:extension', 64 STATIC_DOWNLOAD_PATHS.VIDEOS + ':id-:resolution([0-9]+).:extension',
65 asyncMiddleware(videosGetValidator), 65 asyncMiddleware(videosDownloadValidator),
66 asyncMiddleware(downloadVideoFile) 66 asyncMiddleware(downloadVideoFile)
67) 67)
68 68
69staticRouter.use( 69staticRouter.use(
70 STATIC_DOWNLOAD_PATHS.HLS_VIDEOS + ':id-:resolution([0-9]+)-fragmented.:extension', 70 STATIC_DOWNLOAD_PATHS.HLS_VIDEOS + ':id-:resolution([0-9]+)-fragmented.:extension',
71 asyncMiddleware(videosGetValidator), 71 asyncMiddleware(videosDownloadValidator),
72 asyncMiddleware(downloadHLSVideoFile) 72 asyncMiddleware(downloadHLSVideoFile)
73) 73)
74 74
diff --git a/server/middlewares/oauth.ts b/server/middlewares/oauth.ts
index 77fb305dd..bb90dac47 100644
--- a/server/middlewares/oauth.ts
+++ b/server/middlewares/oauth.ts
@@ -12,8 +12,10 @@ const oAuthServer = new OAuthServer({
12 model: require('../lib/oauth-model') 12 model: require('../lib/oauth-model')
13}) 13})
14 14
15function authenticate (req: express.Request, res: express.Response, next: express.NextFunction) { 15function authenticate (req: express.Request, res: express.Response, next: express.NextFunction, authenticateInQuery = false) {
16 oAuthServer.authenticate()(req, res, err => { 16 const options = authenticateInQuery ? { allowBearerTokensInQueryString: true } : {}
17
18 oAuthServer.authenticate(options)(req, res, err => {
17 if (err) { 19 if (err) {
18 logger.warn('Cannot authenticate.', { err }) 20 logger.warn('Cannot authenticate.', { err })
19 21
@@ -50,16 +52,14 @@ function authenticateSocket (socket: Socket, next: (err?: any) => void) {
50 }) 52 })
51} 53}
52 54
53function authenticatePromiseIfNeeded (req: express.Request, res: express.Response) { 55function authenticatePromiseIfNeeded (req: express.Request, res: express.Response, authenticateInQuery = false) {
54 return new Promise(resolve => { 56 return new Promise(resolve => {
55 // Already authenticated? (or tried to) 57 // Already authenticated? (or tried to)
56 if (res.locals.oauth && res.locals.oauth.token.User) return resolve() 58 if (res.locals.oauth && res.locals.oauth.token.User) return resolve()
57 59
58 if (res.locals.authenticated === false) return res.sendStatus(401) 60 if (res.locals.authenticated === false) return res.sendStatus(401)
59 61
60 authenticate(req, res, () => { 62 authenticate(req, res, () => resolve(), authenticateInQuery)
61 return resolve()
62 })
63 }) 63 })
64} 64}
65 65
diff --git a/server/middlewares/validators/videos/videos.ts b/server/middlewares/validators/videos/videos.ts
index 53a2f193d..ab984d84a 100644
--- a/server/middlewares/validators/videos/videos.ts
+++ b/server/middlewares/validators/videos/videos.ts
@@ -147,7 +147,7 @@ async function checkVideoFollowConstraints (req: express.Request, res: express.R
147 }) 147 })
148} 148}
149 149
150const videosCustomGetValidator = (fetchType: 'all' | 'only-video' | 'only-video-with-rights') => { 150const videosCustomGetValidator = (fetchType: 'all' | 'only-video' | 'only-video-with-rights', authenticateInQuery = false) => {
151 return [ 151 return [
152 param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), 152 param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
153 153
@@ -162,7 +162,7 @@ const videosCustomGetValidator = (fetchType: 'all' | 'only-video' | 'only-video-
162 162
163 // Video private or blacklisted 163 // Video private or blacklisted
164 if (video.privacy === VideoPrivacy.PRIVATE || videoAll.VideoBlacklist) { 164 if (video.privacy === VideoPrivacy.PRIVATE || videoAll.VideoBlacklist) {
165 await authenticatePromiseIfNeeded(req, res) 165 await authenticatePromiseIfNeeded(req, res, authenticateInQuery)
166 166
167 const user = res.locals.oauth ? res.locals.oauth.token.User : null 167 const user = res.locals.oauth ? res.locals.oauth.token.User : null
168 168
@@ -193,6 +193,7 @@ const videosCustomGetValidator = (fetchType: 'all' | 'only-video' | 'only-video-
193} 193}
194 194
195const videosGetValidator = videosCustomGetValidator('all') 195const videosGetValidator = videosCustomGetValidator('all')
196const videosDownloadValidator = videosCustomGetValidator('all', true)
196 197
197const videosRemoveValidator = [ 198const videosRemoveValidator = [
198 param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), 199 param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
@@ -407,6 +408,7 @@ export {
407 videosAddValidator, 408 videosAddValidator,
408 videosUpdateValidator, 409 videosUpdateValidator,
409 videosGetValidator, 410 videosGetValidator,
411 videosDownloadValidator,
410 checkVideoFollowConstraints, 412 checkVideoFollowConstraints,
411 videosCustomGetValidator, 413 videosCustomGetValidator,
412 videosRemoveValidator, 414 videosRemoveValidator,