diff options
author | Chocobozzz <me@florianbigard.com> | 2022-10-19 10:43:53 +0200 |
---|---|---|
committer | Chocobozzz <chocobozzz@cpy.re> | 2022-10-24 14:48:24 +0200 |
commit | 9ab330b90decf4edf152ff8e1d2948c065766b2c (patch) | |
tree | 29d924f50f7307e8e828a57ecb9ea78623487ce0 /server/controllers/object-storage-proxy.ts | |
parent | 3545e72c686ff1725bbdfd8d16d693e2f4aa75a3 (diff) | |
download | PeerTube-9ab330b90decf4edf152ff8e1d2948c065766b2c.tar.gz PeerTube-9ab330b90decf4edf152ff8e1d2948c065766b2c.tar.zst PeerTube-9ab330b90decf4edf152ff8e1d2948c065766b2c.zip |
Use private ACL for private videos in s3
Diffstat (limited to 'server/controllers/object-storage-proxy.ts')
-rw-r--r-- | server/controllers/object-storage-proxy.ts | 78 |
1 files changed, 78 insertions, 0 deletions
diff --git a/server/controllers/object-storage-proxy.ts b/server/controllers/object-storage-proxy.ts new file mode 100644 index 000000000..6fedcfd8f --- /dev/null +++ b/server/controllers/object-storage-proxy.ts | |||
@@ -0,0 +1,78 @@ | |||
1 | import cors from 'cors' | ||
2 | import express from 'express' | ||
3 | import { OBJECT_STORAGE_PROXY_PATHS } from '@server/initializers/constants' | ||
4 | import { getHLSFileReadStream, getWebTorrentFileReadStream } from '@server/lib/object-storage' | ||
5 | import { | ||
6 | asyncMiddleware, | ||
7 | ensureCanAccessPrivateVideoHLSFiles, | ||
8 | ensureCanAccessVideoPrivateWebTorrentFiles, | ||
9 | optionalAuthenticate | ||
10 | } from '@server/middlewares' | ||
11 | import { HttpStatusCode } from '@shared/models' | ||
12 | |||
13 | const objectStorageProxyRouter = express.Router() | ||
14 | |||
15 | objectStorageProxyRouter.use(cors()) | ||
16 | |||
17 | objectStorageProxyRouter.get(OBJECT_STORAGE_PROXY_PATHS.PRIVATE_WEBSEED + ':filename', | ||
18 | optionalAuthenticate, | ||
19 | asyncMiddleware(ensureCanAccessVideoPrivateWebTorrentFiles), | ||
20 | asyncMiddleware(proxifyWebTorrent) | ||
21 | ) | ||
22 | |||
23 | objectStorageProxyRouter.get(OBJECT_STORAGE_PROXY_PATHS.STREAMING_PLAYLISTS.PRIVATE_HLS + ':videoUUID/:filename', | ||
24 | optionalAuthenticate, | ||
25 | asyncMiddleware(ensureCanAccessPrivateVideoHLSFiles), | ||
26 | asyncMiddleware(proxifyHLS) | ||
27 | ) | ||
28 | |||
29 | // --------------------------------------------------------------------------- | ||
30 | |||
31 | export { | ||
32 | objectStorageProxyRouter | ||
33 | } | ||
34 | |||
35 | async function proxifyWebTorrent (req: express.Request, res: express.Response) { | ||
36 | const filename = req.params.filename | ||
37 | |||
38 | try { | ||
39 | const stream = await getWebTorrentFileReadStream({ | ||
40 | filename, | ||
41 | rangeHeader: req.header('range') | ||
42 | }) | ||
43 | |||
44 | return stream.pipe(res) | ||
45 | } catch (err) { | ||
46 | return handleObjectStorageFailure(res, err) | ||
47 | } | ||
48 | } | ||
49 | |||
50 | async function proxifyHLS (req: express.Request, res: express.Response) { | ||
51 | const playlist = res.locals.videoStreamingPlaylist | ||
52 | const video = res.locals.onlyVideo | ||
53 | const filename = req.params.filename | ||
54 | |||
55 | try { | ||
56 | const stream = await getHLSFileReadStream({ | ||
57 | playlist: playlist.withVideo(video), | ||
58 | filename, | ||
59 | rangeHeader: req.header('range') | ||
60 | }) | ||
61 | |||
62 | return stream.pipe(res) | ||
63 | } catch (err) { | ||
64 | return handleObjectStorageFailure(res, err) | ||
65 | } | ||
66 | } | ||
67 | |||
68 | function handleObjectStorageFailure (res: express.Response, err: Error) { | ||
69 | if (err.name === 'NoSuchKey') { | ||
70 | return res.sendStatus(HttpStatusCode.NOT_FOUND_404) | ||
71 | } | ||
72 | |||
73 | return res.fail({ | ||
74 | status: HttpStatusCode.INTERNAL_SERVER_ERROR_500, | ||
75 | message: err.message, | ||
76 | type: err.name | ||
77 | }) | ||
78 | } | ||