Option to disable static files auth check/s3 proxy

2 files changed, 24 insertions, 4 deletions

diff --git a/server/controllers/object-storage-proxy.ts b/server/controllers/object-storage-proxy.ts
index 6fedcfd8f..3ce279671 100644
--- a/server/controllers/object-storage-proxy.ts
+++ b/server/controllers/object-storage-proxy.ts
@@ -1,11 +1,13 @@
 import cors from 'cors'
 import express from 'express'
+import { logger } from '@server/helpers/logger'
 import { OBJECT_STORAGE_PROXY_PATHS } from '@server/initializers/constants'
 import { getHLSFileReadStream, getWebTorrentFileReadStream } from '@server/lib/object-storage'
 import {
   asyncMiddleware,
   ensureCanAccessPrivateVideoHLSFiles,
   ensureCanAccessVideoPrivateWebTorrentFiles,
+  ensurePrivateObjectStorageProxyIsEnabled,
   optionalAuthenticate
 } from '@server/middlewares'
 import { HttpStatusCode } from '@shared/models'
@@ -15,12 +17,14 @@ const objectStorageProxyRouter = express.Router()
 objectStorageProxyRouter.use(cors())
 
 objectStorageProxyRouter.get(OBJECT_STORAGE_PROXY_PATHS.PRIVATE_WEBSEED + ':filename',
+  ensurePrivateObjectStorageProxyIsEnabled,
   optionalAuthenticate,
   asyncMiddleware(ensureCanAccessVideoPrivateWebTorrentFiles),
   asyncMiddleware(proxifyWebTorrent)
 )
 
 objectStorageProxyRouter.get(OBJECT_STORAGE_PROXY_PATHS.STREAMING_PLAYLISTS.PRIVATE_HLS + ':videoUUID/:filename',
+  ensurePrivateObjectStorageProxyIsEnabled,
   optionalAuthenticate,
   asyncMiddleware(ensureCanAccessPrivateVideoHLSFiles),
   asyncMiddleware(proxifyHLS)
@@ -35,6 +39,8 @@ export {
 async function proxifyWebTorrent (req: express.Request, res: express.Response) {
   const filename = req.params.filename
 
+  logger.debug('Proxifying WebTorrent file %s from object storage.', filename)
+
   try {
     const stream = await getWebTorrentFileReadStream({
       filename,
@@ -52,6 +58,8 @@ async function proxifyHLS (req: express.Request, res: express.Response) {
   const video = res.locals.onlyVideo
   const filename = req.params.filename
 
+  logger.debug('Proxifying HLS file %s from object storage.', filename)
+
   try {
     const stream = await getHLSFileReadStream({
       playlist: playlist.withVideo(video),
diff --git a/server/controllers/static.ts b/server/controllers/static.ts
index dc091455a..6ef9154b9 100644
--- a/server/controllers/static.ts
+++ b/server/controllers/static.ts
@@ -15,11 +15,17 @@ const staticRouter = express.Router()
 // Cors is very important to let other servers access torrent and video files
 staticRouter.use(cors())
 
+// ---------------------------------------------------------------------------
 // WebTorrent/Classic videos
+// ---------------------------------------------------------------------------
+
+const privateWebTorrentStaticMiddlewares = CONFIG.STATIC_FILES.PRIVATE_FILES_REQUIRE_AUTH === true
+  ? [ optionalAuthenticate, asyncMiddleware(ensureCanAccessVideoPrivateWebTorrentFiles) ]
+  : []
+
 staticRouter.use(
   STATIC_PATHS.PRIVATE_WEBSEED,
-  optionalAuthenticate,
-  asyncMiddleware(ensureCanAccessVideoPrivateWebTorrentFiles),
+  ...privateWebTorrentStaticMiddlewares,
   express.static(DIRECTORIES.VIDEOS.PRIVATE, { fallthrough: false }),
   handleStaticError
 )
@@ -35,11 +41,17 @@ staticRouter.use(
   handleStaticError
 )
 
+// ---------------------------------------------------------------------------
 // HLS
+// ---------------------------------------------------------------------------
+
+const privateHLSStaticMiddlewares = CONFIG.STATIC_FILES.PRIVATE_FILES_REQUIRE_AUTH === true
+  ? [ optionalAuthenticate, asyncMiddleware(ensureCanAccessPrivateVideoHLSFiles) ]
+  : []
+
 staticRouter.use(
   STATIC_PATHS.STREAMING_PLAYLISTS.PRIVATE_HLS,
-  optionalAuthenticate,
-  asyncMiddleware(ensureCanAccessPrivateVideoHLSFiles),
+  ...privateHLSStaticMiddlewares,
   express.static(DIRECTORIES.HLS_STREAMING_PLAYLIST.PRIVATE, { fallthrough: false }),
   handleStaticError
 )