Feature/password protected videos (#5836)

* Add server endpoints * Refactoring test suites * Update server and add openapi documentation * fix compliation and tests * upload/import password protected video on client * add server error code * Add video password to update resolver * add custom message when sharing pw protected video * improve confirm component * Add new alert in component * Add ability to watch protected video on client * Cannot have password protected replay privacy * Add migration * Add tests * update after review * Update check params tests * Add live videos test * Add more filter test * Update static file privacy test * Update object storage tests * Add test on feeds * Add missing word * Fix tests * Fix tests on live videos * add embed support on password protected videos * fix style * Correcting data leaks * Unable to add password protected privacy on replay * Updated code based on review comments * fix validator and command * Updated code based on review comments
author: Wicklow <123956049+wickloww@users.noreply.github.com> 2023-06-29 07:48:55 +0000
committer: GitHub <noreply@github.com> 2023-06-29 09:48:55 +0200
commit: 40346ead2b0b7afa475aef057d3673b6c7574b7a (patch)
tree: 24ffdc23c3a9d987334842e0d400b5bd44500cf7 /server/lib
parent: ae22c59f14d0d553f60b281948b6c232c2aca178 (diff)
download: PeerTube-40346ead2b0b7afa475aef057d3673b6c7574b7a.tar.gz
PeerTube-40346ead2b0b7afa475aef057d3673b6c7574b7a.tar.zst
PeerTube-40346ead2b0b7afa475aef057d3673b6c7574b7a.zip
4 files changed, 39 insertions, 10 deletions
diff --git a/server/lib/client-html.ts b/server/lib/client-html.ts
index 18b16bee1..be6df1792 100644
--- a/server/lib/client-html.ts
+++ b/server/lib/client-html.ts
@@ -32,6 +32,7 @@ import { getActivityStreamDuration } from './activitypub/activity'
 import { getBiggestActorImage } from './actor-image'
 import { Hooks } from './plugins/hooks'
 import { ServerConfigManager } from './server-config-manager'
+import { isVideoInPrivateDirectory } from './video-privacy'
 type Tags = {
  ogType: string
@@ -106,7 +107,7 @@ class ClientHtml {
    ])
    // Let Angular application handle errors
-    if (!video || video.privacy === VideoPrivacy.PRIVATE || video.privacy === VideoPrivacy.INTERNAL || video.VideoBlacklist) {
+    if (!video || isVideoInPrivateDirectory(video.privacy) || video.VideoBlacklist) {
      res.status(HttpStatusCode.NOT_FOUND_404)
      return html
    }
diff --git a/server/lib/video-pre-import.ts b/server/lib/video-pre-import.ts
index df67dc953..0ac667ba3 100644
--- a/server/lib/video-pre-import.ts
+++ b/server/lib/video-pre-import.ts
@@ -30,6 +30,7 @@ import {
 import { ThumbnailType, VideoImportCreate, VideoImportPayload, VideoImportState, VideoPrivacy, VideoState } from '@shared/models'
 import { getLocalVideoActivityPubUrl } from './activitypub/url'
 import { updateVideoMiniatureFromExisting, updateVideoMiniatureFromUrl } from './thumbnail'
+import { VideoPasswordModel } from '@server/models/video/video-password'
 class YoutubeDlImportError extends Error {
  code: YoutubeDlImportError.CODE
@@ -64,8 +65,9 @@ async function insertFromImportIntoDB (parameters: {
  tags: string[]
  videoImportAttributes: FilteredModelAttributes<VideoImportModel>
  user: MUser
+  videoPasswords?: string[]
 }): Promise<MVideoImportFormattable> {
-  const { video, thumbnailModel, previewModel, videoChannel, tags, videoImportAttributes, user } = parameters
+  const { video, thumbnailModel, previewModel, videoChannel, tags, videoImportAttributes, user, videoPasswords } = parameters
  const videoImport = await sequelizeTypescript.transaction(async t => {
    const sequelizeOptions = { transaction: t }
@@ -77,6 +79,10 @@ async function insertFromImportIntoDB (parameters: {
    if (thumbnailModel) await videoCreated.addAndSaveThumbnail(thumbnailModel, t)
    if (previewModel) await videoCreated.addAndSaveThumbnail(previewModel, t)
+    if (videoCreated.privacy === VideoPrivacy.PASSWORD_PROTECTED) {
+      await VideoPasswordModel.addPasswords(videoPasswords, video.id, t)
+    }
    await autoBlacklistVideoIfNeeded({
      video: videoCreated,
      user,
@@ -208,7 +214,8 @@ async function buildYoutubeDLImport (options: {
      state: VideoImportState.PENDING,
      userId: user.id,
      videoChannelSyncId: channelSync?.id
-    }
+    },
+    videoPasswords: importDataOverride.videoPasswords
  })
  // Get video subtitles
diff --git a/server/lib/video-privacy.ts b/server/lib/video-privacy.ts
index 41f9d62b3..39430ef1e 100644
--- a/server/lib/video-privacy.ts
+++ b/server/lib/video-privacy.ts
@@ -6,6 +6,12 @@ import { MVideo, MVideoFile, MVideoFullLight } from '@server/types/models'
 import { VideoPrivacy, VideoStorage } from '@shared/models'
 import { updateHLSFilesACL, updateWebTorrentFileACL } from './object-storage'
+const validPrivacySet = new Set([
+  VideoPrivacy.PRIVATE,
+  VideoPrivacy.INTERNAL,
+  VideoPrivacy.PASSWORD_PROTECTED
+])
 function setVideoPrivacy (video: MVideo, newPrivacy: VideoPrivacy) {
  if (video.privacy === VideoPrivacy.PRIVATE && newPrivacy !== VideoPrivacy.PRIVATE) {
    video.publishedAt = new Date()
@@ -14,8 +20,8 @@ function setVideoPrivacy (video: MVideo, newPrivacy: VideoPrivacy) {
  video.privacy = newPrivacy
 }
-function isVideoInPrivateDirectory (privacy: VideoPrivacy) {
+function isVideoInPrivateDirectory (privacy) {
-  return privacy === VideoPrivacy.PRIVATE || privacy === VideoPrivacy.INTERNAL
+  return validPrivacySet.has(privacy)
 }
 function isVideoInPublicDirectory (privacy: VideoPrivacy) {
diff --git a/server/lib/video-tokens-manager.ts b/server/lib/video-tokens-manager.ts
index 660533528..e28e55cf7 100644
--- a/server/lib/video-tokens-manager.ts
+++ b/server/lib/video-tokens-manager.ts
@@ -12,26 +12,34 @@ class VideoTokensManager {
  private static instance: VideoTokensManager
-  private readonly lruCache = new LRUCache<string, { videoUUID: string, user: MUserAccountUrl }>({
+  private readonly lruCache = new LRUCache<string, { videoUUID: string, user?: MUserAccountUrl }>({
    max: LRU_CACHE.VIDEO_TOKENS.MAX_SIZE,
    ttl: LRU_CACHE.VIDEO_TOKENS.TTL
  })
  private constructor () {}
-  create (options: {
+  createForAuthUser (options: {
    user: MUserAccountUrl
    videoUUID: string
  }) {
-    const token = buildUUID()
+    const { token, expires } = this.generateVideoToken()
-    const expires = new Date(new Date().getTime() + LRU_CACHE.VIDEO_TOKENS.TTL)
    this.lruCache.set(token, pick(options, [ 'user', 'videoUUID' ]))
    return { token, expires }
  }
+  createForPasswordProtectedVideo (options: {
+    videoUUID: string
+  }) {
+    const { token, expires } = this.generateVideoToken()
+    this.lruCache.set(token, pick(options, [ 'videoUUID' ]))
+    return { token, expires }
+  }
  hasToken (options: {
    token: string
    videoUUID: string
@@ -54,6 +62,13 @@ class VideoTokensManager {
  static get Instance () {
    return this.instance || (this.instance = new this())
  }
+  private generateVideoToken () {
+    const token = buildUUID()
+    const expires = new Date(new Date().getTime() + LRU_CACHE.VIDEO_TOKENS.TTL)
+    return { token, expires }
+  }
 }
 // ---------------------------------------------------------------------------
author	Wicklow <123956049+wickloww@users.noreply.github.com>	2023-06-29 07:48:55 +0000
committer	GitHub <noreply@github.com>	2023-06-29 09:48:55 +0200
commit	40346ead2b0b7afa475aef057d3673b6c7574b7a (patch)
tree	24ffdc23c3a9d987334842e0d400b5bd44500cf7 /server/lib
parent	ae22c59f14d0d553f60b281948b6c232c2aca178 (diff)
download	PeerTube-40346ead2b0b7afa475aef057d3673b6c7574b7a.tar.gz PeerTube-40346ead2b0b7afa475aef057d3673b6c7574b7a.tar.zst PeerTube-40346ead2b0b7afa475aef057d3673b6c7574b7a.zip