diff options
author | Chocobozzz <me@florianbigard.com> | 2022-12-20 09:15:49 +0100 |
---|---|---|
committer | Chocobozzz <me@florianbigard.com> | 2022-12-20 09:15:49 +0100 |
commit | 868314e8bf6bcc325b0fea35887071ef0614a46d (patch) | |
tree | 2f46353e3a44ed6db3068d1d1e4f3b472fdd3869 /server/middlewares/validators | |
parent | 93293ca7887e34fd9b6413fdaeea3d1dddc46ece (diff) | |
download | PeerTube-868314e8bf6bcc325b0fea35887071ef0614a46d.tar.gz PeerTube-868314e8bf6bcc325b0fea35887071ef0614a46d.tar.zst PeerTube-868314e8bf6bcc325b0fea35887071ef0614a46d.zip |
Add ability to get user from file token
Diffstat (limited to 'server/middlewares/validators')
-rw-r--r-- | server/middlewares/validators/shared/videos.ts | 12 |
1 files changed, 5 insertions, 7 deletions
diff --git a/server/middlewares/validators/shared/videos.ts b/server/middlewares/validators/shared/videos.ts index ebbfc0a0a..0033a32ff 100644 --- a/server/middlewares/validators/shared/videos.ts +++ b/server/middlewares/validators/shared/videos.ts | |||
@@ -180,18 +180,16 @@ async function checkCanAccessVideoStaticFiles (options: { | |||
180 | return checkCanSeeVideo(options) | 180 | return checkCanSeeVideo(options) |
181 | } | 181 | } |
182 | 182 | ||
183 | if (!video.hasPrivateStaticPath()) return true | ||
184 | |||
185 | const videoFileToken = req.query.videoFileToken | 183 | const videoFileToken = req.query.videoFileToken |
186 | if (!videoFileToken) { | 184 | if (videoFileToken && VideoTokensManager.Instance.hasToken({ token: videoFileToken, videoUUID: video.uuid })) { |
187 | res.sendStatus(HttpStatusCode.FORBIDDEN_403) | 185 | const user = VideoTokensManager.Instance.getUserFromToken({ token: videoFileToken }) |
188 | return false | ||
189 | } | ||
190 | 186 | ||
191 | if (VideoTokensManager.Instance.hasToken({ token: videoFileToken, videoUUID: video.uuid })) { | 187 | res.locals.videoFileToken = { user } |
192 | return true | 188 | return true |
193 | } | 189 | } |
194 | 190 | ||
191 | if (!video.hasPrivateStaticPath()) return true | ||
192 | |||
195 | res.sendStatus(HttpStatusCode.FORBIDDEN_403) | 193 | res.sendStatus(HttpStatusCode.FORBIDDEN_403) |
196 | return false | 194 | return false |
197 | } | 195 | } |