aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/middlewares
diff options
context:
space:
mode:
authorChocobozzz <me@florianbigard.com>2019-12-03 10:41:23 +0100
committerChocobozzz <me@florianbigard.com>2019-12-03 10:41:23 +0100
commiteccf70f020cb8b0d9ceddc2561713ccfddb72095 (patch)
treebae9d9285a00c2958666becbb50427cabcea7aed /server/middlewares
parent3f6b7aa1cfa28ee02eec8c8ab16b623f2bbab928 (diff)
downloadPeerTube-eccf70f020cb8b0d9ceddc2561713ccfddb72095.tar.gz
PeerTube-eccf70f020cb8b0d9ceddc2561713ccfddb72095.tar.zst
PeerTube-eccf70f020cb8b0d9ceddc2561713ccfddb72095.zip
Fix private video download
Diffstat (limited to 'server/middlewares')
-rw-r--r--server/middlewares/oauth.ts12
-rw-r--r--server/middlewares/validators/videos/videos.ts6
2 files changed, 10 insertions, 8 deletions
diff --git a/server/middlewares/oauth.ts b/server/middlewares/oauth.ts
index 77fb305dd..bb90dac47 100644
--- a/server/middlewares/oauth.ts
+++ b/server/middlewares/oauth.ts
@@ -12,8 +12,10 @@ const oAuthServer = new OAuthServer({
12 model: require('../lib/oauth-model') 12 model: require('../lib/oauth-model')
13}) 13})
14 14
15function authenticate (req: express.Request, res: express.Response, next: express.NextFunction) { 15function authenticate (req: express.Request, res: express.Response, next: express.NextFunction, authenticateInQuery = false) {
16 oAuthServer.authenticate()(req, res, err => { 16 const options = authenticateInQuery ? { allowBearerTokensInQueryString: true } : {}
17
18 oAuthServer.authenticate(options)(req, res, err => {
17 if (err) { 19 if (err) {
18 logger.warn('Cannot authenticate.', { err }) 20 logger.warn('Cannot authenticate.', { err })
19 21
@@ -50,16 +52,14 @@ function authenticateSocket (socket: Socket, next: (err?: any) => void) {
50 }) 52 })
51} 53}
52 54
53function authenticatePromiseIfNeeded (req: express.Request, res: express.Response) { 55function authenticatePromiseIfNeeded (req: express.Request, res: express.Response, authenticateInQuery = false) {
54 return new Promise(resolve => { 56 return new Promise(resolve => {
55 // Already authenticated? (or tried to) 57 // Already authenticated? (or tried to)
56 if (res.locals.oauth && res.locals.oauth.token.User) return resolve() 58 if (res.locals.oauth && res.locals.oauth.token.User) return resolve()
57 59
58 if (res.locals.authenticated === false) return res.sendStatus(401) 60 if (res.locals.authenticated === false) return res.sendStatus(401)
59 61
60 authenticate(req, res, () => { 62 authenticate(req, res, () => resolve(), authenticateInQuery)
61 return resolve()
62 })
63 }) 63 })
64} 64}
65 65
diff --git a/server/middlewares/validators/videos/videos.ts b/server/middlewares/validators/videos/videos.ts
index 53a2f193d..ab984d84a 100644
--- a/server/middlewares/validators/videos/videos.ts
+++ b/server/middlewares/validators/videos/videos.ts
@@ -147,7 +147,7 @@ async function checkVideoFollowConstraints (req: express.Request, res: express.R
147 }) 147 })
148} 148}
149 149
150const videosCustomGetValidator = (fetchType: 'all' | 'only-video' | 'only-video-with-rights') => { 150const videosCustomGetValidator = (fetchType: 'all' | 'only-video' | 'only-video-with-rights', authenticateInQuery = false) => {
151 return [ 151 return [
152 param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), 152 param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
153 153
@@ -162,7 +162,7 @@ const videosCustomGetValidator = (fetchType: 'all' | 'only-video' | 'only-video-
162 162
163 // Video private or blacklisted 163 // Video private or blacklisted
164 if (video.privacy === VideoPrivacy.PRIVATE || videoAll.VideoBlacklist) { 164 if (video.privacy === VideoPrivacy.PRIVATE || videoAll.VideoBlacklist) {
165 await authenticatePromiseIfNeeded(req, res) 165 await authenticatePromiseIfNeeded(req, res, authenticateInQuery)
166 166
167 const user = res.locals.oauth ? res.locals.oauth.token.User : null 167 const user = res.locals.oauth ? res.locals.oauth.token.User : null
168 168
@@ -193,6 +193,7 @@ const videosCustomGetValidator = (fetchType: 'all' | 'only-video' | 'only-video-
193} 193}
194 194
195const videosGetValidator = videosCustomGetValidator('all') 195const videosGetValidator = videosCustomGetValidator('all')
196const videosDownloadValidator = videosCustomGetValidator('all', true)
196 197
197const videosRemoveValidator = [ 198const videosRemoveValidator = [
198 param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), 199 param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
@@ -407,6 +408,7 @@ export {
407 videosAddValidator, 408 videosAddValidator,
408 videosUpdateValidator, 409 videosUpdateValidator,
409 videosGetValidator, 410 videosGetValidator,
411 videosDownloadValidator,
410 checkVideoFollowConstraints, 412 checkVideoFollowConstraints,
411 videosCustomGetValidator, 413 videosCustomGetValidator,
412 videosRemoveValidator, 414 videosRemoveValidator,