aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/tests/api/object-storage
diff options
context:
space:
mode:
authorChocobozzz <me@florianbigard.com>2022-10-26 16:23:39 +0200
committerChocobozzz <me@florianbigard.com>2022-10-27 09:13:10 +0200
commit5a122dddc5aab1b2ae1843411032d5f392bdd216 (patch)
tree39778c4372c4b371f1294c94bf22d8a6e7a26456 /server/tests/api/object-storage
parent49e7e4d9ffd16cba7a721f6d3d3203decf4f4b2c (diff)
downloadPeerTube-5a122dddc5aab1b2ae1843411032d5f392bdd216.tar.gz
PeerTube-5a122dddc5aab1b2ae1843411032d5f392bdd216.tar.zst
PeerTube-5a122dddc5aab1b2ae1843411032d5f392bdd216.zip
Option to disable static files auth check/s3 proxy
Diffstat (limited to 'server/tests/api/object-storage')
-rw-r--r--server/tests/api/object-storage/video-static-file-privacy.ts166
1 files changed, 115 insertions, 51 deletions
diff --git a/server/tests/api/object-storage/video-static-file-privacy.ts b/server/tests/api/object-storage/video-static-file-privacy.ts
index c6d7a1a2c..ed8855b3b 100644
--- a/server/tests/api/object-storage/video-static-file-privacy.ts
+++ b/server/tests/api/object-storage/video-static-file-privacy.ts
@@ -19,6 +19,12 @@ import {
19 waitJobs 19 waitJobs
20} from '@shared/server-commands' 20} from '@shared/server-commands'
21 21
22function extractFilenameFromUrl (url: string) {
23 const parts = basename(url).split(':')
24
25 return parts[parts.length - 1]
26}
27
22describe('Object storage for video static file privacy', function () { 28describe('Object storage for video static file privacy', function () {
23 // We need real world object storage to check ACL 29 // We need real world object storage to check ACL
24 if (areScalewayObjectStorageTestsDisabled()) return 30 if (areScalewayObjectStorageTestsDisabled()) return
@@ -26,75 +32,81 @@ describe('Object storage for video static file privacy', function () {
26 let server: PeerTubeServer 32 let server: PeerTubeServer
27 let userToken: string 33 let userToken: string
28 34
29 before(async function () { 35 // ---------------------------------------------------------------------------
30 this.timeout(120000)
31 36
32 server = await createSingleServer(1, ObjectStorageCommand.getDefaultScalewayConfig(1)) 37 async function checkPrivateVODFiles (uuid: string) {
33 await setAccessTokensToServers([ server ]) 38 const video = await server.videos.getWithToken({ id: uuid })
34 await setDefaultVideoChannel([ server ])
35 39
36 await server.config.enableMinimumTranscoding() 40 for (const file of video.files) {
41 expectStartWith(file.fileUrl, server.url + '/object-storage-proxy/webseed/private/')
37 42
38 userToken = await server.users.generateUserAndToken('user1') 43 await makeRawRequest({ url: file.fileUrl, token: server.accessToken, expectedStatus: HttpStatusCode.OK_200 })
39 }) 44 }
40 45
41 describe('VOD', function () { 46 for (const file of getAllFiles(video)) {
42 let privateVideoUUID: string 47 const internalFileUrl = await server.sql.getInternalFileUrl(file.id)
43 let publicVideoUUID: string 48 expectStartWith(internalFileUrl, ObjectStorageCommand.getScalewayBaseUrl())
44 let userPrivateVideoUUID: string 49 await makeRawRequest({ url: internalFileUrl, token: server.accessToken, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
50 }
51
52 const hls = getHLS(video)
53
54 if (hls) {
55 for (const url of [ hls.playlistUrl, hls.segmentsSha256Url ]) {
56 expectStartWith(url, server.url + '/object-storage-proxy/streaming-playlists/hls/private/')
57 }
45 58
46 async function checkPrivateFiles (uuid: string) { 59 await makeRawRequest({ url: hls.playlistUrl, token: server.accessToken, expectedStatus: HttpStatusCode.OK_200 })
47 const video = await server.videos.getWithToken({ id: uuid }) 60 await makeRawRequest({ url: hls.segmentsSha256Url, token: server.accessToken, expectedStatus: HttpStatusCode.OK_200 })
48 61
49 for (const file of video.files) { 62 for (const file of hls.files) {
50 expectStartWith(file.fileUrl, server.url + '/object-storage-proxy/webseed/private/') 63 expectStartWith(file.fileUrl, server.url + '/object-storage-proxy/streaming-playlists/hls/private/')
51 64
52 await makeRawRequest({ url: file.fileUrl, token: server.accessToken, expectedStatus: HttpStatusCode.OK_200 }) 65 await makeRawRequest({ url: file.fileUrl, token: server.accessToken, expectedStatus: HttpStatusCode.OK_200 })
53 } 66 }
67 }
68 }
54 69
55 for (const file of getAllFiles(video)) { 70 async function checkPublicVODFiles (uuid: string) {
56 const internalFileUrl = await server.sql.getInternalFileUrl(file.id) 71 const video = await server.videos.getWithToken({ id: uuid })
57 expectStartWith(internalFileUrl, ObjectStorageCommand.getScalewayBaseUrl())
58 await makeRawRequest({ url: internalFileUrl, token: server.accessToken, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
59 }
60 72
61 const hls = getHLS(video) 73 for (const file of getAllFiles(video)) {
74 expectStartWith(file.fileUrl, ObjectStorageCommand.getScalewayBaseUrl())
62 75
63 if (hls) { 76 await makeRawRequest({ url: file.fileUrl, expectedStatus: HttpStatusCode.OK_200 })
64 for (const url of [ hls.playlistUrl, hls.segmentsSha256Url ]) { 77 }
65 expectStartWith(url, server.url + '/object-storage-proxy/streaming-playlists/hls/private/')
66 }
67 78
68 await makeRawRequest({ url: hls.playlistUrl, token: server.accessToken, expectedStatus: HttpStatusCode.OK_200 }) 79 const hls = getHLS(video)
69 await makeRawRequest({ url: hls.segmentsSha256Url, token: server.accessToken, expectedStatus: HttpStatusCode.OK_200 })
70 80
71 for (const file of hls.files) { 81 if (hls) {
72 expectStartWith(file.fileUrl, server.url + '/object-storage-proxy/streaming-playlists/hls/private/') 82 expectStartWith(hls.playlistUrl, ObjectStorageCommand.getScalewayBaseUrl())
83 expectStartWith(hls.segmentsSha256Url, ObjectStorageCommand.getScalewayBaseUrl())
73 84
74 await makeRawRequest({ url: file.fileUrl, token: server.accessToken, expectedStatus: HttpStatusCode.OK_200 }) 85 await makeRawRequest({ url: hls.playlistUrl, expectedStatus: HttpStatusCode.OK_200 })
75 } 86 await makeRawRequest({ url: hls.segmentsSha256Url, expectedStatus: HttpStatusCode.OK_200 })
76 }
77 } 87 }
88 }
78 89
79 async function checkPublicFiles (uuid: string) { 90 // ---------------------------------------------------------------------------
80 const video = await server.videos.getWithToken({ id: uuid })
81 91
82 for (const file of getAllFiles(video)) { 92 before(async function () {
83 expectStartWith(file.fileUrl, ObjectStorageCommand.getScalewayBaseUrl()) 93 this.timeout(120000)
84 94
85 await makeRawRequest({ url: file.fileUrl, expectedStatus: HttpStatusCode.OK_200 }) 95 server = await createSingleServer(1, ObjectStorageCommand.getDefaultScalewayConfig({ serverNumber: 1 }))
86 } 96 await setAccessTokensToServers([ server ])
97 await setDefaultVideoChannel([ server ])
87 98
88 const hls = getHLS(video) 99 await server.config.enableMinimumTranscoding()
89 100
90 if (hls) { 101 userToken = await server.users.generateUserAndToken('user1')
91 expectStartWith(hls.playlistUrl, ObjectStorageCommand.getScalewayBaseUrl()) 102 })
92 expectStartWith(hls.segmentsSha256Url, ObjectStorageCommand.getScalewayBaseUrl())
93 103
94 await makeRawRequest({ url: hls.playlistUrl, expectedStatus: HttpStatusCode.OK_200 }) 104 describe('VOD', function () {
95 await makeRawRequest({ url: hls.segmentsSha256Url, expectedStatus: HttpStatusCode.OK_200 }) 105 let privateVideoUUID: string
96 } 106 let publicVideoUUID: string
97 } 107 let userPrivateVideoUUID: string
108
109 // ---------------------------------------------------------------------------
98 110
99 async function getSampleFileUrls (videoId: string) { 111 async function getSampleFileUrls (videoId: string) {
100 const video = await server.videos.getWithToken({ id: videoId }) 112 const video = await server.videos.getWithToken({ id: videoId })
@@ -105,6 +117,8 @@ describe('Object storage for video static file privacy', function () {
105 } 117 }
106 } 118 }
107 119
120 // ---------------------------------------------------------------------------
121
108 it('Should upload a private video and have appropriate object storage ACL', async function () { 122 it('Should upload a private video and have appropriate object storage ACL', async function () {
109 this.timeout(60000) 123 this.timeout(60000)
110 124
@@ -120,7 +134,7 @@ describe('Object storage for video static file privacy', function () {
120 134
121 await waitJobs([ server ]) 135 await waitJobs([ server ])
122 136
123 await checkPrivateFiles(privateVideoUUID) 137 await checkPrivateVODFiles(privateVideoUUID)
124 }) 138 })
125 139
126 it('Should upload a public video and have appropriate object storage ACL', async function () { 140 it('Should upload a public video and have appropriate object storage ACL', async function () {
@@ -131,7 +145,7 @@ describe('Object storage for video static file privacy', function () {
131 145
132 publicVideoUUID = uuid 146 publicVideoUUID = uuid
133 147
134 await checkPublicFiles(publicVideoUUID) 148 await checkPublicVODFiles(publicVideoUUID)
135 }) 149 })
136 150
137 it('Should not get files without appropriate OAuth token', async function () { 151 it('Should not get files without appropriate OAuth token', async function () {
@@ -182,7 +196,7 @@ describe('Object storage for video static file privacy', function () {
182 196
183 await server.videos.update({ id: publicVideoUUID, attributes: { privacy: VideoPrivacy.INTERNAL } }) 197 await server.videos.update({ id: publicVideoUUID, attributes: { privacy: VideoPrivacy.INTERNAL } })
184 198
185 await checkPrivateFiles(publicVideoUUID) 199 await checkPrivateVODFiles(publicVideoUUID)
186 }) 200 })
187 201
188 it('Should update private video to public', async function () { 202 it('Should update private video to public', async function () {
@@ -190,7 +204,7 @@ describe('Object storage for video static file privacy', function () {
190 204
191 await server.videos.update({ id: publicVideoUUID, attributes: { privacy: VideoPrivacy.PUBLIC } }) 205 await server.videos.update({ id: publicVideoUUID, attributes: { privacy: VideoPrivacy.PUBLIC } })
192 206
193 await checkPublicFiles(publicVideoUUID) 207 await checkPublicVODFiles(publicVideoUUID)
194 }) 208 })
195 }) 209 })
196 210
@@ -203,6 +217,8 @@ describe('Object storage for video static file privacy', function () {
203 217
204 let unrelatedFileToken: string 218 let unrelatedFileToken: string
205 219
220 // ---------------------------------------------------------------------------
221
206 async function checkLiveFiles (live: LiveVideo, liveId: string) { 222 async function checkLiveFiles (live: LiveVideo, liveId: string) {
207 const ffmpegCommand = sendRTMPStream({ rtmpBaseUrl: live.rtmpUrl, streamKey: live.streamKey }) 223 const ffmpegCommand = sendRTMPStream({ rtmpBaseUrl: live.rtmpUrl, streamKey: live.streamKey })
208 await server.live.waitUntilPublished({ videoId: liveId }) 224 await server.live.waitUntilPublished({ videoId: liveId })
@@ -260,6 +276,8 @@ describe('Object storage for video static file privacy', function () {
260 } 276 }
261 } 277 }
262 278
279 // ---------------------------------------------------------------------------
280
263 before(async function () { 281 before(async function () {
264 await server.config.enableMinimumTranscoding() 282 await server.config.enableMinimumTranscoding()
265 283
@@ -320,6 +338,52 @@ describe('Object storage for video static file privacy', function () {
320 }) 338 })
321 }) 339 })
322 340
341 describe('With private files proxy disabled and public ACL for private files', function () {
342 let videoUUID: string
343
344 before(async function () {
345 this.timeout(240000)
346
347 await server.kill()
348
349 const config = ObjectStorageCommand.getDefaultScalewayConfig({
350 serverNumber: server.internalServerNumber,
351 enablePrivateProxy: false,
352 privateACL: 'public-read'
353 })
354 await server.run(config)
355
356 const { uuid } = await server.videos.quickUpload({ name: 'video', privacy: VideoPrivacy.PRIVATE })
357 videoUUID = uuid
358
359 await waitJobs([ server ])
360 })
361
362 it('Should display object storage path for a private video and be able to access them', async function () {
363 this.timeout(60000)
364
365 await checkPublicVODFiles(videoUUID)
366 })
367
368 it('Should not be able to access object storage proxy', async function () {
369 const privateVideo = await server.videos.getWithToken({ id: videoUUID })
370 const webtorrentFilename = extractFilenameFromUrl(privateVideo.files[0].fileUrl)
371 const hlsFilename = extractFilenameFromUrl(getHLS(privateVideo).files[0].fileUrl)
372
373 await makeRawRequest({
374 url: server.url + '/object-storage-proxy/webseed/private/' + webtorrentFilename,
375 token: server.accessToken,
376 expectedStatus: HttpStatusCode.BAD_REQUEST_400
377 })
378
379 await makeRawRequest({
380 url: server.url + '/object-storage-proxy/streaming-playlists/hls/private/' + videoUUID + '/' + hlsFilename,
381 token: server.accessToken,
382 expectedStatus: HttpStatusCode.BAD_REQUEST_400
383 })
384 })
385 })
386
323 after(async function () { 387 after(async function () {
324 this.timeout(60000) 388 this.timeout(60000)
325 389