diff options
author | Chocobozzz <me@florianbigard.com> | 2022-10-26 16:23:39 +0200 |
---|---|---|
committer | Chocobozzz <me@florianbigard.com> | 2022-10-27 09:13:10 +0200 |
commit | 5a122dddc5aab1b2ae1843411032d5f392bdd216 (patch) | |
tree | 39778c4372c4b371f1294c94bf22d8a6e7a26456 /server/tests/api | |
parent | 49e7e4d9ffd16cba7a721f6d3d3203decf4f4b2c (diff) | |
download | PeerTube-5a122dddc5aab1b2ae1843411032d5f392bdd216.tar.gz PeerTube-5a122dddc5aab1b2ae1843411032d5f392bdd216.tar.zst PeerTube-5a122dddc5aab1b2ae1843411032d5f392bdd216.zip |
Option to disable static files auth check/s3 proxy
Diffstat (limited to 'server/tests/api')
-rw-r--r-- | server/tests/api/object-storage/video-static-file-privacy.ts | 166 | ||||
-rw-r--r-- | server/tests/api/videos/video-static-file-privacy.ts | 33 |
2 files changed, 148 insertions, 51 deletions
diff --git a/server/tests/api/object-storage/video-static-file-privacy.ts b/server/tests/api/object-storage/video-static-file-privacy.ts index c6d7a1a2c..ed8855b3b 100644 --- a/server/tests/api/object-storage/video-static-file-privacy.ts +++ b/server/tests/api/object-storage/video-static-file-privacy.ts | |||
@@ -19,6 +19,12 @@ import { | |||
19 | waitJobs | 19 | waitJobs |
20 | } from '@shared/server-commands' | 20 | } from '@shared/server-commands' |
21 | 21 | ||
22 | function extractFilenameFromUrl (url: string) { | ||
23 | const parts = basename(url).split(':') | ||
24 | |||
25 | return parts[parts.length - 1] | ||
26 | } | ||
27 | |||
22 | describe('Object storage for video static file privacy', function () { | 28 | describe('Object storage for video static file privacy', function () { |
23 | // We need real world object storage to check ACL | 29 | // We need real world object storage to check ACL |
24 | if (areScalewayObjectStorageTestsDisabled()) return | 30 | if (areScalewayObjectStorageTestsDisabled()) return |
@@ -26,75 +32,81 @@ describe('Object storage for video static file privacy', function () { | |||
26 | let server: PeerTubeServer | 32 | let server: PeerTubeServer |
27 | let userToken: string | 33 | let userToken: string |
28 | 34 | ||
29 | before(async function () { | 35 | // --------------------------------------------------------------------------- |
30 | this.timeout(120000) | ||
31 | 36 | ||
32 | server = await createSingleServer(1, ObjectStorageCommand.getDefaultScalewayConfig(1)) | 37 | async function checkPrivateVODFiles (uuid: string) { |
33 | await setAccessTokensToServers([ server ]) | 38 | const video = await server.videos.getWithToken({ id: uuid }) |
34 | await setDefaultVideoChannel([ server ]) | ||
35 | 39 | ||
36 | await server.config.enableMinimumTranscoding() | 40 | for (const file of video.files) { |
41 | expectStartWith(file.fileUrl, server.url + '/object-storage-proxy/webseed/private/') | ||
37 | 42 | ||
38 | userToken = await server.users.generateUserAndToken('user1') | 43 | await makeRawRequest({ url: file.fileUrl, token: server.accessToken, expectedStatus: HttpStatusCode.OK_200 }) |
39 | }) | 44 | } |
40 | 45 | ||
41 | describe('VOD', function () { | 46 | for (const file of getAllFiles(video)) { |
42 | let privateVideoUUID: string | 47 | const internalFileUrl = await server.sql.getInternalFileUrl(file.id) |
43 | let publicVideoUUID: string | 48 | expectStartWith(internalFileUrl, ObjectStorageCommand.getScalewayBaseUrl()) |
44 | let userPrivateVideoUUID: string | 49 | await makeRawRequest({ url: internalFileUrl, token: server.accessToken, expectedStatus: HttpStatusCode.FORBIDDEN_403 }) |
50 | } | ||
51 | |||
52 | const hls = getHLS(video) | ||
53 | |||
54 | if (hls) { | ||
55 | for (const url of [ hls.playlistUrl, hls.segmentsSha256Url ]) { | ||
56 | expectStartWith(url, server.url + '/object-storage-proxy/streaming-playlists/hls/private/') | ||
57 | } | ||
45 | 58 | ||
46 | async function checkPrivateFiles (uuid: string) { | 59 | await makeRawRequest({ url: hls.playlistUrl, token: server.accessToken, expectedStatus: HttpStatusCode.OK_200 }) |
47 | const video = await server.videos.getWithToken({ id: uuid }) | 60 | await makeRawRequest({ url: hls.segmentsSha256Url, token: server.accessToken, expectedStatus: HttpStatusCode.OK_200 }) |
48 | 61 | ||
49 | for (const file of video.files) { | 62 | for (const file of hls.files) { |
50 | expectStartWith(file.fileUrl, server.url + '/object-storage-proxy/webseed/private/') | 63 | expectStartWith(file.fileUrl, server.url + '/object-storage-proxy/streaming-playlists/hls/private/') |
51 | 64 | ||
52 | await makeRawRequest({ url: file.fileUrl, token: server.accessToken, expectedStatus: HttpStatusCode.OK_200 }) | 65 | await makeRawRequest({ url: file.fileUrl, token: server.accessToken, expectedStatus: HttpStatusCode.OK_200 }) |
53 | } | 66 | } |
67 | } | ||
68 | } | ||
54 | 69 | ||
55 | for (const file of getAllFiles(video)) { | 70 | async function checkPublicVODFiles (uuid: string) { |
56 | const internalFileUrl = await server.sql.getInternalFileUrl(file.id) | 71 | const video = await server.videos.getWithToken({ id: uuid }) |
57 | expectStartWith(internalFileUrl, ObjectStorageCommand.getScalewayBaseUrl()) | ||
58 | await makeRawRequest({ url: internalFileUrl, token: server.accessToken, expectedStatus: HttpStatusCode.FORBIDDEN_403 }) | ||
59 | } | ||
60 | 72 | ||
61 | const hls = getHLS(video) | 73 | for (const file of getAllFiles(video)) { |
74 | expectStartWith(file.fileUrl, ObjectStorageCommand.getScalewayBaseUrl()) | ||
62 | 75 | ||
63 | if (hls) { | 76 | await makeRawRequest({ url: file.fileUrl, expectedStatus: HttpStatusCode.OK_200 }) |
64 | for (const url of [ hls.playlistUrl, hls.segmentsSha256Url ]) { | 77 | } |
65 | expectStartWith(url, server.url + '/object-storage-proxy/streaming-playlists/hls/private/') | ||
66 | } | ||
67 | 78 | ||
68 | await makeRawRequest({ url: hls.playlistUrl, token: server.accessToken, expectedStatus: HttpStatusCode.OK_200 }) | 79 | const hls = getHLS(video) |
69 | await makeRawRequest({ url: hls.segmentsSha256Url, token: server.accessToken, expectedStatus: HttpStatusCode.OK_200 }) | ||
70 | 80 | ||
71 | for (const file of hls.files) { | 81 | if (hls) { |
72 | expectStartWith(file.fileUrl, server.url + '/object-storage-proxy/streaming-playlists/hls/private/') | 82 | expectStartWith(hls.playlistUrl, ObjectStorageCommand.getScalewayBaseUrl()) |
83 | expectStartWith(hls.segmentsSha256Url, ObjectStorageCommand.getScalewayBaseUrl()) | ||
73 | 84 | ||
74 | await makeRawRequest({ url: file.fileUrl, token: server.accessToken, expectedStatus: HttpStatusCode.OK_200 }) | 85 | await makeRawRequest({ url: hls.playlistUrl, expectedStatus: HttpStatusCode.OK_200 }) |
75 | } | 86 | await makeRawRequest({ url: hls.segmentsSha256Url, expectedStatus: HttpStatusCode.OK_200 }) |
76 | } | ||
77 | } | 87 | } |
88 | } | ||
78 | 89 | ||
79 | async function checkPublicFiles (uuid: string) { | 90 | // --------------------------------------------------------------------------- |
80 | const video = await server.videos.getWithToken({ id: uuid }) | ||
81 | 91 | ||
82 | for (const file of getAllFiles(video)) { | 92 | before(async function () { |
83 | expectStartWith(file.fileUrl, ObjectStorageCommand.getScalewayBaseUrl()) | 93 | this.timeout(120000) |
84 | 94 | ||
85 | await makeRawRequest({ url: file.fileUrl, expectedStatus: HttpStatusCode.OK_200 }) | 95 | server = await createSingleServer(1, ObjectStorageCommand.getDefaultScalewayConfig({ serverNumber: 1 })) |
86 | } | 96 | await setAccessTokensToServers([ server ]) |
97 | await setDefaultVideoChannel([ server ]) | ||
87 | 98 | ||
88 | const hls = getHLS(video) | 99 | await server.config.enableMinimumTranscoding() |
89 | 100 | ||
90 | if (hls) { | 101 | userToken = await server.users.generateUserAndToken('user1') |
91 | expectStartWith(hls.playlistUrl, ObjectStorageCommand.getScalewayBaseUrl()) | 102 | }) |
92 | expectStartWith(hls.segmentsSha256Url, ObjectStorageCommand.getScalewayBaseUrl()) | ||
93 | 103 | ||
94 | await makeRawRequest({ url: hls.playlistUrl, expectedStatus: HttpStatusCode.OK_200 }) | 104 | describe('VOD', function () { |
95 | await makeRawRequest({ url: hls.segmentsSha256Url, expectedStatus: HttpStatusCode.OK_200 }) | 105 | let privateVideoUUID: string |
96 | } | 106 | let publicVideoUUID: string |
97 | } | 107 | let userPrivateVideoUUID: string |
108 | |||
109 | // --------------------------------------------------------------------------- | ||
98 | 110 | ||
99 | async function getSampleFileUrls (videoId: string) { | 111 | async function getSampleFileUrls (videoId: string) { |
100 | const video = await server.videos.getWithToken({ id: videoId }) | 112 | const video = await server.videos.getWithToken({ id: videoId }) |
@@ -105,6 +117,8 @@ describe('Object storage for video static file privacy', function () { | |||
105 | } | 117 | } |
106 | } | 118 | } |
107 | 119 | ||
120 | // --------------------------------------------------------------------------- | ||
121 | |||
108 | it('Should upload a private video and have appropriate object storage ACL', async function () { | 122 | it('Should upload a private video and have appropriate object storage ACL', async function () { |
109 | this.timeout(60000) | 123 | this.timeout(60000) |
110 | 124 | ||
@@ -120,7 +134,7 @@ describe('Object storage for video static file privacy', function () { | |||
120 | 134 | ||
121 | await waitJobs([ server ]) | 135 | await waitJobs([ server ]) |
122 | 136 | ||
123 | await checkPrivateFiles(privateVideoUUID) | 137 | await checkPrivateVODFiles(privateVideoUUID) |
124 | }) | 138 | }) |
125 | 139 | ||
126 | it('Should upload a public video and have appropriate object storage ACL', async function () { | 140 | it('Should upload a public video and have appropriate object storage ACL', async function () { |
@@ -131,7 +145,7 @@ describe('Object storage for video static file privacy', function () { | |||
131 | 145 | ||
132 | publicVideoUUID = uuid | 146 | publicVideoUUID = uuid |
133 | 147 | ||
134 | await checkPublicFiles(publicVideoUUID) | 148 | await checkPublicVODFiles(publicVideoUUID) |
135 | }) | 149 | }) |
136 | 150 | ||
137 | it('Should not get files without appropriate OAuth token', async function () { | 151 | it('Should not get files without appropriate OAuth token', async function () { |
@@ -182,7 +196,7 @@ describe('Object storage for video static file privacy', function () { | |||
182 | 196 | ||
183 | await server.videos.update({ id: publicVideoUUID, attributes: { privacy: VideoPrivacy.INTERNAL } }) | 197 | await server.videos.update({ id: publicVideoUUID, attributes: { privacy: VideoPrivacy.INTERNAL } }) |
184 | 198 | ||
185 | await checkPrivateFiles(publicVideoUUID) | 199 | await checkPrivateVODFiles(publicVideoUUID) |
186 | }) | 200 | }) |
187 | 201 | ||
188 | it('Should update private video to public', async function () { | 202 | it('Should update private video to public', async function () { |
@@ -190,7 +204,7 @@ describe('Object storage for video static file privacy', function () { | |||
190 | 204 | ||
191 | await server.videos.update({ id: publicVideoUUID, attributes: { privacy: VideoPrivacy.PUBLIC } }) | 205 | await server.videos.update({ id: publicVideoUUID, attributes: { privacy: VideoPrivacy.PUBLIC } }) |
192 | 206 | ||
193 | await checkPublicFiles(publicVideoUUID) | 207 | await checkPublicVODFiles(publicVideoUUID) |
194 | }) | 208 | }) |
195 | }) | 209 | }) |
196 | 210 | ||
@@ -203,6 +217,8 @@ describe('Object storage for video static file privacy', function () { | |||
203 | 217 | ||
204 | let unrelatedFileToken: string | 218 | let unrelatedFileToken: string |
205 | 219 | ||
220 | // --------------------------------------------------------------------------- | ||
221 | |||
206 | async function checkLiveFiles (live: LiveVideo, liveId: string) { | 222 | async function checkLiveFiles (live: LiveVideo, liveId: string) { |
207 | const ffmpegCommand = sendRTMPStream({ rtmpBaseUrl: live.rtmpUrl, streamKey: live.streamKey }) | 223 | const ffmpegCommand = sendRTMPStream({ rtmpBaseUrl: live.rtmpUrl, streamKey: live.streamKey }) |
208 | await server.live.waitUntilPublished({ videoId: liveId }) | 224 | await server.live.waitUntilPublished({ videoId: liveId }) |
@@ -260,6 +276,8 @@ describe('Object storage for video static file privacy', function () { | |||
260 | } | 276 | } |
261 | } | 277 | } |
262 | 278 | ||
279 | // --------------------------------------------------------------------------- | ||
280 | |||
263 | before(async function () { | 281 | before(async function () { |
264 | await server.config.enableMinimumTranscoding() | 282 | await server.config.enableMinimumTranscoding() |
265 | 283 | ||
@@ -320,6 +338,52 @@ describe('Object storage for video static file privacy', function () { | |||
320 | }) | 338 | }) |
321 | }) | 339 | }) |
322 | 340 | ||
341 | describe('With private files proxy disabled and public ACL for private files', function () { | ||
342 | let videoUUID: string | ||
343 | |||
344 | before(async function () { | ||
345 | this.timeout(240000) | ||
346 | |||
347 | await server.kill() | ||
348 | |||
349 | const config = ObjectStorageCommand.getDefaultScalewayConfig({ | ||
350 | serverNumber: server.internalServerNumber, | ||
351 | enablePrivateProxy: false, | ||
352 | privateACL: 'public-read' | ||
353 | }) | ||
354 | await server.run(config) | ||
355 | |||
356 | const { uuid } = await server.videos.quickUpload({ name: 'video', privacy: VideoPrivacy.PRIVATE }) | ||
357 | videoUUID = uuid | ||
358 | |||
359 | await waitJobs([ server ]) | ||
360 | }) | ||
361 | |||
362 | it('Should display object storage path for a private video and be able to access them', async function () { | ||
363 | this.timeout(60000) | ||
364 | |||
365 | await checkPublicVODFiles(videoUUID) | ||
366 | }) | ||
367 | |||
368 | it('Should not be able to access object storage proxy', async function () { | ||
369 | const privateVideo = await server.videos.getWithToken({ id: videoUUID }) | ||
370 | const webtorrentFilename = extractFilenameFromUrl(privateVideo.files[0].fileUrl) | ||
371 | const hlsFilename = extractFilenameFromUrl(getHLS(privateVideo).files[0].fileUrl) | ||
372 | |||
373 | await makeRawRequest({ | ||
374 | url: server.url + '/object-storage-proxy/webseed/private/' + webtorrentFilename, | ||
375 | token: server.accessToken, | ||
376 | expectedStatus: HttpStatusCode.BAD_REQUEST_400 | ||
377 | }) | ||
378 | |||
379 | await makeRawRequest({ | ||
380 | url: server.url + '/object-storage-proxy/streaming-playlists/hls/private/' + videoUUID + '/' + hlsFilename, | ||
381 | token: server.accessToken, | ||
382 | expectedStatus: HttpStatusCode.BAD_REQUEST_400 | ||
383 | }) | ||
384 | }) | ||
385 | }) | ||
386 | |||
323 | after(async function () { | 387 | after(async function () { |
324 | this.timeout(60000) | 388 | this.timeout(60000) |
325 | 389 | ||
diff --git a/server/tests/api/videos/video-static-file-privacy.ts b/server/tests/api/videos/video-static-file-privacy.ts index bdbe85127..eaaed5aad 100644 --- a/server/tests/api/videos/video-static-file-privacy.ts +++ b/server/tests/api/videos/video-static-file-privacy.ts | |||
@@ -383,6 +383,39 @@ describe('Test video static file privacy', function () { | |||
383 | }) | 383 | }) |
384 | }) | 384 | }) |
385 | 385 | ||
386 | describe('With static file right check disabled', function () { | ||
387 | let videoUUID: string | ||
388 | |||
389 | before(async function () { | ||
390 | this.timeout(240000) | ||
391 | |||
392 | await server.kill() | ||
393 | |||
394 | await server.run({ | ||
395 | static_files: { | ||
396 | private_files_require_auth: false | ||
397 | } | ||
398 | }) | ||
399 | |||
400 | const { uuid } = await server.videos.quickUpload({ name: 'video', privacy: VideoPrivacy.INTERNAL }) | ||
401 | videoUUID = uuid | ||
402 | |||
403 | await waitJobs([ server ]) | ||
404 | }) | ||
405 | |||
406 | it('Should not check auth for private static files', async function () { | ||
407 | const video = await server.videos.getWithToken({ id: videoUUID }) | ||
408 | |||
409 | for (const file of getAllFiles(video)) { | ||
410 | await makeRawRequest({ url: file.fileUrl, expectedStatus: HttpStatusCode.OK_200 }) | ||
411 | } | ||
412 | |||
413 | const hls = video.streamingPlaylists[0] | ||
414 | await makeRawRequest({ url: hls.playlistUrl, expectedStatus: HttpStatusCode.OK_200 }) | ||
415 | await makeRawRequest({ url: hls.segmentsSha256Url, expectedStatus: HttpStatusCode.OK_200 }) | ||
416 | }) | ||
417 | }) | ||
418 | |||
386 | after(async function () { | 419 | after(async function () { |
387 | await cleanupTests([ server ]) | 420 | await cleanupTests([ server ]) |
388 | }) | 421 | }) |