aboutsummaryrefslogtreecommitdiffhomepage
path: root/server
diff options
context:
space:
mode:
authorChocobozzz <me@florianbigard.com>2019-12-03 10:41:23 +0100
committerChocobozzz <me@florianbigard.com>2019-12-03 10:41:23 +0100
commiteccf70f020cb8b0d9ceddc2561713ccfddb72095 (patch)
treebae9d9285a00c2958666becbb50427cabcea7aed /server
parent3f6b7aa1cfa28ee02eec8c8ab16b623f2bbab928 (diff)
downloadPeerTube-eccf70f020cb8b0d9ceddc2561713ccfddb72095.tar.gz
PeerTube-eccf70f020cb8b0d9ceddc2561713ccfddb72095.tar.zst
PeerTube-eccf70f020cb8b0d9ceddc2561713ccfddb72095.zip
Fix private video download
Diffstat (limited to 'server')
-rw-r--r--server/controllers/static.ts10
-rw-r--r--server/middlewares/oauth.ts12
-rw-r--r--server/middlewares/validators/videos/videos.ts6
3 files changed, 15 insertions, 13 deletions
diff --git a/server/controllers/static.ts b/server/controllers/static.ts
index 7c900be92..0aab12756 100644
--- a/server/controllers/static.ts
+++ b/server/controllers/static.ts
@@ -10,7 +10,7 @@ import {
10 WEBSERVER 10 WEBSERVER
11} from '../initializers/constants' 11} from '../initializers/constants'
12import { cacheRoute } from '../middlewares/cache' 12import { cacheRoute } from '../middlewares/cache'
13import { asyncMiddleware, videosGetValidator } from '../middlewares' 13import { asyncMiddleware, videosDownloadValidator } from '../middlewares'
14import { VideoModel } from '../models/video/video' 14import { VideoModel } from '../models/video/video'
15import { UserModel } from '../models/account/user' 15import { UserModel } from '../models/account/user'
16import { VideoCommentModel } from '../models/video/video-comment' 16import { VideoCommentModel } from '../models/video/video-comment'
@@ -39,12 +39,12 @@ staticRouter.use(
39) 39)
40staticRouter.use( 40staticRouter.use(
41 STATIC_DOWNLOAD_PATHS.TORRENTS + ':id-:resolution([0-9]+).torrent', 41 STATIC_DOWNLOAD_PATHS.TORRENTS + ':id-:resolution([0-9]+).torrent',
42 asyncMiddleware(videosGetValidator), 42 asyncMiddleware(videosDownloadValidator),
43 asyncMiddleware(downloadTorrent) 43 asyncMiddleware(downloadTorrent)
44) 44)
45staticRouter.use( 45staticRouter.use(
46 STATIC_DOWNLOAD_PATHS.TORRENTS + ':id-:resolution([0-9]+)-hls.torrent', 46 STATIC_DOWNLOAD_PATHS.TORRENTS + ':id-:resolution([0-9]+)-hls.torrent',
47 asyncMiddleware(videosGetValidator), 47 asyncMiddleware(videosDownloadValidator),
48 asyncMiddleware(downloadHLSVideoFileTorrent) 48 asyncMiddleware(downloadHLSVideoFileTorrent)
49) 49)
50 50
@@ -62,13 +62,13 @@ staticRouter.use(
62 62
63staticRouter.use( 63staticRouter.use(
64 STATIC_DOWNLOAD_PATHS.VIDEOS + ':id-:resolution([0-9]+).:extension', 64 STATIC_DOWNLOAD_PATHS.VIDEOS + ':id-:resolution([0-9]+).:extension',
65 asyncMiddleware(videosGetValidator), 65 asyncMiddleware(videosDownloadValidator),
66 asyncMiddleware(downloadVideoFile) 66 asyncMiddleware(downloadVideoFile)
67) 67)
68 68
69staticRouter.use( 69staticRouter.use(
70 STATIC_DOWNLOAD_PATHS.HLS_VIDEOS + ':id-:resolution([0-9]+)-fragmented.:extension', 70 STATIC_DOWNLOAD_PATHS.HLS_VIDEOS + ':id-:resolution([0-9]+)-fragmented.:extension',
71 asyncMiddleware(videosGetValidator), 71 asyncMiddleware(videosDownloadValidator),
72 asyncMiddleware(downloadHLSVideoFile) 72 asyncMiddleware(downloadHLSVideoFile)
73) 73)
74 74
diff --git a/server/middlewares/oauth.ts b/server/middlewares/oauth.ts
index 77fb305dd..bb90dac47 100644
--- a/server/middlewares/oauth.ts
+++ b/server/middlewares/oauth.ts
@@ -12,8 +12,10 @@ const oAuthServer = new OAuthServer({
12 model: require('../lib/oauth-model') 12 model: require('../lib/oauth-model')
13}) 13})
14 14
15function authenticate (req: express.Request, res: express.Response, next: express.NextFunction) { 15function authenticate (req: express.Request, res: express.Response, next: express.NextFunction, authenticateInQuery = false) {
16 oAuthServer.authenticate()(req, res, err => { 16 const options = authenticateInQuery ? { allowBearerTokensInQueryString: true } : {}
17
18 oAuthServer.authenticate(options)(req, res, err => {
17 if (err) { 19 if (err) {
18 logger.warn('Cannot authenticate.', { err }) 20 logger.warn('Cannot authenticate.', { err })
19 21
@@ -50,16 +52,14 @@ function authenticateSocket (socket: Socket, next: (err?: any) => void) {
50 }) 52 })
51} 53}
52 54
53function authenticatePromiseIfNeeded (req: express.Request, res: express.Response) { 55function authenticatePromiseIfNeeded (req: express.Request, res: express.Response, authenticateInQuery = false) {
54 return new Promise(resolve => { 56 return new Promise(resolve => {
55 // Already authenticated? (or tried to) 57 // Already authenticated? (or tried to)
56 if (res.locals.oauth && res.locals.oauth.token.User) return resolve() 58 if (res.locals.oauth && res.locals.oauth.token.User) return resolve()
57 59
58 if (res.locals.authenticated === false) return res.sendStatus(401) 60 if (res.locals.authenticated === false) return res.sendStatus(401)
59 61
60 authenticate(req, res, () => { 62 authenticate(req, res, () => resolve(), authenticateInQuery)
61 return resolve()
62 })
63 }) 63 })
64} 64}
65 65
diff --git a/server/middlewares/validators/videos/videos.ts b/server/middlewares/validators/videos/videos.ts
index 53a2f193d..ab984d84a 100644
--- a/server/middlewares/validators/videos/videos.ts
+++ b/server/middlewares/validators/videos/videos.ts
@@ -147,7 +147,7 @@ async function checkVideoFollowConstraints (req: express.Request, res: express.R
147 }) 147 })
148} 148}
149 149
150const videosCustomGetValidator = (fetchType: 'all' | 'only-video' | 'only-video-with-rights') => { 150const videosCustomGetValidator = (fetchType: 'all' | 'only-video' | 'only-video-with-rights', authenticateInQuery = false) => {
151 return [ 151 return [
152 param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), 152 param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
153 153
@@ -162,7 +162,7 @@ const videosCustomGetValidator = (fetchType: 'all' | 'only-video' | 'only-video-
162 162
163 // Video private or blacklisted 163 // Video private or blacklisted
164 if (video.privacy === VideoPrivacy.PRIVATE || videoAll.VideoBlacklist) { 164 if (video.privacy === VideoPrivacy.PRIVATE || videoAll.VideoBlacklist) {
165 await authenticatePromiseIfNeeded(req, res) 165 await authenticatePromiseIfNeeded(req, res, authenticateInQuery)
166 166
167 const user = res.locals.oauth ? res.locals.oauth.token.User : null 167 const user = res.locals.oauth ? res.locals.oauth.token.User : null
168 168
@@ -193,6 +193,7 @@ const videosCustomGetValidator = (fetchType: 'all' | 'only-video' | 'only-video-
193} 193}
194 194
195const videosGetValidator = videosCustomGetValidator('all') 195const videosGetValidator = videosCustomGetValidator('all')
196const videosDownloadValidator = videosCustomGetValidator('all', true)
196 197
197const videosRemoveValidator = [ 198const videosRemoveValidator = [
198 param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), 199 param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
@@ -407,6 +408,7 @@ export {
407 videosAddValidator, 408 videosAddValidator,
408 videosUpdateValidator, 409 videosUpdateValidator,
409 videosGetValidator, 410 videosGetValidator,
411 videosDownloadValidator,
410 checkVideoFollowConstraints, 412 checkVideoFollowConstraints,
411 videosCustomGetValidator, 413 videosCustomGetValidator,
412 videosRemoveValidator, 414 videosRemoveValidator,