aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
-rw-r--r--server/middlewares/validators/oembed.ts36
-rw-r--r--server/tests/api/check-params/services.ts67
2 files changed, 87 insertions, 16 deletions
diff --git a/server/middlewares/validators/oembed.ts b/server/middlewares/validators/oembed.ts
index 32dd05271..fc1a294e0 100644
--- a/server/middlewares/validators/oembed.ts
+++ b/server/middlewares/validators/oembed.ts
@@ -6,7 +6,7 @@ import { VideoPlaylistModel } from '@server/models/video/video-playlist'
6import { VideoPlaylistPrivacy, VideoPrivacy } from '@shared/models' 6import { VideoPlaylistPrivacy, VideoPrivacy } from '@shared/models'
7import { HttpStatusCode } from '../../../shared/models/http/http-error-codes' 7import { HttpStatusCode } from '../../../shared/models/http/http-error-codes'
8import { isTestInstance } from '../../helpers/core-utils' 8import { isTestInstance } from '../../helpers/core-utils'
9import { isIdOrUUIDValid, toCompleteUUID } from '../../helpers/custom-validators/misc' 9import { isIdOrUUIDValid, isUUIDValid, toCompleteUUID } from '../../helpers/custom-validators/misc'
10import { logger } from '../../helpers/logger' 10import { logger } from '../../helpers/logger'
11import { WEBSERVER } from '../../initializers/constants' 11import { WEBSERVER } from '../../initializers/constants'
12import { areValidationErrors } from './shared' 12import { areValidationErrors } from './shared'
@@ -107,15 +107,18 @@ const oembedValidator = [
107 }) 107 })
108 } 108 }
109 109
110 if (video.privacy !== VideoPrivacy.PUBLIC) { 110 if (
111 return res.fail({ 111 video.privacy === VideoPrivacy.PUBLIC ||
112 status: HttpStatusCode.FORBIDDEN_403, 112 (video.privacy === VideoPrivacy.UNLISTED && isUUIDValid(elementId) === true)
113 message: 'Video is not public' 113 ) {
114 }) 114 res.locals.videoAll = video
115 return next()
115 } 116 }
116 117
117 res.locals.videoAll = video 118 return res.fail({
118 return next() 119 status: HttpStatusCode.FORBIDDEN_403,
120 message: 'Video is not publicly available'
121 })
119 } 122 }
120 123
121 // Is playlist 124 // Is playlist
@@ -128,15 +131,18 @@ const oembedValidator = [
128 }) 131 })
129 } 132 }
130 133
131 if (videoPlaylist.privacy !== VideoPlaylistPrivacy.PUBLIC) { 134 if (
132 return res.fail({ 135 videoPlaylist.privacy === VideoPlaylistPrivacy.PUBLIC ||
133 status: HttpStatusCode.FORBIDDEN_403, 136 (videoPlaylist.privacy === VideoPlaylistPrivacy.UNLISTED && isUUIDValid(elementId))
134 message: 'Playlist is not public' 137 ) {
135 }) 138 res.locals.videoPlaylistSummary = videoPlaylist
139 return next()
136 } 140 }
137 141
138 res.locals.videoPlaylistSummary = videoPlaylist 142 return res.fail({
139 return next() 143 status: HttpStatusCode.FORBIDDEN_403,
144 message: 'Playlist is not public'
145 })
140 } 146 }
141 147
142] 148]
diff --git a/server/tests/api/check-params/services.ts b/server/tests/api/check-params/services.ts
index e63f09884..5d1713e03 100644
--- a/server/tests/api/check-params/services.ts
+++ b/server/tests/api/check-params/services.ts
@@ -1,6 +1,7 @@
1/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */ 1/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
2 2
3import 'mocha' 3import 'mocha'
4import { HttpStatusCode, VideoCreateResult, VideoPlaylistCreateResult, VideoPlaylistPrivacy, VideoPrivacy } from '@shared/models'
4import { 5import {
5 cleanupTests, 6 cleanupTests,
6 createSingleServer, 7 createSingleServer,
@@ -9,12 +10,17 @@ import {
9 setAccessTokensToServers, 10 setAccessTokensToServers,
10 setDefaultVideoChannel 11 setDefaultVideoChannel
11} from '@shared/server-commands' 12} from '@shared/server-commands'
12import { HttpStatusCode, VideoPlaylistPrivacy } from '@shared/models'
13 13
14describe('Test services API validators', function () { 14describe('Test services API validators', function () {
15 let server: PeerTubeServer 15 let server: PeerTubeServer
16 let playlistUUID: string 16 let playlistUUID: string
17 17
18 let privateVideo: VideoCreateResult
19 let unlistedVideo: VideoCreateResult
20
21 let privatePlaylist: VideoPlaylistCreateResult
22 let unlistedPlaylist: VideoPlaylistCreateResult
23
18 // --------------------------------------------------------------- 24 // ---------------------------------------------------------------
19 25
20 before(async function () { 26 before(async function () {
@@ -26,6 +32,9 @@ describe('Test services API validators', function () {
26 32
27 server.store.videoCreated = await server.videos.upload({ attributes: { name: 'my super name' } }) 33 server.store.videoCreated = await server.videos.upload({ attributes: { name: 'my super name' } })
28 34
35 privateVideo = await server.videos.quickUpload({ name: 'private', privacy: VideoPrivacy.PRIVATE })
36 unlistedVideo = await server.videos.quickUpload({ name: 'unlisted', privacy: VideoPrivacy.UNLISTED })
37
29 { 38 {
30 const created = await server.playlists.create({ 39 const created = await server.playlists.create({
31 attributes: { 40 attributes: {
@@ -36,6 +45,22 @@ describe('Test services API validators', function () {
36 }) 45 })
37 46
38 playlistUUID = created.uuid 47 playlistUUID = created.uuid
48
49 privatePlaylist = await server.playlists.create({
50 attributes: {
51 displayName: 'private',
52 privacy: VideoPlaylistPrivacy.PRIVATE,
53 videoChannelId: server.store.channel.id
54 }
55 })
56
57 unlistedPlaylist = await server.playlists.create({
58 attributes: {
59 displayName: 'unlisted',
60 privacy: VideoPlaylistPrivacy.UNLISTED,
61 videoChannelId: server.store.channel.id
62 }
63 })
39 } 64 }
40 }) 65 })
41 66
@@ -91,6 +116,46 @@ describe('Test services API validators', function () {
91 await checkParamEmbed(server, embedUrl, HttpStatusCode.NOT_IMPLEMENTED_501, { format: 'xml' }) 116 await checkParamEmbed(server, embedUrl, HttpStatusCode.NOT_IMPLEMENTED_501, { format: 'xml' })
92 }) 117 })
93 118
119 it('Should fail with a private video', async function () {
120 const embedUrl = `http://localhost:${server.port}/videos/watch/${privateVideo.uuid}`
121
122 await checkParamEmbed(server, embedUrl, HttpStatusCode.FORBIDDEN_403)
123 })
124
125 it('Should fail with an unlisted video with the int id', async function () {
126 const embedUrl = `http://localhost:${server.port}/videos/watch/${unlistedVideo.id}`
127
128 await checkParamEmbed(server, embedUrl, HttpStatusCode.FORBIDDEN_403)
129 })
130
131 it('Should succeed with an unlisted video using the uuid id', async function () {
132 for (const uuid of [ unlistedVideo.uuid, unlistedVideo.shortUUID ]) {
133 const embedUrl = `http://localhost:${server.port}/videos/watch/${uuid}`
134
135 await checkParamEmbed(server, embedUrl, HttpStatusCode.OK_200)
136 }
137 })
138
139 it('Should fail with a private playlist', async function () {
140 const embedUrl = `http://localhost:${server.port}/videos/watch/playlist/${privatePlaylist.uuid}`
141
142 await checkParamEmbed(server, embedUrl, HttpStatusCode.FORBIDDEN_403)
143 })
144
145 it('Should fail with an unlisted playlist using the int id', async function () {
146 const embedUrl = `http://localhost:${server.port}/videos/watch/playlist/${unlistedPlaylist.id}`
147
148 await checkParamEmbed(server, embedUrl, HttpStatusCode.FORBIDDEN_403)
149 })
150
151 it('Should succeed with an unlisted playlist using the uuid id', async function () {
152 for (const uuid of [ unlistedPlaylist.uuid, unlistedPlaylist.shortUUID ]) {
153 const embedUrl = `http://localhost:${server.port}/videos/watch/playlist/${uuid}`
154
155 await checkParamEmbed(server, embedUrl, HttpStatusCode.OK_200)
156 }
157 })
158
94 it('Should succeed with the correct params with a video', async function () { 159 it('Should succeed with the correct params with a video', async function () {
95 const embedUrl = `http://localhost:${server.port}/videos/watch/${server.store.videoCreated.uuid}` 160 const embedUrl = `http://localhost:${server.port}/videos/watch/${server.store.videoCreated.uuid}`
96 const query = { 161 const query = {