4 files changed, 188 insertions, 91 deletions
diff --git a/server/tests/api/check-params/index.ts b/server/tests/api/check-params/index.ts
index 33dc8fb76..961093bb5 100644
--- a/server/tests/api/check-params/index.ts
+++ b/server/tests/api/check-params/index.ts
@@ -34,6 +34,7 @@ import './video-imports'
 import './video-playlists'
 import './video-source'
 import './video-studio'
+import './video-token'
 import './videos-common-filters'
 import './videos-history'
 import './videos-overviews'
diff --git a/server/tests/api/check-params/live.ts b/server/tests/api/check-params/live.ts
index 3f553c42b..2eff9414b 100644
--- a/server/tests/api/check-params/live.ts
+++ b/server/tests/api/check-params/live.ts
@@ -502,6 +502,23 @@ describe('Test video lives API validator', function () {
      await stopFfmpeg(ffmpegCommand)
    })
+    it('Should fail to change live privacy if it has already started', async function () {
+      this.timeout(40000)
+      const live = await command.get({ videoId: video.id })
+      const ffmpegCommand = sendRTMPStream({ rtmpBaseUrl: live.rtmpUrl, streamKey: live.streamKey })
+      await command.waitUntilPublished({ videoId: video.id })
+      await server.videos.update({
+        id: video.id,
+        attributes: { privacy: VideoPrivacy.PUBLIC },
+        expectedStatus: HttpStatusCode.BAD_REQUEST_400
+      })
+      await stopFfmpeg(ffmpegCommand)
+    })
    it('Should fail to stream twice in the save live', async function () {
      this.timeout(40000)
diff --git a/server/tests/api/check-params/video-files.ts b/server/tests/api/check-params/video-files.ts
index aa4de2c83..9dc59a1b5 100644
--- a/server/tests/api/check-params/video-files.ts
+++ b/server/tests/api/check-params/video-files.ts
@@ -1,10 +1,12 @@
 /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
-import { HttpStatusCode, UserRole } from '@shared/models'
+import { getAllFiles } from '@shared/core-utils'
+import { HttpStatusCode, UserRole, VideoDetails, VideoPrivacy } from '@shared/models'
 import {
  cleanupTests,
  createMultipleServers,
  doubleFollow,
+  makeRawRequest,
  PeerTubeServer,
  setAccessTokensToServers,
  waitJobs
@@ -13,22 +15,9 @@ import {
 describe('Test videos files', function () {
  let servers: PeerTubeServer[]
-  let webtorrentId: string
-  let hlsId: string
-  let remoteId: string
  let userToken: string
  let moderatorToken: string
-  let validId1: string
-  let validId2: string
-  let hlsFileId: number
-  let webtorrentFileId: number
-  let remoteHLSFileId: number
-  let remoteWebtorrentFileId: number
  // ---------------------------------------------------------------
  before(async function () {
@@ -41,117 +30,163 @@ describe('Test videos files', function () {
    userToken = await servers[0].users.generateUserAndToken('user', UserRole.USER)
    moderatorToken = await servers[0].users.generateUserAndToken('moderator', UserRole.MODERATOR)
+  })
-    {
+  describe('Getting metadata', function () {
-      const { uuid } = await servers[1].videos.quickUpload({ name: 'remote video' })
+    let video: VideoDetails
-      await waitJobs(servers)
+    before(async function () {
+      const { uuid } = await servers[0].videos.quickUpload({ name: 'video', privacy: VideoPrivacy.PRIVATE })
+      video = await servers[0].videos.getWithToken({ id: uuid })
+    })
+    it('Should not get metadata of private video without token', async function () {
+      for (const file of getAllFiles(video)) {
+        await makeRawRequest({ url: file.metadataUrl, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
+      }
+    })
+    it('Should not get metadata of private video without the appropriate token', async function () {
+      for (const file of getAllFiles(video)) {
+        await makeRawRequest({ url: file.metadataUrl, token: userToken, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
+      }
+    })
+    it('Should get metadata of private video with the appropriate token', async function () {
+      for (const file of getAllFiles(video)) {
+        await makeRawRequest({ url: file.metadataUrl, token: servers[0].accessToken, expectedStatus: HttpStatusCode.OK_200 })
+      }
+    })
+  })
+  describe('Deleting files', function () {
+    let webtorrentId: string
+    let hlsId: string
+    let remoteId: string
+    let validId1: string
+    let validId2: string
-      const video = await servers[1].videos.get({ id: uuid })
+    let hlsFileId: number
-      remoteId = video.uuid
+    let webtorrentFileId: number
-      remoteHLSFileId = video.streamingPlaylists[0].files[0].id
-      remoteWebtorrentFileId = video.files[0].id
-    }
-    {
+    let remoteHLSFileId: number
-      await servers[0].config.enableTranscoding(true, true)
+    let remoteWebtorrentFileId: number
+    before(async function () {
+      this.timeout(300_000)
      {
-        const { uuid } = await servers[0].videos.quickUpload({ name: 'both 1' })
+        const { uuid } = await servers[1].videos.quickUpload({ name: 'remote video' })
        await waitJobs(servers)
-        const video = await servers[0].videos.get({ id: uuid })
+        const video = await servers[1].videos.get({ id: uuid })
-        validId1 = video.uuid
+        remoteId = video.uuid
-        hlsFileId = video.streamingPlaylists[0].files[0].id
+        remoteHLSFileId = video.streamingPlaylists[0].files[0].id
-        webtorrentFileId = video.files[0].id
+        remoteWebtorrentFileId = video.files[0].id
      }
      {
-        const { uuid } = await servers[0].videos.quickUpload({ name: 'both 2' })
+        await servers[0].config.enableTranscoding(true, true)
-        validId2 = uuid
+        {
+          const { uuid } = await servers[0].videos.quickUpload({ name: 'both 1' })
+          await waitJobs(servers)
+          const video = await servers[0].videos.get({ id: uuid })
+          validId1 = video.uuid
+          hlsFileId = video.streamingPlaylists[0].files[0].id
+          webtorrentFileId = video.files[0].id
+        }
+        {
+          const { uuid } = await servers[0].videos.quickUpload({ name: 'both 2' })
+          validId2 = uuid
+        }
      }
-    }
-    await waitJobs(servers)
+      await waitJobs(servers)
-    {
+      {
-      await servers[0].config.enableTranscoding(false, true)
+        await servers[0].config.enableTranscoding(false, true)
-      const { uuid } = await servers[0].videos.quickUpload({ name: 'hls' })
+        const { uuid } = await servers[0].videos.quickUpload({ name: 'hls' })
-      hlsId = uuid
+        hlsId = uuid
-    }
+      }
-    await waitJobs(servers)
+      await waitJobs(servers)
-    {
+      {
-      await servers[0].config.enableTranscoding(false, true)
+        await servers[0].config.enableTranscoding(false, true)
-      const { uuid } = await servers[0].videos.quickUpload({ name: 'webtorrent' })
+        const { uuid } = await servers[0].videos.quickUpload({ name: 'webtorrent' })
-      webtorrentId = uuid
+        webtorrentId = uuid
-    }
+      }
-    await waitJobs(servers)
+      await waitJobs(servers)
-  })
+    })
-  it('Should not delete files of a unknown video', async function () {
+    it('Should not delete files of a unknown video', async function () {
-    const expectedStatus = HttpStatusCode.NOT_FOUND_404
+      const expectedStatus = HttpStatusCode.NOT_FOUND_404
-    await servers[0].videos.removeHLSPlaylist({ videoId: 404, expectedStatus })
+      await servers[0].videos.removeHLSPlaylist({ videoId: 404, expectedStatus })
-    await servers[0].videos.removeAllWebTorrentFiles({ videoId: 404, expectedStatus })
+      await servers[0].videos.removeAllWebTorrentFiles({ videoId: 404, expectedStatus })
-    await servers[0].videos.removeHLSFile({ videoId: 404, fileId: hlsFileId, expectedStatus })
+      await servers[0].videos.removeHLSFile({ videoId: 404, fileId: hlsFileId, expectedStatus })
-    await servers[0].videos.removeWebTorrentFile({ videoId: 404, fileId: webtorrentFileId, expectedStatus })
+      await servers[0].videos.removeWebTorrentFile({ videoId: 404, fileId: webtorrentFileId, expectedStatus })
-  })
+    })
-  it('Should not delete unknown files', async function () {
+    it('Should not delete unknown files', async function () {
-    const expectedStatus = HttpStatusCode.NOT_FOUND_404
+      const expectedStatus = HttpStatusCode.NOT_FOUND_404
-    await servers[0].videos.removeHLSFile({ videoId: validId1, fileId: webtorrentFileId, expectedStatus })
+      await servers[0].videos.removeHLSFile({ videoId: validId1, fileId: webtorrentFileId, expectedStatus })
-    await servers[0].videos.removeWebTorrentFile({ videoId: validId1, fileId: hlsFileId, expectedStatus })
+      await servers[0].videos.removeWebTorrentFile({ videoId: validId1, fileId: hlsFileId, expectedStatus })
-  })
+    })
-  it('Should not delete files of a remote video', async function () {
+    it('Should not delete files of a remote video', async function () {
-    const expectedStatus = HttpStatusCode.BAD_REQUEST_400
+      const expectedStatus = HttpStatusCode.BAD_REQUEST_400
-    await servers[0].videos.removeHLSPlaylist({ videoId: remoteId, expectedStatus })
+      await servers[0].videos.removeHLSPlaylist({ videoId: remoteId, expectedStatus })
-    await servers[0].videos.removeAllWebTorrentFiles({ videoId: remoteId, expectedStatus })
+      await servers[0].videos.removeAllWebTorrentFiles({ videoId: remoteId, expectedStatus })
-    await servers[0].videos.removeHLSFile({ videoId: remoteId, fileId: remoteHLSFileId, expectedStatus })
+      await servers[0].videos.removeHLSFile({ videoId: remoteId, fileId: remoteHLSFileId, expectedStatus })
-    await servers[0].videos.removeWebTorrentFile({ videoId: remoteId, fileId: remoteWebtorrentFileId, expectedStatus })
+      await servers[0].videos.removeWebTorrentFile({ videoId: remoteId, fileId: remoteWebtorrentFileId, expectedStatus })
-  })
+    })
-  it('Should not delete files by a non admin user', async function () {
+    it('Should not delete files by a non admin user', async function () {
-    const expectedStatus = HttpStatusCode.FORBIDDEN_403
+      const expectedStatus = HttpStatusCode.FORBIDDEN_403
-    await servers[0].videos.removeHLSPlaylist({ videoId: validId1, token: userToken, expectedStatus })
+      await servers[0].videos.removeHLSPlaylist({ videoId: validId1, token: userToken, expectedStatus })
-    await servers[0].videos.removeHLSPlaylist({ videoId: validId1, token: moderatorToken, expectedStatus })
+      await servers[0].videos.removeHLSPlaylist({ videoId: validId1, token: moderatorToken, expectedStatus })
-    await servers[0].videos.removeAllWebTorrentFiles({ videoId: validId1, token: userToken, expectedStatus })
+      await servers[0].videos.removeAllWebTorrentFiles({ videoId: validId1, token: userToken, expectedStatus })
-    await servers[0].videos.removeAllWebTorrentFiles({ videoId: validId1, token: moderatorToken, expectedStatus })
+      await servers[0].videos.removeAllWebTorrentFiles({ videoId: validId1, token: moderatorToken, expectedStatus })
-    await servers[0].videos.removeHLSFile({ videoId: validId1, fileId: hlsFileId, token: userToken, expectedStatus })
+      await servers[0].videos.removeHLSFile({ videoId: validId1, fileId: hlsFileId, token: userToken, expectedStatus })
-    await servers[0].videos.removeHLSFile({ videoId: validId1, fileId: hlsFileId, token: moderatorToken, expectedStatus })
+      await servers[0].videos.removeHLSFile({ videoId: validId1, fileId: hlsFileId, token: moderatorToken, expectedStatus })
-    await servers[0].videos.removeWebTorrentFile({ videoId: validId1, fileId: webtorrentFileId, token: userToken, expectedStatus })
+      await servers[0].videos.removeWebTorrentFile({ videoId: validId1, fileId: webtorrentFileId, token: userToken, expectedStatus })
-    await servers[0].videos.removeWebTorrentFile({ videoId: validId1, fileId: webtorrentFileId, token: moderatorToken, expectedStatus })
+      await servers[0].videos.removeWebTorrentFile({ videoId: validId1, fileId: webtorrentFileId, token: moderatorToken, expectedStatus })
-  })
+    })
-  it('Should not delete files if the files are not available', async function () {
+    it('Should not delete files if the files are not available', async function () {
-    await servers[0].videos.removeHLSPlaylist({ videoId: hlsId, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
+      await servers[0].videos.removeHLSPlaylist({ videoId: hlsId, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
-    await servers[0].videos.removeAllWebTorrentFiles({ videoId: webtorrentId, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
+      await servers[0].videos.removeAllWebTorrentFiles({ videoId: webtorrentId, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
-    await servers[0].videos.removeHLSFile({ videoId: hlsId, fileId: 404, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
+      await servers[0].videos.removeHLSFile({ videoId: hlsId, fileId: 404, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
-    await servers[0].videos.removeWebTorrentFile({ videoId: webtorrentId, fileId: 404, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
+      await servers[0].videos.removeWebTorrentFile({ videoId: webtorrentId, fileId: 404, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
-  })
+    })
-  it('Should not delete files if no both versions are available', async function () {
+    it('Should not delete files if no both versions are available', async function () {
-    await servers[0].videos.removeHLSPlaylist({ videoId: hlsId, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
+      await servers[0].videos.removeHLSPlaylist({ videoId: hlsId, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
-    await servers[0].videos.removeAllWebTorrentFiles({ videoId: webtorrentId, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
+      await servers[0].videos.removeAllWebTorrentFiles({ videoId: webtorrentId, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
-  })
+    })
-  it('Should delete files if both versions are available', async function () {
+    it('Should delete files if both versions are available', async function () {
-    await servers[0].videos.removeHLSFile({ videoId: validId1, fileId: hlsFileId })
+      await servers[0].videos.removeHLSFile({ videoId: validId1, fileId: hlsFileId })
-    await servers[0].videos.removeWebTorrentFile({ videoId: validId1, fileId: webtorrentFileId })
+      await servers[0].videos.removeWebTorrentFile({ videoId: validId1, fileId: webtorrentFileId })
-    await servers[0].videos.removeHLSPlaylist({ videoId: validId1 })
+      await servers[0].videos.removeHLSPlaylist({ videoId: validId1 })
-    await servers[0].videos.removeAllWebTorrentFiles({ videoId: validId2 })
+      await servers[0].videos.removeAllWebTorrentFiles({ videoId: validId2 })
+    })
  })
  after(async function () {
diff --git a/server/tests/api/check-params/video-token.ts b/server/tests/api/check-params/video-token.ts
new file mode 100644
index 000000000..7acb9d580
--- /dev/null
+++ b/server/tests/api/check-params/video-token.ts
@@ -0,0 +1,44 @@
+/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
+import { HttpStatusCode, VideoPrivacy } from '@shared/models'
+import { cleanupTests, createSingleServer, PeerTubeServer, setAccessTokensToServers } from '@shared/server-commands'
+describe('Test video tokens', function () {
+  let server: PeerTubeServer
+  let videoId: string
+  let userToken: string
+  // ---------------------------------------------------------------
+  before(async function () {
+    this.timeout(300_000)
+    server = await createSingleServer(1)
+    await setAccessTokensToServers([ server ])
+    const { uuid } = await server.videos.quickUpload({ name: 'video', privacy: VideoPrivacy.PRIVATE })
+    videoId = uuid
+    userToken = await server.users.generateUserAndToken('user1')
+  })
+  it('Should not generate tokens for unauthenticated user', async function () {
+    await server.videoToken.create({ videoId, token: null, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
+  })
+  it('Should not generate tokens of unknown video', async function () {
+    await server.videoToken.create({ videoId: 404, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
+  })
+  it('Should not generate tokens of a non owned video', async function () {
+    await server.videoToken.create({ videoId, token: userToken, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
+  })
+  it('Should generate token', async function () {
+    await server.videoToken.create({ videoId })
+  })
+  after(async function () {
+    await cleanupTests([ server ])
+  })
+})

diff --git a/server/tests/api/check-params/index.ts b/server/tests/api/check-params/index.ts index 33dc8fb76..961093bb5 100644 --- a/server/tests/api/check-params/index.ts +++ b/server/tests/api/check-params/index.ts
@@ -34,6 +34,7 @@ import './video-imports'
34	import './video-playlists'	34	import './video-playlists'
35	import './video-source'	35	import './video-source'
36	import './video-studio'	36	import './video-studio'
		37	import './video-token'
37	import './videos-common-filters'	38	import './videos-common-filters'
38	import './videos-history'	39	import './videos-history'
39	import './videos-overviews'	40	import './videos-overviews'


diff --git a/server/tests/api/check-params/live.ts b/server/tests/api/check-params/live.ts index 3f553c42b..2eff9414b 100644 --- a/server/tests/api/check-params/live.ts +++ b/server/tests/api/check-params/live.ts
@@ -502,6 +502,23 @@ describe('Test video lives API validator', function () {
502	await stopFfmpeg(ffmpegCommand)	502	await stopFfmpeg(ffmpegCommand)
503	})	503	})
504		504
		505	it('Should fail to change live privacy if it has already started', async function () {
		506	this.timeout(40000)
		507
		508	const live = await command.get({ videoId: video.id })
		509
		510	const ffmpegCommand = sendRTMPStream({ rtmpBaseUrl: live.rtmpUrl, streamKey: live.streamKey })
		511
		512	await command.waitUntilPublished({ videoId: video.id })
		513	await server.videos.update({
		514	id: video.id,
		515	attributes: { privacy: VideoPrivacy.PUBLIC },
		516	expectedStatus: HttpStatusCode.BAD_REQUEST_400
		517	})
		518
		519	await stopFfmpeg(ffmpegCommand)
		520	})
		521
505	it('Should fail to stream twice in the save live', async function () {	522	it('Should fail to stream twice in the save live', async function () {
506	this.timeout(40000)	523	this.timeout(40000)
507		524


diff --git a/server/tests/api/check-params/video-files.ts b/server/tests/api/check-params/video-files.ts index aa4de2c83..9dc59a1b5 100644 --- a/server/tests/api/check-params/video-files.ts +++ b/server/tests/api/check-params/video-files.ts
@@ -1,10 +1,12 @@
1	/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */	1	/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
2		2
3	import { HttpStatusCode, UserRole } from '@shared/models'	3	import { getAllFiles } from '@shared/core-utils'
		4	import { HttpStatusCode, UserRole, VideoDetails, VideoPrivacy } from '@shared/models'
4	import {	5	import {
5	cleanupTests,	6	cleanupTests,
6	createMultipleServers,	7	createMultipleServers,
7	doubleFollow,	8	doubleFollow,
		9	makeRawRequest,
8	PeerTubeServer,	10	PeerTubeServer,
9	setAccessTokensToServers,	11	setAccessTokensToServers,
10	waitJobs	12	waitJobs
@@ -13,22 +15,9 @@ import {
13	describe('Test videos files', function () {	15	describe('Test videos files', function () {
14	let servers: PeerTubeServer[]	16	let servers: PeerTubeServer[]
15		17
16	let webtorrentId: string
17	let hlsId: string
18	let remoteId: string
19
20	let userToken: string	18	let userToken: string
21	let moderatorToken: string	19	let moderatorToken: string
22		20
23	let validId1: string
24	let validId2: string
25
26	let hlsFileId: number
27	let webtorrentFileId: number
28
29	let remoteHLSFileId: number
30	let remoteWebtorrentFileId: number
31
32	// ---------------------------------------------------------------	21	// ---------------------------------------------------------------
33		22
34	before(async function () {	23	before(async function () {
@@ -41,117 +30,163 @@ describe('Test videos files', function () {
41		30
42	userToken = await servers[0].users.generateUserAndToken('user', UserRole.USER)	31	userToken = await servers[0].users.generateUserAndToken('user', UserRole.USER)
43	moderatorToken = await servers[0].users.generateUserAndToken('moderator', UserRole.MODERATOR)	32	moderatorToken = await servers[0].users.generateUserAndToken('moderator', UserRole.MODERATOR)
		33	})
44		34
45	{	35	describe('Getting metadata', function () {
46	const { uuid } = await servers[1].videos.quickUpload({ name: 'remote video' })	36	let video: VideoDetails
47	await waitJobs(servers)	37
		38	before(async function () {
		39	const { uuid } = await servers[0].videos.quickUpload({ name: 'video', privacy: VideoPrivacy.PRIVATE })
		40	video = await servers[0].videos.getWithToken({ id: uuid })
		41	})
		42
		43	it('Should not get metadata of private video without token', async function () {
		44	for (const file of getAllFiles(video)) {
		45	await makeRawRequest({ url: file.metadataUrl, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
		46	}
		47	})
		48
		49	it('Should not get metadata of private video without the appropriate token', async function () {
		50	for (const file of getAllFiles(video)) {
		51	await makeRawRequest({ url: file.metadataUrl, token: userToken, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
		52	}
		53	})
		54
		55	it('Should get metadata of private video with the appropriate token', async function () {
		56	for (const file of getAllFiles(video)) {
		57	await makeRawRequest({ url: file.metadataUrl, token: servers[0].accessToken, expectedStatus: HttpStatusCode.OK_200 })
		58	}
		59	})
		60	})
		61
		62	describe('Deleting files', function () {
		63	let webtorrentId: string
		64	let hlsId: string
		65	let remoteId: string
		66
		67	let validId1: string
		68	let validId2: string
48		69
49	const video = await servers[1].videos.get({ id: uuid })	70	let hlsFileId: number
50	remoteId = video.uuid	71	let webtorrentFileId: number
51	remoteHLSFileId = video.streamingPlaylists[0].files[0].id
52	remoteWebtorrentFileId = video.files[0].id
53	}
54		72
55	{	73	let remoteHLSFileId: number
56	await servers[0].config.enableTranscoding(true, true)	74	let remoteWebtorrentFileId: number
		75
		76	before(async function () {
		77	this.timeout(300_000)
57		78
58	{	79	{
59	const { uuid } = await servers[0].videos.quickUpload({ name: 'both 1' })	80	const { uuid } = await servers[1].videos.quickUpload({ name: 'remote video' })
60	await waitJobs(servers)	81	await waitJobs(servers)
61		82
62	const video = await servers[0].videos.get({ id: uuid })	83	const video = await servers[1].videos.get({ id: uuid })
63	validId1 = video.uuid	84	remoteId = video.uuid
64	hlsFileId = video.streamingPlaylists[0].files[0].id	85	remoteHLSFileId = video.streamingPlaylists[0].files[0].id
65	webtorrentFileId = video.files[0].id	86	remoteWebtorrentFileId = video.files[0].id
66	}	87	}
67		88
68	{	89	{
69	const { uuid } = await servers[0].videos.quickUpload({ name: 'both 2' })	90	await servers[0].config.enableTranscoding(true, true)
70	validId2 = uuid	91
		92	{
		93	const { uuid } = await servers[0].videos.quickUpload({ name: 'both 1' })
		94	await waitJobs(servers)
		95
		96	const video = await servers[0].videos.get({ id: uuid })
		97	validId1 = video.uuid
		98	hlsFileId = video.streamingPlaylists[0].files[0].id
		99	webtorrentFileId = video.files[0].id
		100	}
		101
		102	{
		103	const { uuid } = await servers[0].videos.quickUpload({ name: 'both 2' })
		104	validId2 = uuid
		105	}
71	}	106	}
72	}
73		107
74	await waitJobs(servers)	108	await waitJobs(servers)
75		109
76	{	110	{
77	await servers[0].config.enableTranscoding(false, true)	111	await servers[0].config.enableTranscoding(false, true)
78	const { uuid } = await servers[0].videos.quickUpload({ name: 'hls' })	112	const { uuid } = await servers[0].videos.quickUpload({ name: 'hls' })
79	hlsId = uuid	113	hlsId = uuid
80	}	114	}
81		115
82	await waitJobs(servers)	116	await waitJobs(servers)
83		117
84	{	118	{
85	await servers[0].config.enableTranscoding(false, true)	119	await servers[0].config.enableTranscoding(false, true)
86	const { uuid } = await servers[0].videos.quickUpload({ name: 'webtorrent' })	120	const { uuid } = await servers[0].videos.quickUpload({ name: 'webtorrent' })
87	webtorrentId = uuid	121	webtorrentId = uuid
88	}	122	}
89		123
90	await waitJobs(servers)	124	await waitJobs(servers)
91	})	125	})
92		126
93	it('Should not delete files of a unknown video', async function () {	127	it('Should not delete files of a unknown video', async function () {
94	const expectedStatus = HttpStatusCode.NOT_FOUND_404	128	const expectedStatus = HttpStatusCode.NOT_FOUND_404
95		129
96	await servers[0].videos.removeHLSPlaylist({ videoId: 404, expectedStatus })	130	await servers[0].videos.removeHLSPlaylist({ videoId: 404, expectedStatus })
97	await servers[0].videos.removeAllWebTorrentFiles({ videoId: 404, expectedStatus })	131	await servers[0].videos.removeAllWebTorrentFiles({ videoId: 404, expectedStatus })
98		132
99	await servers[0].videos.removeHLSFile({ videoId: 404, fileId: hlsFileId, expectedStatus })	133	await servers[0].videos.removeHLSFile({ videoId: 404, fileId: hlsFileId, expectedStatus })
100	await servers[0].videos.removeWebTorrentFile({ videoId: 404, fileId: webtorrentFileId, expectedStatus })	134	await servers[0].videos.removeWebTorrentFile({ videoId: 404, fileId: webtorrentFileId, expectedStatus })
101	})	135	})
102		136
103	it('Should not delete unknown files', async function () {	137	it('Should not delete unknown files', async function () {
104	const expectedStatus = HttpStatusCode.NOT_FOUND_404	138	const expectedStatus = HttpStatusCode.NOT_FOUND_404
105		139
106	await servers[0].videos.removeHLSFile({ videoId: validId1, fileId: webtorrentFileId, expectedStatus })	140	await servers[0].videos.removeHLSFile({ videoId: validId1, fileId: webtorrentFileId, expectedStatus })
107	await servers[0].videos.removeWebTorrentFile({ videoId: validId1, fileId: hlsFileId, expectedStatus })	141	await servers[0].videos.removeWebTorrentFile({ videoId: validId1, fileId: hlsFileId, expectedStatus })
108	})	142	})
109		143
110	it('Should not delete files of a remote video', async function () {	144	it('Should not delete files of a remote video', async function () {
111	const expectedStatus = HttpStatusCode.BAD_REQUEST_400	145	const expectedStatus = HttpStatusCode.BAD_REQUEST_400
112		146
113	await servers[0].videos.removeHLSPlaylist({ videoId: remoteId, expectedStatus })	147	await servers[0].videos.removeHLSPlaylist({ videoId: remoteId, expectedStatus })
114	await servers[0].videos.removeAllWebTorrentFiles({ videoId: remoteId, expectedStatus })	148	await servers[0].videos.removeAllWebTorrentFiles({ videoId: remoteId, expectedStatus })
115		149
116	await servers[0].videos.removeHLSFile({ videoId: remoteId, fileId: remoteHLSFileId, expectedStatus })	150	await servers[0].videos.removeHLSFile({ videoId: remoteId, fileId: remoteHLSFileId, expectedStatus })
117	await servers[0].videos.removeWebTorrentFile({ videoId: remoteId, fileId: remoteWebtorrentFileId, expectedStatus })	151	await servers[0].videos.removeWebTorrentFile({ videoId: remoteId, fileId: remoteWebtorrentFileId, expectedStatus })
118	})	152	})
119		153
120	it('Should not delete files by a non admin user', async function () {	154	it('Should not delete files by a non admin user', async function () {
121	const expectedStatus = HttpStatusCode.FORBIDDEN_403	155	const expectedStatus = HttpStatusCode.FORBIDDEN_403
122		156
123	await servers[0].videos.removeHLSPlaylist({ videoId: validId1, token: userToken, expectedStatus })	157	await servers[0].videos.removeHLSPlaylist({ videoId: validId1, token: userToken, expectedStatus })
124	await servers[0].videos.removeHLSPlaylist({ videoId: validId1, token: moderatorToken, expectedStatus })	158	await servers[0].videos.removeHLSPlaylist({ videoId: validId1, token: moderatorToken, expectedStatus })
125		159
126	await servers[0].videos.removeAllWebTorrentFiles({ videoId: validId1, token: userToken, expectedStatus })	160	await servers[0].videos.removeAllWebTorrentFiles({ videoId: validId1, token: userToken, expectedStatus })
127	await servers[0].videos.removeAllWebTorrentFiles({ videoId: validId1, token: moderatorToken, expectedStatus })	161	await servers[0].videos.removeAllWebTorrentFiles({ videoId: validId1, token: moderatorToken, expectedStatus })
128		162
129	await servers[0].videos.removeHLSFile({ videoId: validId1, fileId: hlsFileId, token: userToken, expectedStatus })	163	await servers[0].videos.removeHLSFile({ videoId: validId1, fileId: hlsFileId, token: userToken, expectedStatus })
130	await servers[0].videos.removeHLSFile({ videoId: validId1, fileId: hlsFileId, token: moderatorToken, expectedStatus })	164	await servers[0].videos.removeHLSFile({ videoId: validId1, fileId: hlsFileId, token: moderatorToken, expectedStatus })
131		165
132	await servers[0].videos.removeWebTorrentFile({ videoId: validId1, fileId: webtorrentFileId, token: userToken, expectedStatus })	166	await servers[0].videos.removeWebTorrentFile({ videoId: validId1, fileId: webtorrentFileId, token: userToken, expectedStatus })
133	await servers[0].videos.removeWebTorrentFile({ videoId: validId1, fileId: webtorrentFileId, token: moderatorToken, expectedStatus })	167	await servers[0].videos.removeWebTorrentFile({ videoId: validId1, fileId: webtorrentFileId, token: moderatorToken, expectedStatus })
134	})	168	})
135		169
136	it('Should not delete files if the files are not available', async function () {	170	it('Should not delete files if the files are not available', async function () {
137	await servers[0].videos.removeHLSPlaylist({ videoId: hlsId, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })	171	await servers[0].videos.removeHLSPlaylist({ videoId: hlsId, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
138	await servers[0].videos.removeAllWebTorrentFiles({ videoId: webtorrentId, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })	172	await servers[0].videos.removeAllWebTorrentFiles({ videoId: webtorrentId, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
139		173
140	await servers[0].videos.removeHLSFile({ videoId: hlsId, fileId: 404, expectedStatus: HttpStatusCode.NOT_FOUND_404 })	174	await servers[0].videos.removeHLSFile({ videoId: hlsId, fileId: 404, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
141	await servers[0].videos.removeWebTorrentFile({ videoId: webtorrentId, fileId: 404, expectedStatus: HttpStatusCode.NOT_FOUND_404 })	175	await servers[0].videos.removeWebTorrentFile({ videoId: webtorrentId, fileId: 404, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
142	})	176	})
143		177
144	it('Should not delete files if no both versions are available', async function () {	178	it('Should not delete files if no both versions are available', async function () {
145	await servers[0].videos.removeHLSPlaylist({ videoId: hlsId, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })	179	await servers[0].videos.removeHLSPlaylist({ videoId: hlsId, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
146	await servers[0].videos.removeAllWebTorrentFiles({ videoId: webtorrentId, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })	180	await servers[0].videos.removeAllWebTorrentFiles({ videoId: webtorrentId, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
147	})	181	})
148		182
149	it('Should delete files if both versions are available', async function () {	183	it('Should delete files if both versions are available', async function () {
150	await servers[0].videos.removeHLSFile({ videoId: validId1, fileId: hlsFileId })	184	await servers[0].videos.removeHLSFile({ videoId: validId1, fileId: hlsFileId })
151	await servers[0].videos.removeWebTorrentFile({ videoId: validId1, fileId: webtorrentFileId })	185	await servers[0].videos.removeWebTorrentFile({ videoId: validId1, fileId: webtorrentFileId })
152		186
153	await servers[0].videos.removeHLSPlaylist({ videoId: validId1 })	187	await servers[0].videos.removeHLSPlaylist({ videoId: validId1 })
154	await servers[0].videos.removeAllWebTorrentFiles({ videoId: validId2 })	188	await servers[0].videos.removeAllWebTorrentFiles({ videoId: validId2 })
		189	})
155	})	190	})
156		191
157	after(async function () {	192	after(async function () {


diff --git a/server/tests/api/check-params/video-token.ts b/server/tests/api/check-params/video-token.ts new file mode 100644 index 000000000..7acb9d580 --- /dev/null +++ b/server/tests/api/check-params/video-token.ts
@@ -0,0 +1,44 @@
		1	/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
		2
		3	import { HttpStatusCode, VideoPrivacy } from '@shared/models'
		4	import { cleanupTests, createSingleServer, PeerTubeServer, setAccessTokensToServers } from '@shared/server-commands'
		5
		6	describe('Test video tokens', function () {
		7	let server: PeerTubeServer
		8	let videoId: string
		9	let userToken: string
		10
		11	// ---------------------------------------------------------------
		12
		13	before(async function () {
		14	this.timeout(300_000)
		15
		16	server = await createSingleServer(1)
		17	await setAccessTokensToServers([ server ])
		18
		19	const { uuid } = await server.videos.quickUpload({ name: 'video', privacy: VideoPrivacy.PRIVATE })
		20	videoId = uuid
		21
		22	userToken = await server.users.generateUserAndToken('user1')
		23	})
		24
		25	it('Should not generate tokens for unauthenticated user', async function () {
		26	await server.videoToken.create({ videoId, token: null, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
		27	})
		28
		29	it('Should not generate tokens of unknown video', async function () {
		30	await server.videoToken.create({ videoId: 404, expectedStatus: HttpStatusCode.NOT_FOUND_404 })
		31	})
		32
		33	it('Should not generate tokens of a non owned video', async function () {
		34	await server.videoToken.create({ videoId, token: userToken, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
		35	})
		36
		37	it('Should generate token', async function () {
		38	await server.videoToken.create({ videoId })
		39	})
		40
		41	after(async function () {
		42	await cleanupTests([ server ])
		43	})
		44	})