diff options
Diffstat (limited to 'server')
| -rw-r--r-- | server/initializers/config.ts | 2 | ||||
| -rw-r--r-- | server/initializers/constants.ts | 4 | ||||
| -rw-r--r-- | server/lib/client-html.ts | 2 | ||||
| -rw-r--r-- | server/middlewares/csp.ts | 4 | ||||
| -rw-r--r-- | server/middlewares/validators/videos/videos.ts | 34 | ||||
| -rw-r--r-- | server/tests/api/server/follows.ts | 2 | ||||
| -rw-r--r-- | server/tests/api/server/services.ts | 2 | ||||
| -rw-r--r-- | server/tests/api/videos/video-captions.ts | 10 | ||||
| -rw-r--r-- | server/tests/api/videos/video-imports.ts | 6 |
9 files changed, 32 insertions, 34 deletions
diff --git a/server/initializers/config.ts b/server/initializers/config.ts index 04ba605b6..b40e525a5 100644 --- a/server/initializers/config.ts +++ b/server/initializers/config.ts | |||
| @@ -125,7 +125,7 @@ const CONFIG = { | |||
| 125 | CSP: { | 125 | CSP: { |
| 126 | ENABLED: config.get<boolean>('csp.enabled'), | 126 | ENABLED: config.get<boolean>('csp.enabled'), |
| 127 | REPORT_ONLY: config.get<boolean>('csp.report_only'), | 127 | REPORT_ONLY: config.get<boolean>('csp.report_only'), |
| 128 | REPORT_URI: config.get<boolean>('csp.report_uri') | 128 | REPORT_URI: config.get<string>('csp.report_uri') |
| 129 | }, | 129 | }, |
| 130 | TRACKER: { | 130 | TRACKER: { |
| 131 | ENABLED: config.get<boolean>('tracker.enabled'), | 131 | ENABLED: config.get<boolean>('tracker.enabled'), |
diff --git a/server/initializers/constants.ts b/server/initializers/constants.ts index c26c3a88c..171e9e9c2 100644 --- a/server/initializers/constants.ts +++ b/server/initializers/constants.ts | |||
| @@ -545,8 +545,8 @@ const STATIC_DOWNLOAD_PATHS = { | |||
| 545 | } | 545 | } |
| 546 | const LAZY_STATIC_PATHS = { | 546 | const LAZY_STATIC_PATHS = { |
| 547 | AVATARS: '/lazy-static/avatars/', | 547 | AVATARS: '/lazy-static/avatars/', |
| 548 | PREVIEWS: '/static/previews/', | 548 | PREVIEWS: '/lazy-static/previews/', |
| 549 | VIDEO_CAPTIONS: '/static/video-captions/' | 549 | VIDEO_CAPTIONS: '/lazy-static/video-captions/' |
| 550 | } | 550 | } |
| 551 | 551 | ||
| 552 | // Cache control | 552 | // Cache control |
diff --git a/server/lib/client-html.ts b/server/lib/client-html.ts index 9f668dedb..926d6e93f 100644 --- a/server/lib/client-html.ts +++ b/server/lib/client-html.ts | |||
| @@ -173,8 +173,6 @@ export class ClientHtml { | |||
| 173 | 173 | ||
| 174 | static async getEmbedHTML () { | 174 | static async getEmbedHTML () { |
| 175 | const path = ClientHtml.getEmbedPath() | 175 | const path = ClientHtml.getEmbedPath() |
| 176 | console.log('coucu') | ||
| 177 | console.log(path) | ||
| 178 | 176 | ||
| 179 | if (ClientHtml.htmlCache[path]) return ClientHtml.htmlCache[path] | 177 | if (ClientHtml.htmlCache[path]) return ClientHtml.htmlCache[path] |
| 180 | 178 | ||
diff --git a/server/middlewares/csp.ts b/server/middlewares/csp.ts index f5de69603..0ee44bf47 100644 --- a/server/middlewares/csp.ts +++ b/server/middlewares/csp.ts | |||
| @@ -19,18 +19,16 @@ const baseDirectives = Object.assign({}, | |||
| 19 | workerSrc: [ '\'self\'', 'blob:' ] // instead of deprecated child-src | 19 | workerSrc: [ '\'self\'', 'blob:' ] // instead of deprecated child-src |
| 20 | }, | 20 | }, |
| 21 | CONFIG.CSP.REPORT_URI ? { reportUri: CONFIG.CSP.REPORT_URI } : {}, | 21 | CONFIG.CSP.REPORT_URI ? { reportUri: CONFIG.CSP.REPORT_URI } : {}, |
| 22 | CONFIG.WEBSERVER.SCHEME === 'https' ? { upgradeInsecureRequests: true } : {} | 22 | CONFIG.WEBSERVER.SCHEME === 'https' ? { upgradeInsecureRequests: [] } : {} |
| 23 | ) | 23 | ) |
| 24 | 24 | ||
| 25 | const baseCSP = helmet.contentSecurityPolicy({ | 25 | const baseCSP = helmet.contentSecurityPolicy({ |
| 26 | directives: baseDirectives, | 26 | directives: baseDirectives, |
| 27 | browserSniff: false, | ||
| 28 | reportOnly: CONFIG.CSP.REPORT_ONLY | 27 | reportOnly: CONFIG.CSP.REPORT_ONLY |
| 29 | }) | 28 | }) |
| 30 | 29 | ||
| 31 | const embedCSP = helmet.contentSecurityPolicy({ | 30 | const embedCSP = helmet.contentSecurityPolicy({ |
| 32 | directives: Object.assign({}, baseDirectives, { frameAncestors: [ '*' ] }), | 31 | directives: Object.assign({}, baseDirectives, { frameAncestors: [ '*' ] }), |
| 33 | browserSniff: false, // assumes a modern browser, but allows CDN in front | ||
| 34 | reportOnly: CONFIG.CSP.REPORT_ONLY | 32 | reportOnly: CONFIG.CSP.REPORT_ONLY |
| 35 | }) | 33 | }) |
| 36 | 34 | ||
diff --git a/server/middlewares/validators/videos/videos.ts b/server/middlewares/validators/videos/videos.ts index 40a34d3b8..b022b2c23 100644 --- a/server/middlewares/validators/videos/videos.ts +++ b/server/middlewares/validators/videos/videos.ts | |||
| @@ -1,6 +1,9 @@ | |||
| 1 | import * as express from 'express' | 1 | import * as express from 'express' |
| 2 | import { body, param, query, ValidationChain } from 'express-validator' | 2 | import { body, param, query, ValidationChain } from 'express-validator' |
| 3 | import { UserRight, VideoChangeOwnershipStatus, VideoPrivacy } from '../../../../shared' | 3 | import { getServerActor } from '@server/models/application/application' |
| 4 | import { MVideoFullLight } from '@server/types/models' | ||
| 5 | import { ServerErrorCode, UserRight, VideoChangeOwnershipStatus, VideoPrivacy } from '../../../../shared' | ||
| 6 | import { VideoChangeOwnershipAccept } from '../../../../shared/models/videos/video-change-ownership-accept.model' | ||
| 4 | import { | 7 | import { |
| 5 | isBooleanValid, | 8 | isBooleanValid, |
| 6 | isDateValid, | 9 | isDateValid, |
| @@ -12,6 +15,8 @@ import { | |||
| 12 | toIntOrNull, | 15 | toIntOrNull, |
| 13 | toValueOrNull | 16 | toValueOrNull |
| 14 | } from '../../../helpers/custom-validators/misc' | 17 | } from '../../../helpers/custom-validators/misc' |
| 18 | import { isNSFWQueryValid, isNumberArray, isStringArray } from '../../../helpers/custom-validators/search' | ||
| 19 | import { checkUserCanTerminateOwnershipChange, doesChangeVideoOwnershipExist } from '../../../helpers/custom-validators/video-ownership' | ||
| 15 | import { | 20 | import { |
| 16 | isScheduleVideoUpdatePrivacyValid, | 21 | isScheduleVideoUpdatePrivacyValid, |
| 17 | isVideoCategoryValid, | 22 | isVideoCategoryValid, |
| @@ -27,29 +32,24 @@ import { | |||
| 27 | isVideoSupportValid, | 32 | isVideoSupportValid, |
| 28 | isVideoTagsValid | 33 | isVideoTagsValid |
| 29 | } from '../../../helpers/custom-validators/videos' | 34 | } from '../../../helpers/custom-validators/videos' |
| 35 | import { cleanUpReqFiles } from '../../../helpers/express-utils' | ||
| 30 | import { getDurationFromVideoFile } from '../../../helpers/ffmpeg-utils' | 36 | import { getDurationFromVideoFile } from '../../../helpers/ffmpeg-utils' |
| 31 | import { logger } from '../../../helpers/logger' | 37 | import { logger } from '../../../helpers/logger' |
| 32 | import { CONSTRAINTS_FIELDS, OVERVIEWS } from '../../../initializers/constants' | ||
| 33 | import { authenticatePromiseIfNeeded } from '../../oauth' | ||
| 34 | import { areValidationErrors } from '../utils' | ||
| 35 | import { cleanUpReqFiles } from '../../../helpers/express-utils' | ||
| 36 | import { VideoModel } from '../../../models/video/video' | ||
| 37 | import { checkUserCanTerminateOwnershipChange, doesChangeVideoOwnershipExist } from '../../../helpers/custom-validators/video-ownership' | ||
| 38 | import { VideoChangeOwnershipAccept } from '../../../../shared/models/videos/video-change-ownership-accept.model' | ||
| 39 | import { AccountModel } from '../../../models/account/account' | ||
| 40 | import { isNSFWQueryValid, isNumberArray, isStringArray } from '../../../helpers/custom-validators/search' | ||
| 41 | import { CONFIG } from '../../../initializers/config' | ||
| 42 | import { isLocalVideoAccepted } from '../../../lib/moderation' | ||
| 43 | import { Hooks } from '../../../lib/plugins/hooks' | ||
| 44 | import { | 38 | import { |
| 45 | checkUserCanManageVideo, | 39 | checkUserCanManageVideo, |
| 46 | doesVideoChannelOfAccountExist, | 40 | doesVideoChannelOfAccountExist, |
| 47 | doesVideoExist, | 41 | doesVideoExist, |
| 48 | doesVideoFileOfVideoExist | 42 | doesVideoFileOfVideoExist |
| 49 | } from '../../../helpers/middlewares' | 43 | } from '../../../helpers/middlewares' |
| 50 | import { MVideoFullLight } from '@server/types/models' | ||
| 51 | import { getVideoWithAttributes } from '../../../helpers/video' | 44 | import { getVideoWithAttributes } from '../../../helpers/video' |
| 52 | import { getServerActor } from '@server/models/application/application' | 45 | import { CONFIG } from '../../../initializers/config' |
| 46 | import { CONSTRAINTS_FIELDS, OVERVIEWS } from '../../../initializers/constants' | ||
| 47 | import { isLocalVideoAccepted } from '../../../lib/moderation' | ||
| 48 | import { Hooks } from '../../../lib/plugins/hooks' | ||
| 49 | import { AccountModel } from '../../../models/account/account' | ||
| 50 | import { VideoModel } from '../../../models/video/video' | ||
| 51 | import { authenticatePromiseIfNeeded } from '../../oauth' | ||
| 52 | import { areValidationErrors } from '../utils' | ||
| 53 | 53 | ||
| 54 | const videosAddValidator = getCommonVideoEditAttributes().concat([ | 54 | const videosAddValidator = getCommonVideoEditAttributes().concat([ |
| 55 | body('videofile') | 55 | body('videofile') |
| @@ -148,7 +148,9 @@ async function checkVideoFollowConstraints (req: express.Request, res: express.R | |||
| 148 | 148 | ||
| 149 | return res.status(403) | 149 | return res.status(403) |
| 150 | .json({ | 150 | .json({ |
| 151 | error: 'Cannot get this video regarding follow constraints.' | 151 | errorCode: ServerErrorCode.DOES_NOT_RESPECT_FOLLOW_CONSTRAINTS, |
| 152 | error: 'Cannot get this video regarding follow constraints.', | ||
| 153 | originUrl: video.url | ||
| 152 | }) | 154 | }) |
| 153 | } | 155 | } |
| 154 | 156 | ||
diff --git a/server/tests/api/server/follows.ts b/server/tests/api/server/follows.ts index 1ae1adb2d..9233a210b 100644 --- a/server/tests/api/server/follows.ts +++ b/server/tests/api/server/follows.ts | |||
| @@ -558,7 +558,7 @@ describe('Test follows', function () { | |||
| 558 | const caption1: VideoCaption = res.body.data[0] | 558 | const caption1: VideoCaption = res.body.data[0] |
| 559 | expect(caption1.language.id).to.equal('ar') | 559 | expect(caption1.language.id).to.equal('ar') |
| 560 | expect(caption1.language.label).to.equal('Arabic') | 560 | expect(caption1.language.label).to.equal('Arabic') |
| 561 | expect(caption1.captionPath).to.equal('/static/video-captions/' + video4.uuid + '-ar.vtt') | 561 | expect(caption1.captionPath).to.equal('/lazy-static/video-captions/' + video4.uuid + '-ar.vtt') |
| 562 | await testCaptionFile(servers[0].url, caption1.captionPath, 'Subtitle good 2.') | 562 | await testCaptionFile(servers[0].url, caption1.captionPath, 'Subtitle good 2.') |
| 563 | }) | 563 | }) |
| 564 | 564 | ||
diff --git a/server/tests/api/server/services.ts b/server/tests/api/server/services.ts index 897f37c04..680e7a817 100644 --- a/server/tests/api/server/services.ts +++ b/server/tests/api/server/services.ts | |||
| @@ -70,7 +70,7 @@ describe('Test services', function () { | |||
| 70 | const expectedHtml = '<iframe width="560" height="315" sandbox="allow-same-origin allow-scripts" ' + | 70 | const expectedHtml = '<iframe width="560" height="315" sandbox="allow-same-origin allow-scripts" ' + |
| 71 | `src="http://localhost:${server.port}/videos/embed/${server.video.uuid}" ` + | 71 | `src="http://localhost:${server.port}/videos/embed/${server.video.uuid}" ` + |
| 72 | 'frameborder="0" allowfullscreen></iframe>' | 72 | 'frameborder="0" allowfullscreen></iframe>' |
| 73 | const expectedThumbnailUrl = 'http://localhost:' + server.port + '/static/previews/' + server.video.uuid + '.jpg' | 73 | const expectedThumbnailUrl = 'http://localhost:' + server.port + '/lazy-static/previews/' + server.video.uuid + '.jpg' |
| 74 | 74 | ||
| 75 | expect(res.body.html).to.equal(expectedHtml) | 75 | expect(res.body.html).to.equal(expectedHtml) |
| 76 | expect(res.body.title).to.equal(server.video.name) | 76 | expect(res.body.title).to.equal(server.video.name) |
diff --git a/server/tests/api/videos/video-captions.ts b/server/tests/api/videos/video-captions.ts index b4ecb39f4..00e04d69d 100644 --- a/server/tests/api/videos/video-captions.ts +++ b/server/tests/api/videos/video-captions.ts | |||
| @@ -83,13 +83,13 @@ describe('Test video captions', function () { | |||
| 83 | const caption1: VideoCaption = res.body.data[0] | 83 | const caption1: VideoCaption = res.body.data[0] |
| 84 | expect(caption1.language.id).to.equal('ar') | 84 | expect(caption1.language.id).to.equal('ar') |
| 85 | expect(caption1.language.label).to.equal('Arabic') | 85 | expect(caption1.language.label).to.equal('Arabic') |
| 86 | expect(caption1.captionPath).to.equal('/static/video-captions/' + videoUUID + '-ar.vtt') | 86 | expect(caption1.captionPath).to.equal('/lazy-static/video-captions/' + videoUUID + '-ar.vtt') |
| 87 | await testCaptionFile(server.url, caption1.captionPath, 'Subtitle good 1.') | 87 | await testCaptionFile(server.url, caption1.captionPath, 'Subtitle good 1.') |
| 88 | 88 | ||
| 89 | const caption2: VideoCaption = res.body.data[1] | 89 | const caption2: VideoCaption = res.body.data[1] |
| 90 | expect(caption2.language.id).to.equal('zh') | 90 | expect(caption2.language.id).to.equal('zh') |
| 91 | expect(caption2.language.label).to.equal('Chinese') | 91 | expect(caption2.language.label).to.equal('Chinese') |
| 92 | expect(caption2.captionPath).to.equal('/static/video-captions/' + videoUUID + '-zh.vtt') | 92 | expect(caption2.captionPath).to.equal('/lazy-static/video-captions/' + videoUUID + '-zh.vtt') |
| 93 | await testCaptionFile(server.url, caption2.captionPath, 'Subtitle good 2.') | 93 | await testCaptionFile(server.url, caption2.captionPath, 'Subtitle good 2.') |
| 94 | } | 94 | } |
| 95 | }) | 95 | }) |
| @@ -117,7 +117,7 @@ describe('Test video captions', function () { | |||
| 117 | const caption1: VideoCaption = res.body.data[0] | 117 | const caption1: VideoCaption = res.body.data[0] |
| 118 | expect(caption1.language.id).to.equal('ar') | 118 | expect(caption1.language.id).to.equal('ar') |
| 119 | expect(caption1.language.label).to.equal('Arabic') | 119 | expect(caption1.language.label).to.equal('Arabic') |
| 120 | expect(caption1.captionPath).to.equal('/static/video-captions/' + videoUUID + '-ar.vtt') | 120 | expect(caption1.captionPath).to.equal('/lazy-static/video-captions/' + videoUUID + '-ar.vtt') |
| 121 | await testCaptionFile(server.url, caption1.captionPath, 'Subtitle good 2.') | 121 | await testCaptionFile(server.url, caption1.captionPath, 'Subtitle good 2.') |
| 122 | } | 122 | } |
| 123 | }) | 123 | }) |
| @@ -148,7 +148,7 @@ describe('Test video captions', function () { | |||
| 148 | const caption1: VideoCaption = res.body.data[0] | 148 | const caption1: VideoCaption = res.body.data[0] |
| 149 | expect(caption1.language.id).to.equal('ar') | 149 | expect(caption1.language.id).to.equal('ar') |
| 150 | expect(caption1.language.label).to.equal('Arabic') | 150 | expect(caption1.language.label).to.equal('Arabic') |
| 151 | expect(caption1.captionPath).to.equal('/static/video-captions/' + videoUUID + '-ar.vtt') | 151 | expect(caption1.captionPath).to.equal('/lazy-static/video-captions/' + videoUUID + '-ar.vtt') |
| 152 | 152 | ||
| 153 | const expected = 'WEBVTT FILE\r\n' + | 153 | const expected = 'WEBVTT FILE\r\n' + |
| 154 | '\r\n' + | 154 | '\r\n' + |
| @@ -185,7 +185,7 @@ describe('Test video captions', function () { | |||
| 185 | 185 | ||
| 186 | expect(caption.language.id).to.equal('zh') | 186 | expect(caption.language.id).to.equal('zh') |
| 187 | expect(caption.language.label).to.equal('Chinese') | 187 | expect(caption.language.label).to.equal('Chinese') |
| 188 | expect(caption.captionPath).to.equal('/static/video-captions/' + videoUUID + '-zh.vtt') | 188 | expect(caption.captionPath).to.equal('/lazy-static/video-captions/' + videoUUID + '-zh.vtt') |
| 189 | await testCaptionFile(server.url, caption.captionPath, 'Subtitle good 2.') | 189 | await testCaptionFile(server.url, caption.captionPath, 'Subtitle good 2.') |
| 190 | } | 190 | } |
| 191 | }) | 191 | }) |
diff --git a/server/tests/api/videos/video-imports.ts b/server/tests/api/videos/video-imports.ts index efda4fc7b..8d19a4274 100644 --- a/server/tests/api/videos/video-imports.ts +++ b/server/tests/api/videos/video-imports.ts | |||
| @@ -123,7 +123,7 @@ describe('Test video imports', function () { | |||
| 123 | const res = await importVideo(servers[0].url, servers[0].accessToken, attributes) | 123 | const res = await importVideo(servers[0].url, servers[0].accessToken, attributes) |
| 124 | expect(res.body.video.name).to.equal('small video - youtube') | 124 | expect(res.body.video.name).to.equal('small video - youtube') |
| 125 | expect(res.body.video.thumbnailPath).to.equal(`/static/thumbnails/${res.body.video.uuid}.jpg`) | 125 | expect(res.body.video.thumbnailPath).to.equal(`/static/thumbnails/${res.body.video.uuid}.jpg`) |
| 126 | expect(res.body.video.previewPath).to.equal(`/static/previews/${res.body.video.uuid}.jpg`) | 126 | expect(res.body.video.previewPath).to.equal(`/lazy-static/previews/${res.body.video.uuid}.jpg`) |
| 127 | await testImage(servers[0].url, 'video_import_thumbnail', res.body.video.thumbnailPath) | 127 | await testImage(servers[0].url, 'video_import_thumbnail', res.body.video.thumbnailPath) |
| 128 | await testImage(servers[0].url, 'video_import_preview', res.body.video.previewPath) | 128 | await testImage(servers[0].url, 'video_import_preview', res.body.video.previewPath) |
| 129 | 129 | ||
| @@ -134,7 +134,7 @@ describe('Test video imports', function () { | |||
| 134 | const enCaption = videoCaptions.find(caption => caption.language.id === 'en') | 134 | const enCaption = videoCaptions.find(caption => caption.language.id === 'en') |
| 135 | expect(enCaption).to.exist | 135 | expect(enCaption).to.exist |
| 136 | expect(enCaption.language.label).to.equal('English') | 136 | expect(enCaption.language.label).to.equal('English') |
| 137 | expect(enCaption.captionPath).to.equal(`/static/video-captions/${res.body.video.uuid}-en.vtt`) | 137 | expect(enCaption.captionPath).to.equal(`/lazy-static/video-captions/${res.body.video.uuid}-en.vtt`) |
| 138 | await testCaptionFile(servers[0].url, enCaption.captionPath, `WEBVTT | 138 | await testCaptionFile(servers[0].url, enCaption.captionPath, `WEBVTT |
| 139 | Kind: captions | 139 | Kind: captions |
| 140 | Language: en | 140 | Language: en |
| @@ -151,7 +151,7 @@ Adding subtitles is very easy to do`) | |||
| 151 | const frCaption = videoCaptions.find(caption => caption.language.id === 'fr') | 151 | const frCaption = videoCaptions.find(caption => caption.language.id === 'fr') |
| 152 | expect(frCaption).to.exist | 152 | expect(frCaption).to.exist |
| 153 | expect(frCaption.language.label).to.equal('French') | 153 | expect(frCaption.language.label).to.equal('French') |
| 154 | expect(frCaption.captionPath).to.equal(`/static/video-captions/${res.body.video.uuid}-fr.vtt`) | 154 | expect(frCaption.captionPath).to.equal(`/lazy-static/video-captions/${res.body.video.uuid}-fr.vtt`) |
| 155 | await testCaptionFile(servers[0].url, frCaption.captionPath, `WEBVTT | 155 | await testCaptionFile(servers[0].url, frCaption.captionPath, `WEBVTT |
| 156 | Kind: captions | 156 | Kind: captions |
| 157 | Language: fr | 157 | Language: fr |