From 868314e8bf6bcc325b0fea35887071ef0614a46d Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Tue, 20 Dec 2022 09:15:49 +0100 Subject: Add ability to get user from file token --- server/middlewares/validators/shared/videos.ts | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) (limited to 'server/middlewares/validators/shared/videos.ts') diff --git a/server/middlewares/validators/shared/videos.ts b/server/middlewares/validators/shared/videos.ts index ebbfc0a0a..0033a32ff 100644 --- a/server/middlewares/validators/shared/videos.ts +++ b/server/middlewares/validators/shared/videos.ts @@ -180,18 +180,16 @@ async function checkCanAccessVideoStaticFiles (options: { return checkCanSeeVideo(options) } - if (!video.hasPrivateStaticPath()) return true - const videoFileToken = req.query.videoFileToken - if (!videoFileToken) { - res.sendStatus(HttpStatusCode.FORBIDDEN_403) - return false - } + if (videoFileToken && VideoTokensManager.Instance.hasToken({ token: videoFileToken, videoUUID: video.uuid })) { + const user = VideoTokensManager.Instance.getUserFromToken({ token: videoFileToken }) - if (VideoTokensManager.Instance.hasToken({ token: videoFileToken, videoUUID: video.uuid })) { + res.locals.videoFileToken = { user } return true } + if (!video.hasPrivateStaticPath()) return true + res.sendStatus(HttpStatusCode.FORBIDDEN_403) return false } -- cgit v1.2.3