From 9ab330b90decf4edf152ff8e1d2948c065766b2c Mon Sep 17 00:00:00 2001
From: Chocobozzz <me@florianbigard.com>
Date: Wed, 19 Oct 2022 10:43:53 +0200
Subject: Use private ACL for private videos in s3

---
 server/middlewares/validators/shared/videos.ts | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'server/middlewares/validators/shared')

diff --git a/server/middlewares/validators/shared/videos.ts b/server/middlewares/validators/shared/videos.ts
index c29751eca..ebbfc0a0a 100644
--- a/server/middlewares/validators/shared/videos.ts
+++ b/server/middlewares/validators/shared/videos.ts
@@ -111,7 +111,7 @@ async function checkCanSeeVideo (options: {
 }) {
   const { req, res, video, paramId } = options
 
-  if (video.requiresAuth(paramId)) {
+  if (video.requiresAuth({ urlParamId: paramId, checkBlacklist: true })) {
     return checkCanSeeAuthVideo(req, res, video)
   }
 
@@ -174,13 +174,13 @@ async function checkCanAccessVideoStaticFiles (options: {
   res: Response
   paramId: string
 }) {
-  const { video, req, res, paramId } = options
+  const { video, req, res } = options
 
   if (res.locals.oauth?.token.User) {
     return checkCanSeeVideo(options)
   }
 
-  if (!video.requiresAuth(paramId)) return true
+  if (!video.hasPrivateStaticPath()) return true
 
   const videoFileToken = req.query.videoFileToken
   if (!videoFileToken) {
-- 
cgit v1.2.3