From 020d3d3d79338148873cfd78ba59856f63260f2f Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Wed, 10 Nov 2021 09:42:37 +0100 Subject: Remove resumable cache after upload success --- server/middlewares/validators/videos/videos.ts | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) (limited to 'server/middlewares') diff --git a/server/middlewares/validators/videos/videos.ts b/server/middlewares/validators/videos/videos.ts index 5f1234379..53643635c 100644 --- a/server/middlewares/validators/videos/videos.ts +++ b/server/middlewares/validators/videos/videos.ts @@ -103,6 +103,22 @@ const videosAddLegacyValidator = getCommonVideoEditAttributes().concat([ } ]) +const videosResumableUploadIdValidator = [ + (req: express.Request, res: express.Response, next: express.NextFunction) => { + const user = res.locals.oauth.token.User + const uploadId = req.query.upload_id + + if (uploadId.startsWith(user.id + '-') !== true) { + return res.fail({ + status: HttpStatusCode.FORBIDDEN_403, + message: 'You cannot send chunks in another user upload' + }) + } + + return next() + } +] + /** * Gets called after the last PUT request */ @@ -110,7 +126,7 @@ const videosAddResumableValidator = [ async (req: express.Request, res: express.Response, next: express.NextFunction) => { const user = res.locals.oauth.token.User const body: express.CustomUploadXFile = req.body - const file = { ...body, duration: undefined, path: getResumableUploadPath(body.id), filename: body.metadata.filename } + const file = { ...body, duration: undefined, path: getResumableUploadPath(body.name), filename: body.metadata.filename } const cleanup = () => deleteFileAndCatch(file.path) const uploadId = req.query.upload_id @@ -552,6 +568,7 @@ export { videosAddLegacyValidator, videosAddResumableValidator, videosAddResumableInitValidator, + videosResumableUploadIdValidator, videosUpdateValidator, videosGetValidator, -- cgit v1.2.3