From 9ab330b90decf4edf152ff8e1d2948c065766b2c Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Wed, 19 Oct 2022 10:43:53 +0200 Subject: Use private ACL for private videos in s3 --- server/models/video/video-file.ts | 62 +++++++++++++++++++++++++++++++-------- 1 file changed, 49 insertions(+), 13 deletions(-) (limited to 'server/models/video/video-file.ts') diff --git a/server/models/video/video-file.ts b/server/models/video/video-file.ts index 1a608932f..c20c90c1b 100644 --- a/server/models/video/video-file.ts +++ b/server/models/video/video-file.ts @@ -22,7 +22,12 @@ import validator from 'validator' import { logger } from '@server/helpers/logger' import { extractVideo } from '@server/helpers/video' import { buildRemoteVideoBaseUrl } from '@server/lib/activitypub/url' -import { getHLSPublicFileUrl, getWebTorrentPublicFileUrl } from '@server/lib/object-storage' +import { + getHLSPrivateFileUrl, + getHLSPublicFileUrl, + getWebTorrentPrivateFileUrl, + getWebTorrentPublicFileUrl +} from '@server/lib/object-storage' import { getFSTorrentFilePath } from '@server/lib/paths' import { isVideoInPrivateDirectory } from '@server/lib/video-privacy' import { isStreamingPlaylist, MStreamingPlaylistVideo, MVideo, MVideoWithHost } from '@server/types/models' @@ -503,7 +508,25 @@ export class VideoFileModel extends Model return !!this.videoStreamingPlaylistId } - getObjectStorageUrl () { + // --------------------------------------------------------------------------- + + getObjectStorageUrl (video: MVideo) { + if (video.hasPrivateStaticPath()) { + return this.getPrivateObjectStorageUrl(video) + } + + return this.getPublicObjectStorageUrl() + } + + private getPrivateObjectStorageUrl (video: MVideo) { + if (this.isHLS()) { + return getHLSPrivateFileUrl(video, this.filename) + } + + return getWebTorrentPrivateFileUrl(this.filename) + } + + private getPublicObjectStorageUrl () { if (this.isHLS()) { return getHLSPublicFileUrl(this.fileUrl) } @@ -511,26 +534,29 @@ export class VideoFileModel extends Model return getWebTorrentPublicFileUrl(this.fileUrl) } + // --------------------------------------------------------------------------- + getFileUrl (video: MVideo) { - if (this.storage === VideoStorage.OBJECT_STORAGE) { - return this.getObjectStorageUrl() - } + if (video.isOwned()) { + if (this.storage === VideoStorage.OBJECT_STORAGE) { + return this.getObjectStorageUrl(video) + } - if (!this.Video) this.Video = video as VideoModel - if (video.isOwned()) return WEBSERVER.URL + this.getFileStaticPath(video) + return WEBSERVER.URL + this.getFileStaticPath(video) + } return this.fileUrl } + // --------------------------------------------------------------------------- + getFileStaticPath (video: MVideo) { - if (this.isHLS()) { - if (isVideoInPrivateDirectory(video.privacy)) { - return join(STATIC_PATHS.STREAMING_PLAYLISTS.PRIVATE_HLS, video.uuid, this.filename) - } + if (this.isHLS()) return this.getHLSFileStaticPath(video) - return join(STATIC_PATHS.STREAMING_PLAYLISTS.HLS, video.uuid, this.filename) - } + return this.getWebTorrentFileStaticPath(video) + } + private getWebTorrentFileStaticPath (video: MVideo) { if (isVideoInPrivateDirectory(video.privacy)) { return join(STATIC_PATHS.PRIVATE_WEBSEED, this.filename) } @@ -538,6 +564,16 @@ export class VideoFileModel extends Model return join(STATIC_PATHS.WEBSEED, this.filename) } + private getHLSFileStaticPath (video: MVideo) { + if (isVideoInPrivateDirectory(video.privacy)) { + return join(STATIC_PATHS.STREAMING_PLAYLISTS.PRIVATE_HLS, video.uuid, this.filename) + } + + return join(STATIC_PATHS.STREAMING_PLAYLISTS.HLS, video.uuid, this.filename) + } + + // --------------------------------------------------------------------------- + getFileDownloadUrl (video: MVideoWithHost) { const path = this.isHLS() ? join(STATIC_DOWNLOAD_PATHS.HLS_VIDEOS, `${video.uuid}-${this.resolution}-fragmented${this.extname}`) -- cgit v1.2.3