Update nginx config according to upstream

CHANGELOG.md

@@ -294,3 +294,26 @@ Update web browsers support list:
 [2.15.0]
 * Migrate to OIDC login
 
+[2.15.1]
+* Update PeerTube to 6.0.3
+* [Full changelog](https://github.com/Chocobozzz/PeerTube/releases/tag/v6.0.3)
+* Fix HTML meta tags with attributes that contain quotes
+* Fix time parsing resulting in broken video start time in some cases
+* Fix WebTorrent video import crash
+* Reload Discover page on logout
+* Fix privacy error when updating a live, even if the privacy has not changed
+* Fix invalid remote live state change notification that causes the player to reload
+* Don't apply big play button skin to settings menu
+* Fix downloading video files from object storage with some video names (that include emojis, quotes etc)
+
+[2.15.2]
+* Update PeerTube to 6.0.4
+* [Full changelog](https://github.com/Chocobozzz/PeerTube/releases/tag/v6.0.4)
+* Important: Prevent XSS injection in embed. Thanks Syst3m0ver!
+
+[2.16.0]
+* Update PeerTube to 6.1.0
+* [Full changelog](https://github.com/Chocobozzz/PeerTube/releases/tag/v6.1.0)
+* Compact ActivityPub JSON-LD objects before using them to prevent incorrect access control @tesaguri
+* Protect ActivityPub information related to private/internal/blocked videos
+

CloudronManifest.json

@@ -1,6 +1,6 @@
 {
-  "version": "2.15.0",
-  "upstreamVersion": "6.0.2",
+  "version": "2.16.0",
+  "upstreamVersion": "6.1.0",
   "id": "org.joinpeertube.cloudronapp",
   "title": "PeerTube",
   "author": "PeerTube developers",

Dockerfile

@@ -5,7 +5,7 @@ WORKDIR /app/code/server
 
 RUN apt update && apt install -y prosody && rm -rf /var/cache/apt /var/lib/apt/lists
 
-ARG VERSION=6.0.2
+ARG VERSION=6.1.0
 
 # install peertube. the chown is required for some reason for ffmpeg. it fails with EROFS without it when transcoding
 RUN curl -sL https://github.com/Chocobozzz/PeerTube/releases/download/v${VERSION}/peertube-v${VERSION}.tar.xz | tar --strip-components 1 -Jxvf - && \

nginx/peertube.conf

@@ -36,6 +36,13 @@ server {
     try_files /dev/null @api;
   }
 
+  location ~ ^/api/v1/users/[^/]+/imports/import-resumable$ {
+    client_max_body_size    0;
+    proxy_request_buffering off;
+
+    try_files /dev/null @api;
+  }
+
   location ~ ^/api/v1/videos/(upload|([^/]+/studio/edit))$ {
     limit_except POST HEAD { deny all; }
 
@@ -153,7 +160,7 @@ server {
     alias /app/code/server/client/dist/$1;
   }
 
-  location ~ ^(/static/(webseed|web-videos|streaming-playlists)/private/)|^/download {
+  location ~ ^(/static/(webseed|web-videos|streaming-playlists/hls)/private/)|^/download {
     # We can't rate limit a try_files directive, so we need to duplicate @api
 
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

start.sh

@@ -110,6 +110,9 @@ update_config() {
     yq eval "del(.storage.videos)" -i /app/data/production.yaml
     yq eval "del(.transcoding.webtorrent)" -i /app/data/production.yaml
     yq eval ".transcoding.web_videos.enabled = true" -i /app/data/production.yaml
+
+    # changes for 6.1.0
+    yq eval ".storage.original_video_files = \"/app/data/storage/original_video_files/\"" -i /app/data/production.yaml
 }
 
 echo "==> Changing ownership"

test/package.json

@@ -10,11 +10,11 @@
   "license": "ISC",
   "devDependencies": {
     "expect.js": "^0.3.1",
-    "mocha": "^10.2.0"
+    "mocha": "^10.4.0"
   },
   "dependencies": {
-    "chromedriver": "^120.0.1",
+    "chromedriver": "^124.0.1",
     "safetydance": "^2.4.0",
-    "selenium-webdriver": "^4.16.0"
+    "selenium-webdriver": "^4.20.0"
   }
 }

test/test.js

@@ -19,8 +19,6 @@ const execSync = require('child_process').execSync,
     { Builder, By, Key, until } = require('selenium-webdriver'),
     { Options } = require('selenium-webdriver/chrome');
 
-const rl = readlinePromises.createInterface({ input: process.stdin, output: process.stdout });
-
 if (!process.env.USERNAME || !process.env.PASSWORD || !process.env.EMAIL) {
     console.log('USERNAME, EMAIL and PASSWORD env vars need to be set');
     process.exit(1);
@@ -90,12 +88,10 @@ describe('Application life cycle test', function () {
         await browser.sleep(2000);
 
         if (!athenticated_by_oidc) {
-            await waitForElement(By.xpath('//input[@name="username"]'));
-            await browser.findElement(By.xpath('//input[@name="username"]')).sendKeys(username);
-            await browser.findElement(By.xpath('//input[@name="password"]')).sendKeys(password);
-            await browser.sleep(2000);
-            await browser.findElement(By.xpath('//button[@type="submit" and contains(text(), "Sign in")]')).click();
-            await browser.sleep(2000);
+            await waitForElement(By.id('inputUsername'));
+            await browser.findElement(By.id('inputUsername')).sendKeys(username);
+            await browser.findElement(By.id('inputPassword')).sendKeys(password);
+            await browser.findElement(By.id('loginSubmitButton')).click();
 
             athenticated_by_oidc = true;
         }
@@ -106,6 +102,7 @@ describe('Application life cycle test', function () {
     async function closeAccountSetupDialog() {
         await browser.get('https://' + app.fqdn);
 
+        await waitForElement(By.xpath('//span[contains(text(), "show me this anymore")]'));
         await browser.findElement(By.xpath('//span[contains(text(), "show me this anymore")]')).click();
         await browser.findElement(By.xpath('//a[contains(text(), "Set up")]')).click();
         await browser.sleep(3000);
@@ -131,16 +128,19 @@ describe('Application life cycle test', function () {
         if (error) return; // sometimes it doesn't appear, maybe it's cached in local storage
         await browser.findElement(By.xpath('//a[contains(text(), "Configure my instance")]')).click(); // this opens a new window
 
-        let say_cmd = await getOS() == "Darwin" ? "say" : "spd-say";
+        const say_cmd = await getOS() == "Darwin" ? "say" : "spd-say";
         execSync(`${say_cmd} "Close the newly opened configuration tab."`);
 
+        const rl = readlinePromises.createInterface({ input: process.stdin, output: process.stdout });
         await rl.question('Is tab closed? ');
     }
 
     async function uploadVideo() {
-        browser.get('https://' + app.fqdn + '/videos/upload');
-        await browser.sleep(2000);
-        await browser.findElement(By.xpath('//input[@id="videofile" and @type="file"]')).sendKeys(path.resolve(__dirname, './Cloudron Test Video.mp4'));
+        await browser.get(`https://${app.fqdn}/videos/upload#upload`);
+        await browser.sleep(3000);
+        await browser.wait(until.elementLocated(By.id('videofile')), TEST_TIMEOUT); // do not do element visible check . it fails, no clue why
+        await browser.findElement(By.id('videofile')).sendKeys(path.resolve(__dirname, './Cloudron Test Video.mp4'));
+        console.log('waiting 10 seconds for upload');
         await browser.sleep(10000); // wait for upload
 
         await waitForElement(By.xpath('//div[@class="submit-container"]//span[text()="Publish"]'));