mirrors/PeerTube
1
0
Fork 0
mirror of https://github.com/Chocobozzz/PeerTube.git synced 2024-05-02 21:18:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix nginx serving private hls files

Browse source
This commit is contained in:
Chocobozzz 2024-01-18 09:09:23 +01:00
parent 04a0ed13b4
commit 12ea8f0dd1
No known key found for this signature in database
GPG key ID: 583A612D890159BE
3 changed files with 44 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

42
packages/tests/src/nginx.ts Normal file
View file

@ -0,0 +1,42 @@
/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
import { HttpStatusCode } from '@peertube/peertube-models'
import {
makeRawRequest
} from '@peertube/peertube-server-commands'
describe('Test nginx', function () {
it('Should serve public HLS/web video files', async function () {
const urls = [
// eslint-disable-next-line max-len
'https://peertube2.cpy.re/static/streaming-playlists/hls/85c8e811-3eb7-4823-8dc5-3c268b6dad60/efad77e7-805d-4b20-8bc9-6e99cee38b20-240-fragmented.mp4',
// eslint-disable-next-line max-len
'https://peertube2.cpy.re/static/streaming-playlists/hls/85c8e811-3eb7-4823-8dc5-3c268b6dad60/1afbabfa-5f16-452e-8165-fe9a9a21cdb2-master.m3u8',
// eslint-disable-next-line max-len
'https://peertube2.cpy.re/static/streaming-playlists/hls/85c8e811-3eb7-4823-8dc5-3c268b6dad60/efad77e7-805d-4b20-8bc9-6e99cee38b20-240.m3u8'
]
for (const url of urls) {
await makeRawRequest({ url, expectedStatus: HttpStatusCode.OK_200 })
}
})
it('Should not serve private HLS/web video files', async function () {
const urls = [
// eslint-disable-next-line max-len
'https://peertube2.cpy.re/static/streaming-playlists/hls/private/72f0e8ee-84b9-44b1-9202-3e72ee7f1b65/531f27fe-bb86-42ed-9cf1-eb5bffc4a609-master.m3u8',
// eslint-disable-next-line max-len
'https://peertube2.cpy.re/static/streaming-playlists/hls/private/72f0e8ee-84b9-44b1-9202-3e72ee7f1b65/057dbf01-0557-414c-a546-a1cc82ac5d99-480.m3u8',
// eslint-disable-next-line max-len
'https://peertube2.cpy.re/static/streaming-playlists/hls/private/72f0e8ee-84b9-44b1-9202-3e72ee7f1b65/c9ef3aa7-5ab6-41c5-91c2-058c50a70c3c-segments-sha256.json',
// eslint-disable-next-line max-len
'https://peertube2.cpy.re/static/streaming-playlists/hls/private/72f0e8ee-84b9-44b1-9202-3e72ee7f1b65/057dbf01-0557-414c-a546-a1cc82ac5d99-480-fragmented.mp4',
'https://peertube2.cpy.re/static/web-videos/private/72f0e8ee-84b9-44b1-9202-3e72ee7f1b65-480.mp4'
]
for (const url of urls) {
await makeRawRequest({ url, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
}
})
})

2
scripts/ci.sh
View file

@ -59,7 +59,7 @@ elif [ "$1" = "client" ]; then
feedsFiles=$(findTestFiles ./packages/tests/dist/feeds)
clientFiles=$(findTestFiles ./packages/tests/dist/client)
miscFiles="./packages/tests/dist/misc-endpoints.js"
miscFiles="./packages/tests/dist/misc-endpoints.js ./packages/tests/dist/nginx.js"
# Not in their own task, they need an index.html
pluginFiles="./packages/tests/dist/plugins/html-injection.js ./packages/tests/dist/api/server/plugins.js"

2
support/nginx/peertube
View file

@ -199,7 +199,7 @@ server {
alias /var/www/peertube/peertube-latest/client/dist/$1;
}
location ~ ^(/static/(webseed|web-videos|streaming-playlists)/private/)|^/download {
location ~ ^(/static/(webseed|web-videos|streaming-playlists/hls)/private/)|^/download {
# We can't rate limit a try_files directive, so we need to duplicate @api
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;