Force Login Plugin

Hi there @Chocobozzz & @JohnLivingston ,

I am developing a plugin to restrict all the content for unauthorized users including the various pages public, private and internal videos so that only the authorized user will be able to use PeerTube as regular. In order to verify authorization, the access_token from LocalStorage (Browser) is used. And to redirect unauthorized user to the login page i have used the client hook

'action:router:navigation-end'

I have already developed this pluginand tested it in local environment. I works as expected. So, if I can get more insights regarding this, then it will be a lot helpful.

Have you a public repository where we can see the code?

Of course Sir, Here is my code repository. Smile Kisan / peertube-plugin-force-login · GitLab

@Chocobozzz & @JohnLivingston
I have tested the above plugin in my local development environment. For the production, I have used the v3.4.0 docker image of PeerTube and I would like to test this plugin in my production server before publishing in NPM package. Can you please share some info how can i test this sample plugin in the production server without publishing it.

I’m a bit in a hurry, so short answer:

rsync -az --delete-after /home/john/dev/peertube-plugin-livechat/ your.peertube.server.tld:/tmp/peertube-plugin-livechat/
ssh your.peertube.server.tld 'cd /home/john/PeerTube/ && node ./dist/server/tools/peertube.js plugins uninstall --npm-name peertube-plugin-livechat'
ssh your.peertube.server.tld 'cd /home/john/PeerTube/ && node ./dist/server/tools/peertube.js plugins install --path /tmp/peertube-plugin-livechat/'

pre requisite: having the peertube cli installed in the folder /home/john/Peertube of your server (of course, replace «john» by your user name).
And you have to authenticate the cli on your instance (check the documentation)

@JohnLivingston , I have deployed the PeerTube using the Docker image from official site. Is there any way i can check the local plugin in peertube production released using Docker image?

I don’t know. I’m not using Docker, and I don’t know how it works.

I just checked your plugin code. You have to be aware that this plugin is not really secure:

  • it does not check that the token is valid. So a user can add manually a random token in local storage to bypass the plugin verification
  • the verification is on front-end, it can be bypassed if using debugging tools
  • verification happens to late. All API call will be done, and data will be available in debuggin tools.
  • API are not protected, so it can still be possible to do API call to retrieve data and videos
  • video can be downloaded by guessing their links
  • mobile applications will still be able to browser your instance (because they use only API call, and not the front-end code)
  • and probably many more

I think a better approach would be to force the setting «privacy» to «internal» for all videos.

I was thinking of validating access_token field but i see the token is being generated using client id, client secret key, username & password. Using these 4 fields, the token is dynamically generated.

Is there a way to validate access_token using cliend id & client secret only or Is there any other way that you can suggest me to make the plugin secure without changing anything in the database?

Again, your approach is absolutely not secure (see points I listed above).
You will think your instance is protected, but there will be many way to access the content (mobile clients, federation, …).

To respond to your last question, the only way to validate the token is to test it on the backend. Here are the steps to do:

  • add a backend route PeerTube documentation
  • your route can use a code similar to this : const user = await peertubeHelpers.user.getAuthUser(res); res.json({loggedin: !!user})
  • on the front-end, make a request to this route (see PeerTube documentation for an example)
  • the result will be a JSON object, with a key loggedin that will be false if user is authenticated.

But again, and I insist. This will not prevent access to your content for anonymous users. It will seem to work for you, when using a browser on your instance. But there will be many legit ways to bypass. Peertube is meant to be open and federated. Peertube is not - by design - a private video service.

What is the functionnal reason for this plugin? Secure a server content, or just encourage users to log in?

The functional reason is to protect the server content from unknown users. I will continue as you suggested and consult if there is any progress. :slight_smile: Thank you sir

Also, I don’t know if i should open a new topic or continue on this.
When i share link of video or iframe, I wanted only the authroized users to see the content and if not authorized redirect to login page. I thought, i will use the video client hook but looks like when i open the embedded link, the video doesn’t hit any client hook and start to play directly. Can you share some insights on this? Also, why can i see the private or internal video on other platforms?

Plugins are not active for iframes. And there is no login form in iframes.
You can’t protect iframes content. Peertube is designed so: if you embed a video, it means you want to show the video.

You are on the wrong way to protect your content. Your frontend solution will not work. Read my previous answers. If you don’t understand a point, ask for clarification. But don’t continue on this solution, you will only waste time.

A possible solution would be to force the privacy settings for all video (i already told this above). I’m not sure it is possible, but it might be.

If you want a proof that your solution does not what you want: install the Thorium app on android. It is a mobile Peertube client. Open your instance with. You will see all videos.
This client is using API for browsing the instance. Plugins are not active.

Peertube is meant to be open. It is not a private video server solution. There are simplier software for this.