Hello,
Is there any server hook that provides the logged in user’s informations?
Currently I have found so far is that, there is peertubeHelpers.user.getAuthUser(res) but I have to provide res to the function and the other is action:api.user.oauth2-got-token but it only provides information when a user login using the login process. It doesnot provide any information if a user is already logged in.
Can anyone help me here or I am missing something?
You have to provide res because Peertube’s authentication middlewares are storing the current user Id in res.locals.
See the getAuthUser code:
And the code that stores these data:
Note: res.locals is an ExpressJS mechanism to store data between middlewares, during a single request.
So you have to change your code so you can add res as a parameter. There is no other solution.
I am trying to make the video download functionality available for some users only and for that I have used filter:api.download.video.allowed.result which provides allowed option either true/false to download video.
So, for that I have added some users to my storageManager of plugin. I want to only allow users that are in the list of users from the storageManager. So, in order to check the logged in users with my storageManager's users, I have to get the user details (username) of the logged in user which I am unable to achieve now.
Is it achievable?
Here is my code:
registerHook({
target: 'filter:api.download.video.allowed.result',
handler: async (result: any, params: any) => {
// const loggedInUser = peertubeHelpers.user.getAuthUser(res)
const userList = await storageManager.getData(params.video.dataValues.id)
if (!userList) {
return { allowed: false, errorMessage: 'You are not authorized to download this video.' }
}
if (!userList.includes(loggedInUser.username)) {
return { allowed: false, errorMessage: 'You are not authorized to download this video.' }
}
return result
}
})
Oh sorry, I never realized that hook handlers don’t get expressJS route parameters (I never used backend hooks).
@Chocobozzz , reading the Peertube code, it seems that the current user is not passed to the filter:api.download.video.allowed.result hook. I’m I missing something?
No you’re right, I’ll add it.
@Chocobozzz, do I need to open a feature request on github?
I think all the filter:api handlers should be able to get expressJS route parameters.
I added them in Add req and res to allow download filter hooks · Chocobozzz/PeerTube@b6640fa · GitHub
@Chocobozzz sorry to bother you but it will be useful if req and res are also available in other filter hooks.
Don’t hesitate to create PRs to add them
Hello @Chocobozzz,
I tried to get the user logged in information using the recently added res in the filter:api.download.video.allowed.result but peertubeHelpers.user.getAuthUser(result.res) below is returning undefined.
registerHook({
target: 'filter:api.download.video.allowed.result',
handler: async (params: any, result: any) => {
console.log('res value', result.res.locals)
const loggedInUser = await peertubeHelpers.user.getAuthUser(result.res)
console.log(loggedInUser) //returns undefined always.. no res.locals.oauth
return result
}
})
The result for above res value is
{
"requestStart": 1671444542108,
"authenticated": false,
"videoAll": {
"id": 9,
"uuid": "a36a4eba-8740-4484-b823-24951450bba7",
"name": "videoplayback",
"category": 16,
"licence": 2,
"language": "et",
"privacy": 1,
"nsfw": false,
"description": "update",
"support": null,
"duration": 35,
"views": 3,
"likes": 0,
"dislikes": 0,
"remote": false,
"isLive": false,
"url": "http://localhost:9000/videos/watch/a36a4eba-8740-4484-b823-24951450bba7",
"commentsEnabled": true,
"downloadEnabled": true,
"waitTranscoding": true,
"state": 1,
"publishedAt": "2022-12-02T06:30:28.559Z",
"originallyPublishedAt": null,
"channelId": 1,
"createdAt": "2022-12-02T06:30:24.073Z",
"updatedAt": "2022-12-19T05:16:38.009Z"
}
}
This means that the user is not authenticated. And it is confirmed by the "authenticated": false in res.locals.
Hum… @Chocobozzz, I think we forgot something… The download endpoint is not an API endpoint, so the authentication header is not sent.
How does Peertube v5 tests rights on the download endpoint if the authentication header is not sent??
In V5 we can use a token dedicated to access video files. With this system doesn’t provide the user in the request. I need to check how to still add the user who generated the token inside the request with this new system.
Implemented in Add ability to get user from file token · Chocobozzz/PeerTube@868314e · GitHub
Note that the client doesn’t send a token when the video doesn’t require it (public/unlisted video).