Fixed bugs that prevented subscription videos from being downloaded and non-users from accessing shared videos

2026-04-08 23:21:28 +03:00 · 2020-09-26 00:29:13 -04:00
parent 96cf1b87d1
commit 10922fedd7
4 changed files with 6 additions and 6 deletions
--- a/backend/app.js
+++ b/backend/app.js
@@ -2530,9 +2530,9 @@ app.post('/api/downloadFile', optionalJwt, async (req, res) => {
        let base_path = fileFolderPath;
        let usersFileFolder = null;
        const multiUserMode = config_api.getConfigItem('ytdl_multi_user_mode');
-        if (multiUserMode && req.body.uuid) {
+        if (multiUserMode && (req.body.uuid || req.user.uid)) {
            usersFileFolder = config_api.getConfigItem('ytdl_users_base_path');
-            base_path = path.join(usersFileFolder, req.body.uuid, type);
+            base_path = path.join(usersFileFolder, req.body.uuid ? req.body.uuid : req.user.uid, type);
        }
        if (!subscriptionName) {
            file = path.join(__dirname, base_path, fileNames + ext);
@@ -2550,7 +2550,7 @@ app.post('/api/downloadFile', optionalJwt, async (req, res) => {
            fileNames[i] = decodeURIComponent(fileNames[i]);
        }
        file = await createPlaylistZipFile(fileNames, type, outputName, fullPathProvided, req.body.uuid);
-        file = path.join(__dirname, file);
+        if (!path.isAbsolute(file)) file = path.join(__dirname, file);
    }
    res.sendFile(file, function (err) {
        if (err) {
--- a/backend/authentication/auth.js
+++ b/backend/authentication/auth.js
@@ -297,7 +297,7 @@ exports.getUserVideo = function(user_uid, file_uid, type, requireSharing = false
  if (!file && type) file = users_db.get('users').find({uid: user_uid}).get(`files.${type}`).find({uid: file_uid}).value();

  // prevent unauthorized users from accessing the file info
-  if (requireSharing && !file['sharingEnabled']) file = null;
+  if (file && !file['sharingEnabled'] && requireSharing) file = null;

  return file;
 }