Sharing and video downloads on shared videos now work for multi-user mode

2026-04-01 22:41:29 +03:00 · 2020-04-27 04:31:39 -04:00
parent 1ac6683f33
commit 4b2b278439
5 changed files with 83 additions and 12 deletions
--- a/backend/app.js
+++ b/backend/app.js
@@ -1705,7 +1705,18 @@ app.use(compression());

 const optionalJwt = function (req, res, next) {
    const multiUserMode = config_api.getConfigItem('ytdl_multi_user_mode');
-    if (multiUserMode) {
+    if (multiUserMode && ((req.body && req.body.uuid) || (req.query && req.query.uuid)) && (req.path.includes('/api/getFile') || 
+                                                                                            req.path.includes('/api/audio') || 
+                                                                                            req.path.includes('/api/video') ||
+                                                                                            req.path.includes('/api/downloadFile'))) {
+        // check if shared video
+        const using_body = req.body && req.body.uuid;
+        const uuid = using_body ? req.body.uuid : req.query.uuid;
+        const uid = using_body ? req.body.uid : req.query.uid;
+        const type = using_body ? req.body.type : req.query.type;
+        const is_shared = auth_api.getUserVideo(uuid, uid, type, true);
+        if (is_shared) return next();
+    } else if (multiUserMode) {
        if (!req.query.jwt) {
            res.sendStatus(401);
            return;
@@ -1878,11 +1889,14 @@ app.get('/api/getMp4s', optionalJwt, function(req, res) {
 app.post('/api/getFile', optionalJwt, function (req, res) {
    var uid = req.body.uid;
    var type = req.body.type;
+    var uuid = req.body.uuid;

    var file = null;

    if (req.isAuthenticated()) {
        file = auth_api.getUserVideo(req.user.uid, uid, type);
+    } else if (uuid) {
+        file = auth_api.getUserVideo(uuid, uid, type, true);
    } else {
        if (!type) {
            file = db.get('files.audio').find({uid: uid}).value();
@@ -1911,10 +1925,21 @@ app.post('/api/getFile', optionalJwt, function (req, res) {
 });

 // video sharing
-app.post('/api/enableSharing', function(req, res) {
+app.post('/api/enableSharing', optionalJwt, function(req, res) {
    var type = req.body.type;
    var uid = req.body.uid;
    var is_playlist = req.body.is_playlist;
+    let success = false;
+    // multi-user mode
+    if (req.isAuthenticated()) {
+        // if multi user mode, use this method instead
+        success = auth_api.changeSharingMode(req.user.uid, uid, type, is_playlist, true);
+        console.log(success);
+        res.send({success: success});
+        return;
+    }
+
+    // single-user mode
    try {
        success = true;
        if (!is_playlist && type !== 'subscription') {
@@ -1944,10 +1969,20 @@ app.post('/api/enableSharing', function(req, res) {
    });
 });

-app.post('/api/disableSharing', function(req, res) {
+app.post('/api/disableSharing', optionalJwt, function(req, res) {
    var type = req.body.type;
    var uid = req.body.uid;
    var is_playlist = req.body.is_playlist;
+
+    // multi-user mode
+    if (req.isAuthenticated()) {
+        // if multi user mode, use this method instead
+        success = auth_api.changeSharingMode(req.user.uid, uid, type, is_playlist, false);
+        res.send({success: success});
+        return;
+    }
+
+    // single-user mode
    try {
        success = true;
        if (!is_playlist && type !== 'subscription') {
--- a/backend/authentication/auth.js
+++ b/backend/authentication/auth.js
@@ -237,7 +237,7 @@ exports.getUserVideos = function(user_uid, type) {
    return user['files'][type];
 }

-exports.getUserVideo = function(user_uid, file_uid, type) {
+exports.getUserVideo = function(user_uid, file_uid, type, requireSharing = false) {
  if (!type) {
    file = db.get('users').find({uid: user_uid}).get(`files.audio`).find({uid: file_uid}).value();
    if (!file) {
@@ -249,6 +249,10 @@ exports.getUserVideo = function(user_uid, file_uid, type) {
  }

  if (!file && type) file = db.get('users').find({uid: user_uid}).get(`files.${type}`).find({uid: file_uid}).value();
+
+  // prevent unauthorized users from accessing the file info
+  if (requireSharing && !file['sharingEnabled']) file = null;
+
  return file;
 }

@@ -366,6 +370,20 @@ exports.deleteUserFile = function(user_uid, file_uid, type, blacklistMode = fals
  return success;
 }

+exports.changeSharingMode = function(user_uid, file_uid, type, is_playlist, enabled) {
+  let success = false;
+  const user_db_obj = db.get('users').find({uid: user_uid});
+  if (user_db_obj.value()) {
+    const file_db_obj = is_playlist ? user_db_obj.get(`playlists.${type}`).find({uid: file_uid}) : user_db_obj.get(`files.${type}`).find({uid: file_uid});
+    if (file_db_obj.value()) {
+      success = true;
+      file_db_obj.assign({sharingEnabled: enabled}).write();
+    }
+  }
+  
+  return success;
+}
+
 function getToken(queryParams) {
  if (queryParams && queryParams.jwt) {
    var parted = queryParams.jwt.split(' ');