Mercurial > code > home > repos > video
annotate serve-files.js @ 49:1bd17c2e5517 default tip
video.py must sign video urls for serve-files.js to serve them
| author | drewp@bigasterisk.com |
|---|---|
| date | Fri, 06 Dec 2024 17:13:51 -0800 |
| parents | ed16fdbb3996 |
| children |
| rev | line source |
|---|---|
|
2
78c1a2983010
rewrite UI and file serving parts; use vite
drewp@bigasterisk.com
parents:
diff
changeset
|
1 const express = require('express') |
|
49
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
36
diff
changeset
|
2 const decodeSig = async (sig) => { |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
36
diff
changeset
|
3 const { decodeSig } = await import('./signature_decode.mjs'); |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
36
diff
changeset
|
4 return decodeSig(sig); |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
36
diff
changeset
|
5 }; |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
36
diff
changeset
|
6 const app = express() |
|
2
78c1a2983010
rewrite UI and file serving parts; use vite
drewp@bigasterisk.com
parents:
diff
changeset
|
7 |
|
49
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
36
diff
changeset
|
8 async function checkSig(sig, user, reqPath) { |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
36
diff
changeset
|
9 const msg = await decodeSig(sig); |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
36
diff
changeset
|
10 if (msg[0] !== user) { |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
36
diff
changeset
|
11 throw new Error('user mismatch ' + msg[0] + ' ' + user); |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
36
diff
changeset
|
12 } |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
36
diff
changeset
|
13 if (msg[1] !== reqPath) { |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
36
diff
changeset
|
14 throw new Error('path mismatch'); |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
36
diff
changeset
|
15 } |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
36
diff
changeset
|
16 const now = new Date() / 1000; |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
36
diff
changeset
|
17 if (msg[2] < now) { |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
36
diff
changeset
|
18 throw new Error('expired'); |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
36
diff
changeset
|
19 } |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
36
diff
changeset
|
20 } |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
36
diff
changeset
|
21 |
|
2
78c1a2983010
rewrite UI and file serving parts; use vite
drewp@bigasterisk.com
parents:
diff
changeset
|
22 |
|
36
ed16fdbb3996
rewrite WIP. scan fs separately; store in db. thumbs are broken for now
drewp@bigasterisk.com
parents:
2
diff
changeset
|
23 // e.g. /video/files/video-download/movie1/part1.webm |
|
2
78c1a2983010
rewrite UI and file serving parts; use vite
drewp@bigasterisk.com
parents:
diff
changeset
|
24 app.use('/video/files', |
|
49
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
36
diff
changeset
|
25 async (req, res, next) => { |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
36
diff
changeset
|
26 try { |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
36
diff
changeset
|
27 await checkSig(req.query.sig || '', req.headers['x-pomerium-email'], req.path); |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
36
diff
changeset
|
28 } catch (e) { |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
36
diff
changeset
|
29 console.error(e); |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
36
diff
changeset
|
30 res.status(403).send('403 Forbidden'); |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
36
diff
changeset
|
31 return; |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
36
diff
changeset
|
32 } |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
36
diff
changeset
|
33 next(); |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
36
diff
changeset
|
34 }, |
|
2
78c1a2983010
rewrite UI and file serving parts; use vite
drewp@bigasterisk.com
parents:
diff
changeset
|
35 express.static('/data'), // serves file content |
|
78c1a2983010
rewrite UI and file serving parts; use vite
drewp@bigasterisk.com
parents:
diff
changeset
|
36 ) |
|
78c1a2983010
rewrite UI and file serving parts; use vite
drewp@bigasterisk.com
parents:
diff
changeset
|
37 |
|
49
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
36
diff
changeset
|
38 app.listen(8003) |