diff --git a/server/controllers/plugins.ts b/server/controllers/plugins.ts index 18c6613e2..6a1ccc0bf 100644 --- a/server/controllers/plugins.ts +++ b/server/controllers/plugins.ts @@ -9,6 +9,7 @@ import { getCompleteLocale, is18nLocale } from '../../shared/core-utils/i18n' import { PluginType } from '../../shared/models/plugins/plugin.type' import { isTestInstance } from '../helpers/core-utils' import { logger } from '@server/helpers/logger' +import { optionalAuthenticate } from '@server/middlewares/oauth' const sendFileOptions = { maxAge: '30 days', @@ -45,11 +46,13 @@ pluginsRouter.get('/plugins/:pluginName/:pluginVersion/client-scripts/:staticEnd pluginsRouter.use('/plugins/:pluginName/router', getPluginValidator(PluginType.PLUGIN, false), + optionalAuthenticate, servePluginCustomRoutes ) pluginsRouter.use('/plugins/:pluginName/:pluginVersion/router', getPluginValidator(PluginType.PLUGIN), + optionalAuthenticate, servePluginCustomRoutes ) diff --git a/server/tests/fixtures/peertube-plugin-test-five/main.js b/server/tests/fixtures/peertube-plugin-test-five/main.js index c1435b928..07dd18654 100644 --- a/server/tests/fixtures/peertube-plugin-test-five/main.js +++ b/server/tests/fixtures/peertube-plugin-test-five/main.js @@ -4,6 +4,8 @@ async function register ({ const router = getRouter() router.get('/ping', (req, res) => res.json({ message: 'pong' })) + router.get('/is-authenticated', (req, res) => res.json({ isAuthenticated: res.locals.authenticated })) + router.post('/form/post/mirror', (req, res) => { res.json(req.body) }) diff --git a/server/tests/plugins/plugin-router.ts b/server/tests/plugins/plugin-router.ts index 9e78568cd..5392acc51 100644 --- a/server/tests/plugins/plugin-router.ts +++ b/server/tests/plugins/plugin-router.ts @@ -44,6 +44,27 @@ describe('Test plugin helpers', function () { } }) + it('Should check if authenticated', async function () { + for (const path of basePaths) { + const res = await makeGetRequest({ + url: server.url, + path: path + 'is-authenticated', + token: server.accessToken, + statusCodeExpected: 200 + }) + + expect(res.body.isAuthenticated).to.equal(undefined) + + const secRes = await makeGetRequest({ + url: server.url, + path: path + 'is-authenticated', + statusCodeExpected: 200 + }) + + expect(secRes.body.isAuthenticated).to.equal(false) + } + }) + it('Should mirror post body', async function () { const body = { hello: 'world',