Code Monkey home page Code Monkey logo

api.video-strapi-plugin's Issues

Authorization forbidden via graphql

Describe the bug
It seems there is no way to query apiVideoAssets via strapi's graphql endpoint as it results in 'Forbidden Access'.

To Reproduce
I have followed the steps here in order to access the api-video-asset endpoint via the rest api. This works as expected.

Next setup the the graphql plugin with the configuration as follows:

'use strict';

const { join } = require('path');

module.exports = ({ env }) => ({
  graphql: {
    config: {
      endpoint: '/graphql',
      shadowCRUD: true,
      playgroundAlways: false,
      federation: true,
      apolloServer: {
        introspection: true
      },
      artifacts: {
        schema: join(__dirname, '..', 'schema.graphql'),
        typegen: join(__dirname, '..', 'types.d.ts'),
      },
    },
  },
});

This generates the graphql schema for strapi and includes api.video types such as:

type ApiVideoUploaderApiVideoAsset {
  createdAt: DateTime
  description: String
  hls: String!
  iframe: String!
  metadata: JSON
  mp4: String!
  player: String!
  tags: JSON
  thumbnail: String!
  title: String!
  updatedAt: DateTime
  videoId: String!
}

Using Insomnia or an equivalent hit strapi's graphql endpoint (http://localhost:1337/graphql) with the following query:

{apiVideoUploaderApiVideoAssets{data{attributes{videoId}}}}

This results in Forbidden access:

{
    "errors": [
        {
            "message": "Forbidden access",
            "extensions": {
                "error": {
                    "name": "ForbiddenError",
                    "message": "Forbidden access",
                    "details": {}
                },
                "code": "FORBIDDEN"
            }
        }
    ],
    "data": {
        "apiVideoUploaderApiVideoAssets": null
    }
}

I have also tried adding the same API bearer token which is needed for auth via the rest endpoint (mentioned in the final step of the blog post linked above). This still results in the same forbidden response.

Expected behavior
Expect data to be returned as queried.

[Bug]: Private video with graphql plugin

Version

1.0.1

Environment that reproduces the issue

@strapi/strapi: 4.6.0
@strapi/plugin-graphql: 4.6.0

Is it reproducible in the example application?

No

Reproduction steps

  1. Setup an example strapi application
  2. Install api.video plugin and upload a private video
  3. Install graphql plugin: https://docs.strapi.io/dev-docs/plugins/graphql
  4. Use the below graphql plugin config:
graphql: {
    config: {
      endpoint: '/graphql',
      shadowCRUD: true,
      playgroundAlways: false,
      federation: true,
      apolloServer: {
        introspection: true,
      }
    },
  }
  1. Hit the graphql endpoint with the following query:
{apiVideoUploaderApiVideoAssets{data{attributes{title, videoId, player}}}}

Expected result

Expect results with a newly generated private video token with each request

Actual result

Results are returned with the default token on each request:
token=11111111-1111-1111-1111-111111111111

Additional context

First off, great work on the private video feature, it seems to work flawlessly with the REST API. My understanding is that the shadow CRUD operations generated by the Strapi grapql plugin most likely call the default entity service, therefore skipping the custom logic introduced for private videos in the content-api controller. As this is an official strapi plugin, can we get this to work natively within the api.video plugin? If not, a potential workaround would be to implement custom resolver login in the client application that calls the controller directly (https://strapi.io/blog/extending-and-building-custom-resolvers-with-strapi-v4). Here's the example code:

apiVideoUploaderApiVideoAsset: {
    resolve: async (parent, args, context) => {
        const { toEntityResponse } = strapi.service(
            "plugin::graphql.format"        ).returnTypes;
        const id = args.id;
        const ctx = {params: {id}}
        var result = await strapi.plugin('api-video-uploader').controller('content-api').findOne(ctx);
        const response = toEntityResponse(result)
        return response;
    }
}

Can the team confirm if this is the correct approach?

Relevant logs output

No response

Add License Information

There is no license information on this repository. I have noticed on many of the other api.video repositories there is an MIT license. Is it okay to fork this and clone for local use?

[Bug]: Strapi fails to build with this plugin installed.

Version

1.0.4

Environment that reproduces the issue

Tried a fresh install with the latest version of Strapi [v4.9.1] & with the version called out in the README of this project [v4.5.1].

After running an npm build it fails to build, are you able to re-create this?

Building your admin UI with development configuration...

● Webpack █████████████████████████ building (21%) 0/1 entries 4624/4702 dependencies 1026/1577 modules 293 active
 node_modules\semver\functions\diff.js

ModuleNotFoundError: Module not found: Error: Can't resolve 'react/jsx-runtime' in 'C:\Users\Nathan\Documents\test-project\node_modules\@api.video\strapi-uploader-plugin\node_modules\@strapi\icons\dist'
Did you mean 'jsx-runtime.js'?
BREAKING CHANGE: The request 'react/jsx-runtime' failed to resolve only because it was resolved as fully specified
(probably because the origin is strict EcmaScript Module, e. g. a module with javascript mimetype, a '*.mjs' file, or a '*.js' file where the package.json contains '"type": "module"').
The extension in the request is mandatory for it to be fully specified.
Add the extension to the request.

Is it reproducible in the example application?

Yes

Reproduction steps

npx [email protected] test-project
npm i @api.video/strapi-uploader-plugin
npm run build

Expected result

The app builds.

Actual result

The app doesn't build

Additional context

npm --version
6.11.1

node --version
v16.15.1

Relevant logs output

No response

Enable private video upload & management

Currently it is not possible to upload videos as private from the Strapi plugin. As a user with a requirement to keep video secure at all times we need this to be possible.

Add a toggle for private video to the Strapi upload page. We should be able to then watch and manage private video using the api key for auth. This should be handled behind the scenes.

[Bug]: Using private api.video assets in a relation always returns default token

Version

1.0.2

Environment that reproduces the issue

@strapi/strapi: 4.8.2

Is it reproducible in the example application?

No

Reproduction steps

  1. Setup an example strapi application
  2. Install api.video plugin and upload a private video
  3. Add a new content type (e.g. type Video) that has a relation to the api.video asset
  4. Add a new entry of type Video that relates to an api.video entry
  5. Query either the REST API endpoint with the following payload

REST

/api/videos?populate=*

Expected result

Expect results with a newly generated private video token with each request

Actual result

Results are returned with the default token on each request:
token=11111111-1111-1111-1111-111111111111

Example response: (api.video asset is data[0].attributes.video)

{
	"data": [
		{
			"id": 1,
			"attributes": {
				"createdAt": "2023-03-22T03:31:28.813Z",
				"updatedAt": "2023-03-22T03:31:39.598Z",
				"publishedAt": "2023-03-22T03:31:39.286Z",
				"title": "Tech Video 1 - The First Video",
				"description": "<h1>Big Header</h1><p>Some text underneath</p><h2>Second header</h2><p>More text underneath</p>",
				"video": {
					"data": {
						"id": 2,
						"attributes": {
							"title": "Technology Video 1",
							"description": "only for tech folks",
							"_public": false,
							"videoId": "vi5PTo2swHiwGDOdVRJ05I1Z",
							"hls": "https://vod.api.video/vod/vi5PTo2swHiwGDOdVRJ05I1Z/token/11111111-1111-1111-1111-111111111111/hls/manifest.m3u8",
							"iframe": "<iframe src=\"https://embed.api.video/vod/vi5PTo2swHiwGDOdVRJ05I1Z?token=11111111-1111-1111-1111-111111111111\" width=\"100%\" height=\"100%\" frameborder=\"0\" scrolling=\"no\" allowfullscreen=\"true\"></iframe>",
							"mp4": "https://vod.api.video/vod/vi5PTo2swHiwGDOdVRJ05I1Z/token/11111111-1111-1111-1111-111111111111/mp4/source.mp4",
							"player": "https://embed.api.video/vod/vi5PTo2swHiwGDOdVRJ05I1Z?token=11111111-1111-1111-1111-111111111111",
							"thumbnail": "https://vod.api.video/vod/vi5PTo2swHiwGDOdVRJ05I1Z/token/11111111-1111-1111-1111-111111111111/thumbnail.jpg",
							"tags": [
								"Technology",
								"Short"
							],
							"metadata": [
								{
									"key": "Upload source",
									"value": "Strapi"
								}
							],
							"createdAt": "2023-03-22T03:01:13.805Z",
							"updatedAt": "2023-03-22T03:01:13.805Z"
						}
					}
				}
			}
		}
	],
	"meta": {
		"pagination": {
			"page": 1,
			"pageSize": 25,
			"pageCount": 1,
			"total": 1
		}
	}
}

Additional context

This also happens with the GraphQL interface, would be great if both interfaces could be fixed.

Relevant logs output

No response

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.