[github/Chocobozzz/PeerTube.git] / server / helpers / custom-validators / activitypub / videos.ts

import validator from 'validator'
import { logger } from '@server/helpers/logger'
import { ActivityTrackerUrlObject, ActivityVideoFileMetadataUrlObject } from '@shared/models'
import { VideoState } from '../../../../shared/models/videos'
import { ACTIVITY_PUB, CONSTRAINTS_FIELDS } from '../../../initializers/constants'
import { peertubeTruncate } from '../../core-utils'
import { exists, isArray, isBooleanValid, isDateValid, isUUIDValid } from '../misc'
import {
  isVideoDurationValid,
  isVideoNameValid,
  isVideoStateValid,
  isVideoTagValid,
  isVideoTruncatedDescriptionValid,
  isVideoViewsValid
} from '../videos'
import { isActivityPubUrlValid, isBaseActivityValid, setValidAttributedTo } from './misc'

function sanitizeAndCheckVideoTorrentUpdateActivity (activity: any) {
  return isBaseActivityValid(activity, 'Update') &&
    sanitizeAndCheckVideoTorrentObject(activity.object)
}

function isActivityPubVideoDurationValid (value: string) {
  // https://www.w3.org/TR/activitystreams-vocabulary/#dfn-duration
  return exists(value) &&
    typeof value === 'string' &&
    value.startsWith('PT') &&
    value.endsWith('S') &&
    isVideoDurationValid(value.replace(/[^0-9]+/g, ''))
}

function sanitizeAndCheckVideoTorrentObject (video: any) {
  if (!video || video.type !== 'Video') return false

  if (!setValidRemoteTags(video)) {
    logger.debug('Video has invalid tags', { video })
    return false
  }
  if (!setValidRemoteVideoUrls(video)) {
    logger.debug('Video has invalid urls', { video })
    return false
  }
  if (!setRemoteVideoTruncatedContent(video)) {
    logger.debug('Video has invalid content', { video })
    return false
  }
  if (!setValidAttributedTo(video)) {
    logger.debug('Video has invalid attributedTo', { video })
    return false
  }
  if (!setValidRemoteCaptions(video)) {
    logger.debug('Video has invalid captions', { video })
    return false
  }
  if (!setValidRemoteIcon(video)) {
    logger.debug('Video has invalid icons', { video })
    return false
  }

  // Default attributes
  if (!isVideoStateValid(video.state)) video.state = VideoState.PUBLISHED
  if (!isBooleanValid(video.waitTranscoding)) video.waitTranscoding = false
  if (!isBooleanValid(video.downloadEnabled)) video.downloadEnabled = true
  if (!isBooleanValid(video.commentsEnabled)) video.commentsEnabled = false
  if (!isBooleanValid(video.isLiveBroadcast)) video.isLiveBroadcast = false
  if (!isBooleanValid(video.liveSaveReplay)) video.liveSaveReplay = false
  if (!isBooleanValid(video.permanentLive)) video.permanentLive = false

  return isActivityPubUrlValid(video.id) &&
    isVideoNameValid(video.name) &&
    isActivityPubVideoDurationValid(video.duration) &&
    isUUIDValid(video.uuid) &&
    (!video.category || isRemoteNumberIdentifierValid(video.category)) &&
    (!video.licence || isRemoteNumberIdentifierValid(video.licence)) &&
    (!video.language || isRemoteStringIdentifierValid(video.language)) &&
    isVideoViewsValid(video.views) &&
    isBooleanValid(video.sensitive) &&
    isDateValid(video.published) &&
    isDateValid(video.updated) &&
    (!video.originallyPublishedAt || isDateValid(video.originallyPublishedAt)) &&
    (!video.content || isRemoteVideoContentValid(video.mediaType, video.content)) &&
    video.attributedTo.length !== 0
}

function isRemoteVideoUrlValid (url: any) {
  return url.type === 'Link' &&
    // Video file link
    (
      ACTIVITY_PUB.URL_MIME_TYPES.VIDEO.includes(url.mediaType) &&
      isActivityPubUrlValid(url.href) &&
      validator.isInt(url.height + '', { min: 0 }) &&
      validator.isInt(url.size + '', { min: 0 }) &&
      (!url.fps || validator.isInt(url.fps + '', { min: -1 }))
    ) ||
    // Torrent link
    (
      ACTIVITY_PUB.URL_MIME_TYPES.TORRENT.includes(url.mediaType) &&
      isActivityPubUrlValid(url.href) &&
      validator.isInt(url.height + '', { min: 0 })
    ) ||
    // Magnet link
    (
      ACTIVITY_PUB.URL_MIME_TYPES.MAGNET.includes(url.mediaType) &&
      validator.isLength(url.href, { min: 5 }) &&
      validator.isInt(url.height + '', { min: 0 })
    ) ||
    // HLS playlist link
    (
      (url.mediaType || url.mimeType) === 'application/x-mpegURL' &&
      isActivityPubUrlValid(url.href) &&
      isArray(url.tag)
    ) ||
    isAPVideoTrackerUrlObject(url) ||
    isAPVideoFileUrlMetadataObject(url)
}

function isAPVideoFileUrlMetadataObject (url: any): url is ActivityVideoFileMetadataUrlObject {
  return url &&
    url.type === 'Link' &&
    url.mediaType === 'application/json' &&
    isArray(url.rel) && url.rel.includes('metadata')
}

function isAPVideoTrackerUrlObject (url: any): url is ActivityTrackerUrlObject {
  return isArray(url.rel) &&
    url.rel.includes('tracker') &&
    isActivityPubUrlValid(url.href)
}

// ---------------------------------------------------------------------------

export {
  sanitizeAndCheckVideoTorrentUpdateActivity,
  isRemoteStringIdentifierValid,
  sanitizeAndCheckVideoTorrentObject,
  isRemoteVideoUrlValid,
  isAPVideoFileUrlMetadataObject,
  isAPVideoTrackerUrlObject
}

// ---------------------------------------------------------------------------

function setValidRemoteTags (video: any) {
  if (Array.isArray(video.tag) === false) return false

  video.tag = video.tag.filter(t => {
    return t.type === 'Hashtag' &&
      isVideoTagValid(t.name)
  })

  return true
}

function setValidRemoteCaptions (video: any) {
  if (!video.subtitleLanguage) video.subtitleLanguage = []

  if (Array.isArray(video.subtitleLanguage) === false) return false

  video.subtitleLanguage = video.subtitleLanguage.filter(caption => {
    if (!isActivityPubUrlValid(caption.url)) caption.url = null

    return isRemoteStringIdentifierValid(caption)
  })

  return true
}

function isRemoteNumberIdentifierValid (data: any) {
  return validator.isInt(data.identifier, { min: 0 })
}

function isRemoteStringIdentifierValid (data: any) {
  return typeof data.identifier === 'string'
}

function isRemoteVideoContentValid (mediaType: string, content: string) {
  return mediaType === 'text/markdown' && isVideoTruncatedDescriptionValid(content)
}

function setValidRemoteIcon (video: any) {
  if (video.icon && !isArray(video.icon)) video.icon = [ video.icon ]
  if (!video.icon) video.icon = []

  video.icon = video.icon.filter(icon => {
    return icon.type === 'Image' &&
      isActivityPubUrlValid(icon.url) &&
      icon.mediaType === 'image/jpeg' &&
      validator.isInt(icon.width + '', { min: 0 }) &&
      validator.isInt(icon.height + '', { min: 0 })
  })

  return video.icon.length !== 0
}

function setValidRemoteVideoUrls (video: any) {
  if (Array.isArray(video.url) === false) return false

  video.url = video.url.filter(u => isRemoteVideoUrlValid(u))

  return true
}

function setRemoteVideoTruncatedContent (video: any) {
  if (video.content) {
    video.content = peertubeTruncate(video.content, { length: CONSTRAINTS_FIELDS.VIDEOS.TRUNCATED_DESCRIPTION.max })
  }

  return true
}
Commit	Line	Data
7cde3b9c	1	import validator from 'validator'
d9a2a031 C	2	import { logger } from '@server/helpers/logger'
	3	import { ActivityTrackerUrlObject, ActivityVideoFileMetadataUrlObject } from '@shared/models'
	4	import { VideoState } from '../../../../shared/models/videos'
74dc3bca	5	import { ACTIVITY_PUB, CONSTRAINTS_FIELDS } from '../../../initializers/constants'
c73e83da	6	import { peertubeTruncate } from '../../core-utils'
09209296	7	import { exists, isArray, isBooleanValid, isDateValid, isUUIDValid } from '../misc'
65fcc311	8	import {
65fcc311	9	isVideoDurationValid,
65fcc311	10	isVideoNameValid,
2186386c	11	isVideoStateValid,
e34c85e5	12	isVideoTagValid,
8e10cf1a	13	isVideoTruncatedDescriptionValid,
8e10cf1a	14	isVideoViewsValid
65fcc311	15	} from '../videos'
50d6de9c	16	import { isActivityPubUrlValid, isBaseActivityValid, setValidAttributedTo } from './misc'
0d0e8dd0	17
1d6e5dfc	18	function sanitizeAndCheckVideoTorrentUpdateActivity (activity: any) {
0d0e8dd0	19	return isBaseActivityValid(activity, 'Update') &&
1d6e5dfc	20	sanitizeAndCheckVideoTorrentObject(activity.object)
65fcc311 C	21	}
65fcc311 C	22
8e10cf1a C	23	function isActivityPubVideoDurationValid (value: string) {
	24	// https://www.w3.org/TR/activitystreams-vocabulary/#dfn-duration
	25	return exists(value) &&
	26	typeof value === 'string' &&
	27	value.startsWith('PT') &&
	28	value.endsWith('S') &&
efc32059	29	isVideoDurationValid(value.replace(/[^0-9]+/g, ''))
8e10cf1a C	30	}
8e10cf1a C	31
1d6e5dfc	32	function sanitizeAndCheckVideoTorrentObject (video: any) {
fbad87b0	33	if (!video \|\| video.type !== 'Video') return false
5cf13500	34
d7a25329 C	35	if (!setValidRemoteTags(video)) {
	36	logger.debug('Video has invalid tags', { video })
	37	return false
	38	}
	39	if (!setValidRemoteVideoUrls(video)) {
	40	logger.debug('Video has invalid urls', { video })
	41	return false
	42	}
	43	if (!setRemoteVideoTruncatedContent(video)) {
	44	logger.debug('Video has invalid content', { video })
	45	return false
	46	}
	47	if (!setValidAttributedTo(video)) {
	48	logger.debug('Video has invalid attributedTo', { video })
	49	return false
	50	}
	51	if (!setValidRemoteCaptions(video)) {
	52	logger.debug('Video has invalid captions', { video })
	53	return false
	54	}
ca6d3622 C	55	if (!setValidRemoteIcon(video)) {
	56	logger.debug('Video has invalid icons', { video })
	57	return false
	58	}
1d6e5dfc	59
2186386c C	60	// Default attributes
	61	if (!isVideoStateValid(video.state)) video.state = VideoState.PUBLISHED
	62	if (!isBooleanValid(video.waitTranscoding)) video.waitTranscoding = false
7f2cfe3a	63	if (!isBooleanValid(video.downloadEnabled)) video.downloadEnabled = true
0bc1b31d	64	if (!isBooleanValid(video.commentsEnabled)) video.commentsEnabled = false
de6310b2	65	if (!isBooleanValid(video.isLiveBroadcast)) video.isLiveBroadcast = false
af4ae64f	66	if (!isBooleanValid(video.liveSaveReplay)) video.liveSaveReplay = false
bb4ba6d9	67	if (!isBooleanValid(video.permanentLive)) video.permanentLive = false
2186386c	68
5cf13500	69	return isActivityPubUrlValid(video.id) &&
0d0e8dd0	70	isVideoNameValid(video.name) &&
8e10cf1a	71	isActivityPubVideoDurationValid(video.duration) &&
0d0e8dd0	72	isUUIDValid(video.uuid) &&
9d3ef9fe C	73	(!video.category \|\| isRemoteNumberIdentifierValid(video.category)) &&
	74	(!video.licence \|\| isRemoteNumberIdentifierValid(video.licence)) &&
	75	(!video.language \|\| isRemoteStringIdentifierValid(video.language)) &&
efc32059	76	isVideoViewsValid(video.views) &&
0a67e28b	77	isBooleanValid(video.sensitive) &&
0d0e8dd0 C	78	isDateValid(video.published) &&
0d0e8dd0 C	79	isDateValid(video.updated) &&
7519127b	80	(!video.originallyPublishedAt \|\| isDateValid(video.originallyPublishedAt)) &&
f595d394	81	(!video.content \|\| isRemoteVideoContentValid(video.mediaType, video.content)) &&
50d6de9c	82	video.attributedTo.length !== 0
65fcc311 C	83	}
65fcc311 C	84
c48e82b5	85	function isRemoteVideoUrlValid (url: any) {
c48e82b5	86	return url.type === 'Link' &&
d9a2a031	87	// Video file link
c48e82b5	88	(
bdd428a6	89	ACTIVITY_PUB.URL_MIME_TYPES.VIDEO.includes(url.mediaType) &&
c48e82b5 C	90	isActivityPubUrlValid(url.href) &&
	91	validator.isInt(url.height + '', { min: 0 }) &&
	92	validator.isInt(url.size + '', { min: 0 }) &&
a3737cbf	93	(!url.fps \|\| validator.isInt(url.fps + '', { min: -1 }))
c48e82b5	94	) \|\|
d9a2a031	95	// Torrent link
c48e82b5	96	(
bdd428a6	97	ACTIVITY_PUB.URL_MIME_TYPES.TORRENT.includes(url.mediaType) &&
c48e82b5 C	98	isActivityPubUrlValid(url.href) &&
	99	validator.isInt(url.height + '', { min: 0 })
	100	) \|\|
d9a2a031	101	// Magnet link
c48e82b5	102	(
bdd428a6	103	ACTIVITY_PUB.URL_MIME_TYPES.MAGNET.includes(url.mediaType) &&
c48e82b5 C	104	validator.isLength(url.href, { min: 5 }) &&
c48e82b5 C	105	validator.isInt(url.height + '', { min: 0 })
09209296	106	) \|\|
d9a2a031	107	// HLS playlist link
09209296 C	108	(
	109	(url.mediaType \|\| url.mimeType) === 'application/x-mpegURL' &&
	110	isActivityPubUrlValid(url.href) &&
	111	isArray(url.tag)
7b81edc8	112	) \|\|
d9a2a031 C	113	isAPVideoTrackerUrlObject(url) \|\|
d9a2a031 C	114	isAPVideoFileUrlMetadataObject(url)
7b81edc8 C	115	}
7b81edc8 C	116
d9a2a031	117	function isAPVideoFileUrlMetadataObject (url: any): url is ActivityVideoFileMetadataUrlObject {
7b81edc8 C	118	return url &&
	119	url.type === 'Link' &&
	120	url.mediaType === 'application/json' &&
	121	isArray(url.rel) && url.rel.includes('metadata')
c48e82b5 C	122	}
c48e82b5 C	123
d9a2a031 C	124	function isAPVideoTrackerUrlObject (url: any): url is ActivityTrackerUrlObject {
	125	return isArray(url.rel) &&
	126	url.rel.includes('tracker') &&
	127	isActivityPubUrlValid(url.href)
	128	}
	129
65fcc311 C	130	// ---------------------------------------------------------------------------
	131
	132	export {
1d6e5dfc	133	sanitizeAndCheckVideoTorrentUpdateActivity,
9d3ef9fe	134	isRemoteStringIdentifierValid,
c48e82b5	135	sanitizeAndCheckVideoTorrentObject,
7b81edc8	136	isRemoteVideoUrlValid,
d9a2a031 C	137	isAPVideoFileUrlMetadataObject,
d9a2a031 C	138	isAPVideoTrackerUrlObject
65fcc311 C	139	}
	140
	141	// ---------------------------------------------------------------------------
	142
0d0e8dd0 C	143	function setValidRemoteTags (video: any) {
0d0e8dd0 C	144	if (Array.isArray(video.tag) === false) return false
65fcc311	145
a2431b7d	146	video.tag = video.tag.filter(t => {
0d0e8dd0 C	147	return t.type === 'Hashtag' &&
	148	isVideoTagValid(t.name)
	149	})
72c7248b	150
0d0e8dd0	151	return true
72c7248b C	152	}
72c7248b C	153
40e87e9e C	154	function setValidRemoteCaptions (video: any) {
	155	if (!video.subtitleLanguage) video.subtitleLanguage = []
	156
	157	if (Array.isArray(video.subtitleLanguage) === false) return false
	158
	159	video.subtitleLanguage = video.subtitleLanguage.filter(caption => {
ca6d3622 C	160	if (!isActivityPubUrlValid(caption.url)) caption.url = null
ca6d3622 C	161
40e87e9e C	162	return isRemoteStringIdentifierValid(caption)
	163	})
	164
	165	return true
	166	}
	167
9d3ef9fe	168	function isRemoteNumberIdentifierValid (data: any) {
0d0e8dd0	169	return validator.isInt(data.identifier, { min: 0 })
72c7248b C	170	}
72c7248b C	171
9d3ef9fe C	172	function isRemoteStringIdentifierValid (data: any) {
	173	return typeof data.identifier === 'string'
	174	}
	175
0d0e8dd0 C	176	function isRemoteVideoContentValid (mediaType: string, content: string) {
0d0e8dd0 C	177	return mediaType === 'text/markdown' && isVideoTruncatedDescriptionValid(content)
72c7248b C	178	}
72c7248b C	179
ca6d3622 C	180	function setValidRemoteIcon (video: any) {
	181	if (video.icon && !isArray(video.icon)) video.icon = [ video.icon ]
	182	if (!video.icon) video.icon = []
	183
	184	video.icon = video.icon.filter(icon => {
	185	return icon.type === 'Image' &&
	186	isActivityPubUrlValid(icon.url) &&
	187	icon.mediaType === 'image/jpeg' &&
	188	validator.isInt(icon.width + '', { min: 0 }) &&
	189	validator.isInt(icon.height + '', { min: 0 })
	190	})
	191
	192	return video.icon.length !== 0
72c7248b C	193	}
72c7248b C	194
0d0e8dd0 C	195	function setValidRemoteVideoUrls (video: any) {
0d0e8dd0 C	196	if (Array.isArray(video.url) === false) return false
65fcc311	197
a2431b7d	198	video.url = video.url.filter(u => isRemoteVideoUrlValid(u))
65fcc311	199
0d0e8dd0	200	return true
65fcc311 C	201	}
65fcc311 C	202
45cd28b6	203	function setRemoteVideoTruncatedContent (video: any) {
c73e83da	204	if (video.content) {
687c6180	205	video.content = peertubeTruncate(video.content, { length: CONSTRAINTS_FIELDS.VIDEOS.TRUNCATED_DESCRIPTION.max })
c73e83da C	206	}
	207
	208	return true
	209	}