[github/Chocobozzz/PeerTube.git] / server / middlewares / validators / oembed.ts

import * as express from 'express'
import { query } from 'express-validator'
import { join } from 'path'
import { isTestInstance } from '../../helpers/core-utils'
import { isIdOrUUIDValid } from '../../helpers/custom-validators/misc'
import { logger } from '../../helpers/logger'
import { areValidationErrors } from './utils'
import { WEBSERVER } from '../../initializers/constants'
import { doesVideoExist } from '../../helpers/middlewares'

const urlShouldStartWith = WEBSERVER.SCHEME + '://' + join(WEBSERVER.HOST, 'videos', 'watch') + '/'
const videoWatchRegex = new RegExp('([^/]+)$')
const isURLOptions = {
  require_host: true,
  require_tld: true
}

// We validate 'localhost', so we don't have the top level domain
if (isTestInstance()) {
  isURLOptions.require_tld = false
}

const oembedValidator = [
  query('url').isURL(isURLOptions).withMessage('Should have a valid url'),
  query('maxwidth').optional().isInt().withMessage('Should have a valid max width'),
  query('maxheight').optional().isInt().withMessage('Should have a valid max height'),
  query('format').optional().isIn([ 'xml', 'json' ]).withMessage('Should have a valid format'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking oembed parameters', { parameters: req.query })

    if (areValidationErrors(req, res)) return

    if (req.query.format !== undefined && req.query.format !== 'json') {
      return res.status(501)
                .json({ error: 'Requested format is not implemented on server.' })
                .end()
    }

    const url = req.query.url as string

    const startIsOk = url.startsWith(urlShouldStartWith)
    const matches = videoWatchRegex.exec(url)

    if (startIsOk === false || matches === null) {
      return res.status(400)
                .json({ error: 'Invalid url.' })
                .end()
    }

    const videoId = matches[1]
    if (isIdOrUUIDValid(videoId) === false) {
      return res.status(400)
                .json({ error: 'Invalid video id.' })
                .end()
    }

    if (!await doesVideoExist(videoId, res)) return

    return next()
  }
]

// ---------------------------------------------------------------------------

export {
  oembedValidator
}
Commit	Line	Data
d8755eed	1	import * as express from 'express'
c8861d5d	2	import { query } from 'express-validator'
d8755eed	3	import { join } from 'path'
da854ddd	4	import { isTestInstance } from '../../helpers/core-utils'
3fd3ab2d	5	import { isIdOrUUIDValid } from '../../helpers/custom-validators/misc'
da854ddd	6	import { logger } from '../../helpers/logger'
a2431b7d	7	import { areValidationErrors } from './utils'
6dd9de95	8	import { WEBSERVER } from '../../initializers/constants'
3e753302	9	import { doesVideoExist } from '../../helpers/middlewares'
d8755eed	10
6dd9de95	11	const urlShouldStartWith = WEBSERVER.SCHEME + '://' + join(WEBSERVER.HOST, 'videos', 'watch') + '/'
d8755eed C	12	const videoWatchRegex = new RegExp('([^/]+)$')
	13	const isURLOptions = {
	14	require_host: true,
	15	require_tld: true
	16	}
	17
	18	// We validate 'localhost', so we don't have the top level domain
	19	if (isTestInstance()) {
	20	isURLOptions.require_tld = false
	21	}
	22
	23	const oembedValidator = [
	24	query('url').isURL(isURLOptions).withMessage('Should have a valid url'),
	25	query('maxwidth').optional().isInt().withMessage('Should have a valid max width'),
	26	query('maxheight').optional().isInt().withMessage('Should have a valid max height'),
	27	query('format').optional().isIn([ 'xml', 'json' ]).withMessage('Should have a valid format'),
	28
a2431b7d	29	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
d8755eed C	30	logger.debug('Checking oembed parameters', { parameters: req.query })
d8755eed C	31
a2431b7d C	32	if (areValidationErrors(req, res)) return
	33
	34	if (req.query.format !== undefined && req.query.format !== 'json') {
	35	return res.status(501)
	36	.json({ error: 'Requested format is not implemented on server.' })
	37	.end()
	38	}
	39
67c604ae C	40	const url = req.query.url as string
	41
	42	const startIsOk = url.startsWith(urlShouldStartWith)
	43	const matches = videoWatchRegex.exec(url)
	44
a2431b7d C	45	if (startIsOk === false \|\| matches === null) {
	46	return res.status(400)
	47	.json({ error: 'Invalid url.' })
	48	.end()
	49	}
d8755eed	50
a2431b7d C	51	const videoId = matches[1]
	52	if (isIdOrUUIDValid(videoId) === false) {
	53	return res.status(400)
	54	.json({ error: 'Invalid video id.' })
	55	.end()
	56	}
d8755eed	57
0f6acda1	58	if (!await doesVideoExist(videoId, res)) return
d8755eed	59
a2431b7d	60	return next()
d8755eed C	61	}
	62	]
	63
	64	// ---------------------------------------------------------------------------
	65
	66	export {
	67	oembedValidator
	68	}