server/helpers/custom-validators/activitypub/actor.ts

   1 import validator from 'validator'
   2 import { CONSTRAINTS_FIELDS } from '../../../initializers/constants'
   3 import { exists, isArray, isDateValid } from '../misc'
   4 import { isActivityPubUrlValid, isBaseActivityValid, setValidAttributedTo } from './misc'
   5 import { isHostValid } from '../servers'
   6 import { peertubeTruncate } from '@server/helpers/core-utils'
   7
   8 function isActorEndpointsObjectValid (endpointObject: any) {
   9   if (endpointObject?.sharedInbox) {
  10     return isActivityPubUrlValid(endpointObject.sharedInbox)
  11   }
  12
  13   // Shared inbox is optional
  14   return true
  15 }
  16
  17 function isActorPublicKeyObjectValid (publicKeyObject: any) {
  18   return isActivityPubUrlValid(publicKeyObject.id) &&
  19     isActivityPubUrlValid(publicKeyObject.owner) &&
  20     isActorPublicKeyValid(publicKeyObject.publicKeyPem)
  21 }
  22
  23 function isActorTypeValid (type: string) {
  24   return type === 'Person' || type === 'Application' || type === 'Group' || type === 'Service' || type === 'Organization'
  25 }
  26
  27 function isActorPublicKeyValid (publicKey: string) {
  28   return exists(publicKey) &&
  29     typeof publicKey === 'string' &&
  30     publicKey.startsWith('-----BEGIN PUBLIC KEY-----') &&
  31     publicKey.includes('-----END PUBLIC KEY-----') &&
  32     validator.isLength(publicKey, CONSTRAINTS_FIELDS.ACTORS.PUBLIC_KEY)
  33 }
  34
  35 const actorNameAlphabet = '[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789\\-_.:]'
  36 const actorNameRegExp = new RegExp(`^${actorNameAlphabet}+$`)
  37 function isActorPreferredUsernameValid (preferredUsername: string) {
  38   return exists(preferredUsername) && validator.matches(preferredUsername, actorNameRegExp)
  39 }
  40
  41 function isActorPrivateKeyValid (privateKey: string) {
  42   return exists(privateKey) &&
  43     typeof privateKey === 'string' &&
  44     (privateKey.startsWith('-----BEGIN RSA PRIVATE KEY-----') || privateKey.startsWith('-----BEGIN PRIVATE KEY-----')) &&
  45     // Sometimes there is a \n at the end, so just assert the string contains the end mark
  46     (privateKey.includes('-----END RSA PRIVATE KEY-----') || privateKey.includes('-----END PRIVATE KEY-----')) &&
  47     validator.isLength(privateKey, CONSTRAINTS_FIELDS.ACTORS.PRIVATE_KEY)
  48 }
  49
  50 function isActorFollowingCountValid (value: string) {
  51   return exists(value) && validator.isInt('' + value, { min: 0 })
  52 }
  53
  54 function isActorFollowersCountValid (value: string) {
  55   return exists(value) && validator.isInt('' + value, { min: 0 })
  56 }
  57
  58 function isActorDeleteActivityValid (activity: any) {
  59   return isBaseActivityValid(activity, 'Delete')
  60 }
  61
  62 function sanitizeAndCheckActorObject (actor: any) {
  63   if (!isActorTypeValid(actor.type)) return false
  64
  65   normalizeActor(actor)
  66
  67   return exists(actor) &&
  68     isActivityPubUrlValid(actor.id) &&
  69     isActivityPubUrlValid(actor.inbox) &&
  70     isActorPreferredUsernameValid(actor.preferredUsername) &&
  71     isActivityPubUrlValid(actor.url) &&
  72     isActorPublicKeyObjectValid(actor.publicKey) &&
  73     isActorEndpointsObjectValid(actor.endpoints) &&
  74
  75     (!actor.outbox || isActivityPubUrlValid(actor.outbox)) &&
  76     (!actor.following || isActivityPubUrlValid(actor.following)) &&
  77     (!actor.followers || isActivityPubUrlValid(actor.followers)) &&
  78
  79     setValidAttributedTo(actor) &&
  80     setValidDescription(actor) &&
  81     // If this is a group (a channel), it should be attributed to an account
  82     // In PeerTube we use this to attach a video channel to a specific account
  83     (actor.type !== 'Group' || actor.attributedTo.length !== 0)
  84 }
  85
  86 function normalizeActor (actor: any) {
  87   if (!actor) return
  88
  89   if (!actor.url) {
  90     actor.url = actor.id
  91   } else if (typeof actor.url !== 'string') {
  92     actor.url = actor.url.href || actor.url.url
  93   }
  94
  95   if (!isDateValid(actor.published)) actor.published = undefined
  96
  97   if (actor.summary && typeof actor.summary === 'string') {
  98     actor.summary = peertubeTruncate(actor.summary, { length: CONSTRAINTS_FIELDS.USERS.DESCRIPTION.max })
  99
 100     if (actor.summary.length < CONSTRAINTS_FIELDS.USERS.DESCRIPTION.min) {
 101       actor.summary = null
 102     }
 103   }
 104 }
 105
 106 function isValidActorHandle (handle: string) {
 107   if (!exists(handle)) return false
 108
 109   const parts = handle.split('@')
 110   if (parts.length !== 2) return false
 111
 112   return isHostValid(parts[1])
 113 }
 114
 115 function areValidActorHandles (handles: string[]) {
 116   return isArray(handles) && handles.every(h => isValidActorHandle(h))
 117 }
 118
 119 function setValidDescription (obj: any) {
 120   if (!obj.summary) obj.summary = null
 121
 122   return true
 123 }
 124
 125 // ---------------------------------------------------------------------------
 126
 127 export {
 128   normalizeActor,
 129   actorNameAlphabet,
 130   areValidActorHandles,
 131   isActorEndpointsObjectValid,
 132   isActorPublicKeyObjectValid,
 133   isActorTypeValid,
 134   isActorPublicKeyValid,
 135   isActorPreferredUsernameValid,
 136   isActorPrivateKeyValid,
 137   isActorFollowingCountValid,
 138   isActorFollowersCountValid,
 139   isActorDeleteActivityValid,
 140   sanitizeAndCheckActorObject,
 141   isValidActorHandle
 142 }