Refactor user build and express file middlewares

[github/Chocobozzz/PeerTube.git] / server / controllers / api / videos / import.ts

diff --git a/server/controllers/api/videos/import.ts b/server/controllers/api/videos/import.ts
index 8cbfd3286458fa61e8fc6c054191dcad7a2e4841..44283e26674e4525127013127b37dcd8cf6c1734 100644 (file)
--- a/server/controllers/api/videos/import.ts
+++ b/server/controllers/api/videos/import.ts
@@ -1,9 +1,11 @@
 import express from 'express'
-import { move, readFile } from 'fs-extra'
+import { move, readFile, remove } from 'fs-extra'
 import { decode } from 'magnet-uri'
 import parseTorrent, { Instance } from 'parse-torrent'
 import { join } from 'path'
+import { isVTTFileValid } from '@server/helpers/custom-validators/video-captions'
 import { isVideoFileExtnameValid } from '@server/helpers/custom-validators/videos'
+import { isResolvingToUnicastOnly } from '@server/helpers/dns'
 import { Hooks } from '@server/lib/plugins/hooks'
 import { ServerConfigManager } from '@server/lib/server-config-manager'
 import { setVideoTags } from '@server/lib/video'
@@ -59,12 +61,7 @@ const videoImportsRouter = express.Router()
 
 const reqVideoFileImport = createReqFiles(
   [ 'thumbnailfile', 'previewfile', 'torrentfile' ],
-  Object.assign({}, MIMETYPES.TORRENT.MIMETYPE_EXT, MIMETYPES.IMAGE.MIMETYPE_EXT),
-  {
-    thumbnailfile: CONFIG.STORAGE.TMP_DIR,
-    previewfile: CONFIG.STORAGE.TMP_DIR,
-    torrentfile: CONFIG.STORAGE.TMP_DIR
-  }
+  { ...MIMETYPES.TORRENT.MIMETYPE_EXT, ...MIMETYPES.IMAGE.MIMETYPE_EXT }
 )
 
 videoImportsRouter.post('/imports',
@@ -195,6 +192,13 @@ async function addYoutubeDLImport (req: express.Request, res: express.Response)
     })
   }
 
+  if (!await hasUnicastURLsOnly(youtubeDLInfo)) {
+    return res.fail({
+      status: HttpStatusCode.FORBIDDEN_403,
+      message: 'Cannot use non unicast IP as targetUrl.'
+    })
+  }
+
   const video = await buildVideo(res.locals.videoChannel.id, body, youtubeDLInfo)
 
   // Process video thumbnail from request.files
@@ -432,6 +436,11 @@ async function processYoutubeSubtitles (youtubeDL: YoutubeDLWrapper, targetUrl:
     logger.info('Will create %s subtitles from youtube import %s.', subtitles.length, targetUrl)
 
     for (const subtitle of subtitles) {
+      if (!await isVTTFileValid(subtitle.path)) {
+        await remove(subtitle.path)
+        continue
+      }
+
       const videoCaption = new VideoCaptionModel({
         videoId,
         language: subtitle.language,
@@ -449,3 +458,16 @@ async function processYoutubeSubtitles (youtubeDL: YoutubeDLWrapper, targetUrl:
     logger.warn('Cannot get video subtitles.', { err })
   }
 }
+
+async function hasUnicastURLsOnly (youtubeDLInfo: YoutubeDLInfo) {
+  const hosts = youtubeDLInfo.urls.map(u => new URL(u).hostname)
+  const uniqHosts = new Set(hosts)
+
+  for (const h of uniqHosts) {
+    if (await isResolvingToUnicastOnly(h) !== true) {
+      return false
+    }
+  }
+
+  return true
+}