]> git.immae.eu Git - github/Chocobozzz/PeerTube.git/blobdiff - server/helpers/custom-validators/activitypub/actor.ts
projects / github / Chocobozzz / PeerTube.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fix remote actor creation date
[github/Chocobozzz/PeerTube.git] / server / helpers / custom-validators / activitypub / actor.ts
diff --git a/server/helpers/custom-validators/activitypub/actor.ts b/server/helpers/custom-validators/activitypub/actor.ts
index 8820bb2a453e326aebabdb9d09f5647f9be82eb2..675a7b66324e2d40781dde86faaf126768b76cf2 100644 (file)
--- a/server/helpers/custom-validators/activitypub/actor.ts
+++ b/server/helpers/custom-validators/activitypub/actor.ts
@@ -1,12 +1,17 @@
-import * as validator from 'validator'
-import { CONSTRAINTS_FIELDS } from '../../../initializers'
-import { isAccountNameValid } from '../accounts'
-import { exists } from '../misc'
-import { isVideoChannelNameValid } from '../video-channels'
+import validator from 'validator'
+import { CONSTRAINTS_FIELDS } from '../../../initializers/constants'
+import { exists, isArray, isDateValid } from '../misc'
 import { isActivityPubUrlValid, isBaseActivityValid, setValidAttributedTo } from './misc'
+import { isHostValid } from '../servers'
+import { peertubeTruncate } from '@server/helpers/core-utils'
 
 function isActorEndpointsObjectValid (endpointObject: any) {
-  return isActivityPubUrlValid(endpointObject.sharedInbox)
+  if (endpointObject?.sharedInbox) {
+    return isActivityPubUrlValid(endpointObject.sharedInbox)
+  }
+
+  // Shared inbox is optional
+  return true
 }
 
 function isActorPublicKeyObjectValid (publicKeyObject: any) {
@@ -16,93 +21,121 @@ function isActorPublicKeyObjectValid (publicKeyObject: any) {
 }
 
 function isActorTypeValid (type: string) {
-  return type === 'Person' || type === 'Application' || type === 'Group'
+  return type === 'Person' || type === 'Application' || type === 'Group' || type === 'Service' || type === 'Organization'
 }
 
 function isActorPublicKeyValid (publicKey: string) {
   return exists(publicKey) &&
     typeof publicKey === 'string' &&
     publicKey.startsWith('-----BEGIN PUBLIC KEY-----') &&
-    publicKey.indexOf('-----END PUBLIC KEY-----') !== -1 &&
+    publicKey.includes('-----END PUBLIC KEY-----') &&
     validator.isLength(publicKey, CONSTRAINTS_FIELDS.ACTORS.PUBLIC_KEY)
 }
 
-const actorNameRegExp = new RegExp('[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_]+')
+const actorNameAlphabet = '[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789\\-_.:]'
+const actorNameRegExp = new RegExp(`^${actorNameAlphabet}+$`)
 function isActorPreferredUsernameValid (preferredUsername: string) {
   return exists(preferredUsername) && validator.matches(preferredUsername, actorNameRegExp)
 }
 
-function isActorNameValid (name: string) {
-  return isAccountNameValid(name) || isVideoChannelNameValid(name)
-}
-
 function isActorPrivateKeyValid (privateKey: string) {
   return exists(privateKey) &&
     typeof privateKey === 'string' &&
     privateKey.startsWith('-----BEGIN RSA PRIVATE KEY-----') &&
     // Sometimes there is a \n at the end, so just assert the string contains the end mark
-    privateKey.indexOf('-----END RSA PRIVATE KEY-----') !== -1 &&
+    privateKey.includes('-----END RSA PRIVATE KEY-----') &&
     validator.isLength(privateKey, CONSTRAINTS_FIELDS.ACTORS.PRIVATE_KEY)
 }
 
-function isActorObjectValid (actor: any) {
+function isActorFollowingCountValid (value: string) {
+  return exists(value) && validator.isInt('' + value, { min: 0 })
+}
+
+function isActorFollowersCountValid (value: string) {
+  return exists(value) && validator.isInt('' + value, { min: 0 })
+}
+
+function isActorDeleteActivityValid (activity: any) {
+  return isBaseActivityValid(activity, 'Delete')
+}
+
+function sanitizeAndCheckActorObject (actor: any) {
+  normalizeActor(actor)
+
   return exists(actor) &&
     isActivityPubUrlValid(actor.id) &&
     isActorTypeValid(actor.type) &&
-    isActivityPubUrlValid(actor.following) &&
-    isActivityPubUrlValid(actor.followers) &&
     isActivityPubUrlValid(actor.inbox) &&
-    isActivityPubUrlValid(actor.outbox) &&
     isActorPreferredUsernameValid(actor.preferredUsername) &&
     isActivityPubUrlValid(actor.url) &&
     isActorPublicKeyObjectValid(actor.publicKey) &&
     isActorEndpointsObjectValid(actor.endpoints) &&
+
+    (!actor.outbox || isActivityPubUrlValid(actor.outbox)) &&
+    (!actor.following || isActivityPubUrlValid(actor.following)) &&
+    (!actor.followers || isActivityPubUrlValid(actor.followers)) &&
+
     setValidAttributedTo(actor) &&
-    // If this is not an account, it should be attributed to an account
+    setValidDescription(actor) &&
+    // If this is a group (a channel), it should be attributed to an account
     // In PeerTube we use this to attach a video channel to a specific account
-    (actor.type === 'Person' || actor.attributedTo.length !== 0)
+    (actor.type !== 'Group' || actor.attributedTo.length !== 0)
 }
 
-function isActorFollowingCountValid (value: string) {
-  return exists(value) && validator.isInt('' + value, { min: 0 })
-}
+function normalizeActor (actor: any) {
+  if (!actor) return
 
-function isActorFollowersCountValid (value: string) {
-  return exists(value) && validator.isInt('' + value, { min: 0 })
-}
+  if (!actor.url) {
+    actor.url = actor.id
+  } else if (typeof actor.url !== 'string') {
+    actor.url = actor.url.href || actor.url.url
+  }
 
-function isActorDeleteActivityValid (activity: any) {
-  return isBaseActivityValid(activity, 'Delete')
+  if (!isDateValid(actor.published)) actor.published = undefined
+
+  if (actor.summary && typeof actor.summary === 'string') {
+    actor.summary = peertubeTruncate(actor.summary, { length: CONSTRAINTS_FIELDS.USERS.DESCRIPTION.max })
+
+    if (actor.summary.length < CONSTRAINTS_FIELDS.USERS.DESCRIPTION.min) {
+      actor.summary = null
+    }
+  }
 }
 
-function isActorFollowActivityValid (activity: any) {
-  return isBaseActivityValid(activity, 'Follow') &&
-    isActivityPubUrlValid(activity.object)
+function isValidActorHandle (handle: string) {
+  if (!exists(handle)) return false
+
+  const parts = handle.split('@')
+  if (parts.length !== 2) return false
+
+  return isHostValid(parts[1])
 }
 
-function isActorAcceptActivityValid (activity: any) {
-  return isBaseActivityValid(activity, 'Accept')
+function areValidActorHandles (handles: string[]) {
+  return isArray(handles) && handles.every(h => isValidActorHandle(h))
 }
 
-function isActorUpdateActivityValid (activity: any) {
-  return isBaseActivityValid(activity, 'Update') &&
-    isActorObjectValid(activity.object)
+function setValidDescription (obj: any) {
+  if (!obj.summary) obj.summary = null
+
+  return true
 }
 
 // ---------------------------------------------------------------------------
 
 export {
+  normalizeActor,
+  actorNameAlphabet,
+  areValidActorHandles,
   isActorEndpointsObjectValid,
   isActorPublicKeyObjectValid,
   isActorTypeValid,
   isActorPublicKeyValid,
   isActorPreferredUsernameValid,
   isActorPrivateKeyValid,
-  isActorObjectValid,
   isActorFollowingCountValid,
   isActorFollowersCountValid,
-  isActorFollowActivityValid,
-  isActorAcceptActivityValid,
   isActorDeleteActivityValid,
-  isActorUpdateActivityValid
+  sanitizeAndCheckActorObject,
+  isValidActorHandle
 }
ActivityPub-federated video streaming platform using P2P directly in your web browser