Basic video redundancy implementation

[github/Chocobozzz/PeerTube.git] / server / helpers / custom-validators / activitypub / video-comments.ts

diff --git a/server/helpers/custom-validators/activitypub/video-comments.ts b/server/helpers/custom-validators/activitypub/video-comments.ts
index 6928aced3ecc0f7d83c42657405971dc5606302c..7a9f7326d1fd473bd6024075047054de87f21c44 100644 (file)
--- a/server/helpers/custom-validators/activitypub/video-comments.ts
+++ b/server/helpers/custom-validators/activitypub/video-comments.ts
@@ -1,21 +1,28 @@
 import * as validator from 'validator'
-import { exists, isDateValid } from '../misc'
+import { ACTIVITY_PUB, CONSTRAINTS_FIELDS } from '../../../initializers'
+import { exists, isArray, isDateValid } from '../misc'
 import { isActivityPubUrlValid, isBaseActivityValid } from './misc'
-import * as sanitizeHtml from 'sanitize-html'
 
 function isVideoCommentCreateActivityValid (activity: any) {
   return isBaseActivityValid(activity, 'Create') &&
-    isVideoCommentObjectValid(activity.object)
+    sanitizeAndCheckVideoCommentObject(activity.object)
 }
 
-function isVideoCommentObjectValid (comment: any) {
-  return comment.type === 'Note' &&
-    isActivityPubUrlValid(comment.id) &&
-    sanitizeCommentHTML(comment) &&
+function sanitizeAndCheckVideoCommentObject (comment: any) {
+  if (comment.type !== 'Note') return false
+
+  normalizeComment(comment)
+
+  return isActivityPubUrlValid(comment.id) &&
     isCommentContentValid(comment.content) &&
     isActivityPubUrlValid(comment.inReplyTo) &&
     isDateValid(comment.published) &&
-    isActivityPubUrlValid(comment.url)
+    isActivityPubUrlValid(comment.url) &&
+    isArray(comment.to) &&
+    (
+      comment.to.indexOf(ACTIVITY_PUB.PUBLIC) !== -1 ||
+      comment.cc.indexOf(ACTIVITY_PUB.PUBLIC) !== -1
+    ) // Only accept public comments
 }
 
 function isVideoCommentDeleteActivityValid (activity: any) {
@@ -26,20 +33,22 @@ function isVideoCommentDeleteActivityValid (activity: any) {
 
 export {
   isVideoCommentCreateActivityValid,
-  isVideoCommentDeleteActivityValid
+  isVideoCommentDeleteActivityValid,
+  sanitizeAndCheckVideoCommentObject
 }
 
 // ---------------------------------------------------------------------------
 
-function sanitizeCommentHTML (comment: any) {
-  return sanitizeHtml(comment.content, {
-    allowedTags: [ 'b', 'i', 'em', 'span', 'a' ],
-    allowedAttributes: {
-      'a': [ 'href' ]
-    }
-  })
-}
-
 function isCommentContentValid (content: any) {
   return exists(content) && validator.isLength('' + content, { min: 1 })
 }
+
+function normalizeComment (comment: any) {
+  if (!comment) return
+
+  if (typeof comment.url !== 'string') {
+    comment.url = comment.url.href || comment.url.url
+  }
+
+  return
+}