Merge branch 'develop' into pr/1285

[github/Chocobozzz/PeerTube.git] / server / lib / activitypub / video-comments.ts

diff --git a/server/lib/activitypub/video-comments.ts b/server/lib/activitypub/video-comments.ts
index ffbd3a64e606f22de754400ebde8019d1f518d64..e87301fe7d0b25250d67579de96ca5680828bd82 100644 (file)
--- a/server/lib/activitypub/video-comments.ts
+++ b/server/lib/activitypub/video-comments.ts
@@ -9,6 +9,7 @@ import { VideoCommentModel } from '../../models/video/video-comment'
 import { getOrCreateActorAndServerAndModel } from './actor'
 import { getOrCreateVideoAndAccountAndChannel } from './videos'
 import * as Bluebird from 'bluebird'
+import { checkUrlsSameHost } from '../../helpers/activitypub'
 
 async function videoCommentActivityObjectToDBAttributes (video: VideoModel, actor: ActorModel, comment: VideoCommentObject) {
   let originCommentId: number = null
@@ -27,7 +28,7 @@ async function videoCommentActivityObjectToDBAttributes (video: VideoModel, acto
   }
 
   return {
-    url: comment.url,
+    url: comment.id,
     text: comment.content,
     videoId: video.id,
     accountId: actor.Account.id,
@@ -61,7 +62,15 @@ async function addVideoComment (videoInstance: VideoModel, commentUrl: string) {
   const actorUrl = body.attributedTo
   if (!actorUrl) return { created: false }
 
-  const actor = await getOrCreateActorAndServerAndModel(actorUrl)
+  if (checkUrlsSameHost(commentUrl, actorUrl) !== true) {
+    throw new Error(`Actor url ${actorUrl} has not the same host than the comment url ${commentUrl}`)
+  }
+
+  if (checkUrlsSameHost(body.id, commentUrl) !== true) {
+    throw new Error(`Comment url ${commentUrl} host is different from the AP object id ${body.id}`)
+  }
+
+  const actor = await getOrCreateActorAndServerAndModel(actorUrl, 'all')
   const entry = await videoCommentActivityObjectToDBAttributes(videoInstance, actor, body)
   if (!entry) return { created: false }
 
@@ -71,6 +80,8 @@ async function addVideoComment (videoInstance: VideoModel, commentUrl: string) {
     },
     defaults: entry
   })
+  comment.Account = actor.Account
+  comment.Video = videoInstance
 
   return { comment, created }
 }
@@ -94,7 +105,7 @@ async function resolveThread (url: string, comments: VideoCommentModel[] = []) {
   try {
     // Maybe it's a reply to a video?
     // If yes, it's done: we resolved all the thread
-    const { video } = await getOrCreateVideoAndAccountAndChannel(url)
+    const { video } = await getOrCreateVideoAndAccountAndChannel({ videoObject: url })
 
     if (comments.length !== 0) {
       const firstReply = comments[ comments.length - 1 ]
@@ -134,9 +145,17 @@ async function resolveThread (url: string, comments: VideoCommentModel[] = []) {
     const actorUrl = body.attributedTo
     if (!actorUrl) throw new Error('Miss attributed to in comment')
 
+    if (checkUrlsSameHost(url, actorUrl) !== true) {
+      throw new Error(`Actor url ${actorUrl} has not the same host than the comment url ${url}`)
+    }
+
+    if (checkUrlsSameHost(body.id, url) !== true) {
+      throw new Error(`Comment url ${url} host is different from the AP object id ${body.id}`)
+    }
+
     const actor = await getOrCreateActorAndServerAndModel(actorUrl)
     const comment = new VideoCommentModel({
-      url: body.url,
+      url: body.id,
       text: body.content,
       videoId: null,
       accountId: actor.Account.id,