-import * as express from 'express'
+import express from 'express'
import { readFile } from 'fs-extra'
import { join } from 'path'
import validator from 'validator'
+import { toCompleteUUID } from '@server/helpers/custom-validators/misc'
import { escapeHTML } from '@shared/core-utils/renderer'
+import { sha256 } from '@shared/extra-utils'
import { HTMLServerConfig } from '@shared/models'
import { buildFileLocale, getDefaultLocale, is18nLocale, POSSIBLE_LOCALES } from '../../shared/core-utils/i18n/i18n'
-import { HttpStatusCode } from '../../shared/core-utils/miscs/http-error-codes'
+import { HttpStatusCode } from '../../shared/models/http/http-error-codes'
import { VideoPlaylistPrivacy, VideoPrivacy } from '../../shared/models/videos'
-import { isTestInstance, sha256 } from '../helpers/core-utils'
+import { isTestInstance } from '../helpers/core-utils'
import { logger } from '../helpers/logger'
import { mdToPlainText } from '../helpers/markdown'
import { CONFIG } from '../initializers/config'
WEBSERVER
} from '../initializers/constants'
import { AccountModel } from '../models/account/account'
+import { getActivityStreamDuration } from '../models/video/formatter/video-format-utils'
import { VideoModel } from '../models/video/video'
import { VideoChannelModel } from '../models/video/video-channel'
-import { getActivityStreamDuration } from '../models/video/video-format-utils'
import { VideoPlaylistModel } from '../models/video/video-playlist'
import { MAccountActor, MChannelActor } from '../types/models'
import { ServerConfigManager } from './server-config-manager'
numberOfItems: number
}
- siteName: string
- title: string
+ escapedSiteName: string
+ escapedTitle: string
+ escapedDescription: string
+
url: string
originUrl: string
- description: string
+
+ disallowIndexation?: boolean
embed?: {
url: string
return customHtml
}
- static async getWatchHTMLPage (videoId: string, req: express.Request, res: express.Response) {
+ static async getWatchHTMLPage (videoIdArg: string, req: express.Request, res: express.Response) {
+ const videoId = toCompleteUUID(videoIdArg)
+
// Let Angular application handle errors
if (!validator.isInt(videoId) && !validator.isUUID(videoId, 4)) {
res.status(HttpStatusCode.NOT_FOUND_404)
res.status(HttpStatusCode.NOT_FOUND_404)
return html
}
+ const description = mdToPlainText(video.description)
- let customHtml = ClientHtml.addTitleTag(html, escapeHTML(video.name))
- customHtml = ClientHtml.addDescriptionTag(customHtml, mdToPlainText(video.description))
+ let customHtml = ClientHtml.addTitleTag(html, video.name)
+ customHtml = ClientHtml.addDescriptionTag(customHtml, description)
const url = WEBSERVER.URL + video.getWatchStaticPath()
const originUrl = video.url
- const title = escapeHTML(video.name)
- const siteName = escapeHTML(CONFIG.INSTANCE.NAME)
- const description = mdToPlainText(video.description)
+ const title = video.name
+ const siteName = CONFIG.INSTANCE.NAME
const image = {
url: WEBSERVER.URL + video.getPreviewStaticPath()
customHtml = ClientHtml.addTags(customHtml, {
url,
originUrl,
- siteName,
- title,
- description,
+ escapedSiteName: escapeHTML(siteName),
+ escapedTitle: escapeHTML(title),
+ escapedDescription: escapeHTML(description),
image,
embed,
ogType,
return customHtml
}
- static async getWatchPlaylistHTMLPage (videoPlaylistId: string, req: express.Request, res: express.Response) {
+ static async getWatchPlaylistHTMLPage (videoPlaylistIdArg: string, req: express.Request, res: express.Response) {
+ const videoPlaylistId = toCompleteUUID(videoPlaylistIdArg)
+
// Let Angular application handle errors
if (!validator.isInt(videoPlaylistId) && !validator.isUUID(videoPlaylistId, 4)) {
res.status(HttpStatusCode.NOT_FOUND_404)
return html
}
- let customHtml = ClientHtml.addTitleTag(html, escapeHTML(videoPlaylist.name))
- customHtml = ClientHtml.addDescriptionTag(customHtml, mdToPlainText(videoPlaylist.description))
+ const description = mdToPlainText(videoPlaylist.description)
+
+ let customHtml = ClientHtml.addTitleTag(html, videoPlaylist.name)
+ customHtml = ClientHtml.addDescriptionTag(customHtml, description)
- const url = videoPlaylist.getWatchUrl()
+ const url = WEBSERVER.URL + videoPlaylist.getWatchStaticPath()
const originUrl = videoPlaylist.url
- const title = escapeHTML(videoPlaylist.name)
- const siteName = escapeHTML(CONFIG.INSTANCE.NAME)
- const description = mdToPlainText(videoPlaylist.description)
+ const title = videoPlaylist.name
+ const siteName = CONFIG.INSTANCE.NAME
const image = {
url: videoPlaylist.getThumbnailUrl()
customHtml = ClientHtml.addTags(customHtml, {
url,
originUrl,
- siteName,
+ escapedSiteName: escapeHTML(siteName),
+ escapedTitle: escapeHTML(title),
+ escapedDescription: escapeHTML(description),
embed,
- title,
- description,
image,
list,
ogType,
return ClientHtml.getIndexHTML(req, res)
}
- let customHtml = ClientHtml.addTitleTag(html, escapeHTML(entity.getDisplayName()))
- customHtml = ClientHtml.addDescriptionTag(customHtml, mdToPlainText(entity.description))
+ const description = mdToPlainText(entity.description)
+
+ let customHtml = ClientHtml.addTitleTag(html, entity.getDisplayName())
+ customHtml = ClientHtml.addDescriptionTag(customHtml, description)
const url = entity.getLocalUrl()
const originUrl = entity.Actor.url
- const siteName = escapeHTML(CONFIG.INSTANCE.NAME)
- const title = escapeHTML(entity.getDisplayName())
- const description = mdToPlainText(entity.description)
+ const siteName = CONFIG.INSTANCE.NAME
+ const title = entity.getDisplayName()
const image = {
url: entity.Actor.getAvatarUrl(),
customHtml = ClientHtml.addTags(customHtml, {
url,
originUrl,
- title,
- siteName,
- description,
+ escapedTitle: escapeHTML(title),
+ escapedSiteName: escapeHTML(siteName),
+ escapedDescription: escapeHTML(description),
image,
ogType,
twitterCard,
- schemaType
+ schemaType,
+ disallowIndexation: !entity.Actor.isOwned()
})
return customHtml
let html = buffer.toString()
- if (paramLang) html = ClientHtml.addHtmlLang(html, paramLang)
html = ClientHtml.addManifestContentHash(html)
html = ClientHtml.addFaviconContentHash(html)
html = ClientHtml.addLogoContentHash(html)
lang = req.acceptsLanguages(POSSIBLE_LOCALES) || getDefaultLocale()
}
+ logger.debug(
+ 'Serving %s HTML language', buildFileLocale(lang),
+ { cookie: req.cookies?.clientLanguage, paramLang, acceptLanguage: req.headers['accept-language'] }
+ )
+
return join(__dirname, '../../../client/dist/' + buildFileLocale(lang) + '/index.html')
}
return join(__dirname, '../../../client/dist/standalone/videos/embed.html')
}
- private static addHtmlLang (htmlStringPage: string, paramLang: string) {
- return htmlStringPage.replace('<html>', `<html lang="${paramLang}">`)
- }
-
private static addManifestContentHash (htmlStringPage: string) {
return htmlStringPage.replace('[manifestContentHash]', FILES_CONTENT_HASH.MANIFEST)
}
let text = title || CONFIG.INSTANCE.NAME
if (title) text += ` - ${CONFIG.INSTANCE.NAME}`
- const titleTag = `<title>${text}</title>`
+ const titleTag = `<title>${escapeHTML(text)}</title>`
return htmlStringPage.replace(CUSTOM_HTML_TAG_COMMENTS.TITLE, titleTag)
}
private static addDescriptionTag (htmlStringPage: string, description?: string) {
const content = description || CONFIG.INSTANCE.SHORT_DESCRIPTION
- const descriptionTag = `<meta name="description" content="${content}" />`
+ const descriptionTag = `<meta name="description" content="${escapeHTML(content)}" />`
return htmlStringPage.replace(CUSTOM_HTML_TAG_COMMENTS.DESCRIPTION, descriptionTag)
}
}
private static addServerConfig (htmlStringPage: string, serverConfig: HTMLServerConfig) {
- const serverConfigString = JSON.stringify(serverConfig)
- const configScriptTag = `<script type="application/javascript">window.PeerTubeServerConfig = '${serverConfigString}'</script>`
+ // Stringify the JSON object, and then stringify the string object so we can inject it into the HTML
+ const serverConfigString = JSON.stringify(JSON.stringify(serverConfig))
+ const configScriptTag = `<script type="application/javascript">window.PeerTubeServerConfig = ${serverConfigString}</script>`
return htmlStringPage.replace(CUSTOM_HTML_TAG_COMMENTS.SERVER_CONFIG, configScriptTag)
}
private static generateOpenGraphMetaTags (tags: Tags) {
const metaTags = {
'og:type': tags.ogType,
- 'og:site_name': tags.siteName,
- 'og:title': tags.title,
+ 'og:site_name': tags.escapedSiteName,
+ 'og:title': tags.escapedTitle,
'og:image': tags.image.url
}
}
metaTags['og:url'] = tags.url
- metaTags['og:description'] = mdToPlainText(tags.description)
+ metaTags['og:description'] = tags.escapedDescription
if (tags.embed) {
metaTags['og:video:url'] = tags.embed.url
private static generateStandardMetaTags (tags: Tags) {
return {
- name: tags.title,
- description: mdToPlainText(tags.description),
+ name: tags.escapedTitle,
+ description: tags.escapedDescription,
image: tags.image.url
}
}
const metaTags = {
'twitter:card': tags.twitterCard,
'twitter:site': CONFIG.SERVICES.TWITTER.USERNAME,
- 'twitter:title': tags.title,
- 'twitter:description': tags.description,
+ 'twitter:title': tags.escapedTitle,
+ 'twitter:description': tags.escapedDescription,
'twitter:image': tags.image.url
}
const schema = {
'@context': 'http://schema.org',
'@type': tags.schemaType,
- 'name': tags.title,
- 'description': tags.description,
+ 'name': tags.escapedTitle,
+ 'description': tags.escapedDescription,
'image': tags.image.url,
'url': tags.url
}
const twitterCardMetaTags = this.generateTwitterCardMetaTags(tagsValues)
const schemaTags = this.generateSchemaTags(tagsValues)
- const { url, title, embed, originUrl } = tagsValues
+ const { url, escapedTitle, embed, originUrl, disallowIndexation } = tagsValues
- const oembedLinkTags: { type: string, href: string, title: string }[] = []
+ const oembedLinkTags: { type: string, href: string, escapedTitle: string }[] = []
if (embed) {
oembedLinkTags.push({
type: 'application/json+oembed',
href: WEBSERVER.URL + '/services/oembed?url=' + encodeURIComponent(url),
- title
+ escapedTitle
})
}
- let tagsString = ''
+ let tagsStr = ''
// Opengraph
Object.keys(openGraphMetaTags).forEach(tagName => {
const tagValue = openGraphMetaTags[tagName]
- tagsString += `<meta property="${tagName}" content="${tagValue}" />`
+ tagsStr += `<meta property="${tagName}" content="${tagValue}" />`
})
// Standard
Object.keys(standardMetaTags).forEach(tagName => {
const tagValue = standardMetaTags[tagName]
- tagsString += `<meta property="${tagName}" content="${tagValue}" />`
+ tagsStr += `<meta property="${tagName}" content="${tagValue}" />`
})
// Twitter card
Object.keys(twitterCardMetaTags).forEach(tagName => {
const tagValue = twitterCardMetaTags[tagName]
- tagsString += `<meta property="${tagName}" content="${tagValue}" />`
+ tagsStr += `<meta property="${tagName}" content="${tagValue}" />`
})
// OEmbed
for (const oembedLinkTag of oembedLinkTags) {
- tagsString += `<link rel="alternate" type="${oembedLinkTag.type}" href="${oembedLinkTag.href}" title="${oembedLinkTag.title}" />`
+ tagsStr += `<link rel="alternate" type="${oembedLinkTag.type}" href="${oembedLinkTag.href}" title="${oembedLinkTag.escapedTitle}" />`
}
// Schema.org
if (schemaTags) {
- tagsString += `<script type="application/ld+json">${JSON.stringify(schemaTags)}</script>`
+ tagsStr += `<script type="application/ld+json">${JSON.stringify(schemaTags)}</script>`
}
// SEO, use origin URL
- tagsString += `<link rel="canonical" href="${originUrl}" />`
+ tagsStr += `<link rel="canonical" href="${originUrl}" />`
+
+ if (disallowIndexation) {
+ tagsStr += `<meta name="robots" content="noindex" />`
+ }
- return htmlStringPage.replace(CUSTOM_HTML_TAG_COMMENTS.META_TAGS, tagsString)
+ return htmlStringPage.replace(CUSTOM_HTML_TAG_COMMENTS.META_TAGS, tagsStr)
}
}
-function sendHTML (html: string, res: express.Response) {
+function sendHTML (html: string, res: express.Response, localizedHTML: boolean = false) {
res.set('Content-Type', 'text/html; charset=UTF-8')
+ if (localizedHTML) {
+ res.set('Vary', 'Accept-Language')
+ }
+
return res.send(html)
}
async function serveIndexHTML (req: express.Request, res: express.Response) {
- if (req.accepts(ACCEPT_HEADERS) === 'html' ||
- !req.headers.accept) {
+ if (req.accepts(ACCEPT_HEADERS) === 'html' || !req.headers.accept) {
try {
await generateHTMLPage(req, res, req.params.language)
return
} catch (err) {
logger.error('Cannot generate HTML page.', err)
- return res.sendStatus(HttpStatusCode.INTERNAL_SERVER_ERROR_500)
+ return res.status(HttpStatusCode.INTERNAL_SERVER_ERROR_500).end()
}
}
- return res.sendStatus(HttpStatusCode.NOT_ACCEPTABLE_406)
+ return res.status(HttpStatusCode.NOT_ACCEPTABLE_406).end()
}
// ---------------------------------------------------------------------------
async function generateHTMLPage (req: express.Request, res: express.Response, paramLang?: string) {
const html = await ClientHtml.getDefaultHTMLPage(req, res, paramLang)
- return sendHTML(html, res)
+ return sendHTML(html, res, true)
}
projects / github / Chocobozzz / PeerTube.git / blobdiff