X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;ds=sidebyside;f=server%2Fcontrollers%2Fapi%2Fvideos%2Fimport.ts;h=b54fa822c29736dfef3fccf7a49c5b95e3246566;hb=474542d7ac60f7860daf9ea34d1c31968f43ab29;hp=8cbfd3286458fa61e8fc6c054191dcad7a2e4841;hpb=ba8a8367e7fde7915ae6633445bf46ebf4a9fe94;p=github%2FChocobozzz%2FPeerTube.git

diff --git a/server/controllers/api/videos/import.ts b/server/controllers/api/videos/import.ts
index 8cbfd3286..b54fa822c 100644
--- a/server/controllers/api/videos/import.ts
+++ b/server/controllers/api/videos/import.ts
@@ -1,9 +1,11 @@
 import express from 'express'
-import { move, readFile } from 'fs-extra'
+import { move, readFile, remove } from 'fs-extra'
 import { decode } from 'magnet-uri'
 import parseTorrent, { Instance } from 'parse-torrent'
 import { join } from 'path'
+import { isVTTFileValid } from '@server/helpers/custom-validators/video-captions'
 import { isVideoFileExtnameValid } from '@server/helpers/custom-validators/videos'
+import { isResolvingToUnicastOnly } from '@server/helpers/dns'
 import { Hooks } from '@server/lib/plugins/hooks'
 import { ServerConfigManager } from '@server/lib/server-config-manager'
 import { setVideoTags } from '@server/lib/video'
@@ -195,6 +197,13 @@ async function addYoutubeDLImport (req: express.Request, res: express.Response)
     })
   }
 
+  if (!await hasUnicastURLsOnly(youtubeDLInfo)) {
+    return res.fail({
+      status: HttpStatusCode.FORBIDDEN_403,
+      message: 'Cannot use non unicast IP as targetUrl.'
+    })
+  }
+
   const video = await buildVideo(res.locals.videoChannel.id, body, youtubeDLInfo)
 
   // Process video thumbnail from request.files
@@ -432,6 +441,11 @@ async function processYoutubeSubtitles (youtubeDL: YoutubeDLWrapper, targetUrl:
     logger.info('Will create %s subtitles from youtube import %s.', subtitles.length, targetUrl)
 
     for (const subtitle of subtitles) {
+      if (!await isVTTFileValid(subtitle.path)) {
+        await remove(subtitle.path)
+        continue
+      }
+
       const videoCaption = new VideoCaptionModel({
         videoId,
         language: subtitle.language,
@@ -449,3 +463,16 @@ async function processYoutubeSubtitles (youtubeDL: YoutubeDLWrapper, targetUrl:
     logger.warn('Cannot get video subtitles.', { err })
   }
 }
+
+async function hasUnicastURLsOnly (youtubeDLInfo: YoutubeDLInfo) {
+  const hosts = youtubeDLInfo.urls.map(u => new URL(u).hostname)
+  const uniqHosts = new Set(hosts)
+
+  for (const h of uniqHosts) {
+    if (await isResolvingToUnicastOnly(h) !== true) {
+      return false
+    }
+  }
+
+  return true
+}