X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=server%2Fhelpers%2Fcustom-validators%2Factivitypub%2Fvideo-comments.ts;h=7a9f7326d1fd473bd6024075047054de87f21c44;hb=c48e82b5e0478434de30626d14594a97f2402e7c;hp=ce1209035fa77cc9e41df0dcf03ea85250ff76bd;hpb=2890b615f31ab7d519d8be66b49ff8712df90c51;p=github%2FChocobozzz%2FPeerTube.git

diff --git a/server/helpers/custom-validators/activitypub/video-comments.ts b/server/helpers/custom-validators/activitypub/video-comments.ts
index ce1209035..7a9f7326d 100644
--- a/server/helpers/custom-validators/activitypub/video-comments.ts
+++ b/server/helpers/custom-validators/activitypub/video-comments.ts
@@ -1,19 +1,28 @@
 import * as validator from 'validator'
-import { exists, isDateValid } from '../misc'
+import { ACTIVITY_PUB, CONSTRAINTS_FIELDS } from '../../../initializers'
+import { exists, isArray, isDateValid } from '../misc'
 import { isActivityPubUrlValid, isBaseActivityValid } from './misc'
 
 function isVideoCommentCreateActivityValid (activity: any) {
   return isBaseActivityValid(activity, 'Create') &&
-    isVideoCommentObjectValid(activity.object)
+    sanitizeAndCheckVideoCommentObject(activity.object)
 }
 
-function isVideoCommentObjectValid (comment: any) {
-  return comment.type === 'Note' &&
-    isActivityPubUrlValid(comment.id) &&
+function sanitizeAndCheckVideoCommentObject (comment: any) {
+  if (comment.type !== 'Note') return false
+
+  normalizeComment(comment)
+
+  return isActivityPubUrlValid(comment.id) &&
     isCommentContentValid(comment.content) &&
     isActivityPubUrlValid(comment.inReplyTo) &&
     isDateValid(comment.published) &&
-    isActivityPubUrlValid(comment.url)
+    isActivityPubUrlValid(comment.url) &&
+    isArray(comment.to) &&
+    (
+      comment.to.indexOf(ACTIVITY_PUB.PUBLIC) !== -1 ||
+      comment.cc.indexOf(ACTIVITY_PUB.PUBLIC) !== -1
+    ) // Only accept public comments
 }
 
 function isVideoCommentDeleteActivityValid (activity: any) {
@@ -24,7 +33,8 @@ function isVideoCommentDeleteActivityValid (activity: any) {
 
 export {
   isVideoCommentCreateActivityValid,
-  isVideoCommentDeleteActivityValid
+  isVideoCommentDeleteActivityValid,
+  sanitizeAndCheckVideoCommentObject
 }
 
 // ---------------------------------------------------------------------------
@@ -32,3 +42,13 @@ export {
 function isCommentContentValid (content: any) {
   return exists(content) && validator.isLength('' + content, { min: 1 })
 }
+
+function normalizeComment (comment: any) {
+  if (!comment) return
+
+  if (typeof comment.url !== 'string') {
+    comment.url = comment.url.href || comment.url.url
+  }
+
+  return
+}