X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=server%2Flib%2Factivitypub%2Fvideo-comments.ts;h=c3fc6b4621926179d24621a38e8138ab1811051b;hb=b91bc1d1f3591c35ab4426f6ab594b4bd9f1ef62;hp=c8c17f4c41cfb88ae056d8b58b39d9ddf572f68d;hpb=8578e3b5e630f0cfe1dfbf13a7be1e6b89554077;p=github%2FChocobozzz%2FPeerTube.git diff --git a/server/lib/activitypub/video-comments.ts b/server/lib/activitypub/video-comments.ts index c8c17f4c4..c3fc6b462 100644 --- a/server/lib/activitypub/video-comments.ts +++ b/server/lib/activitypub/video-comments.ts @@ -2,13 +2,14 @@ import { VideoCommentObject } from '../../../shared/models/activitypub/objects/v import { sanitizeAndCheckVideoCommentObject } from '../../helpers/custom-validators/activitypub/video-comments' import { logger } from '../../helpers/logger' import { doRequest } from '../../helpers/requests' -import { ACTIVITY_PUB, CRAWL_REQUEST_CONCURRENCY } from '../../initializers' +import { ACTIVITY_PUB, CRAWL_REQUEST_CONCURRENCY } from '../../initializers/constants' import { ActorModel } from '../../models/activitypub/actor' import { VideoModel } from '../../models/video/video' import { VideoCommentModel } from '../../models/video/video-comment' import { getOrCreateActorAndServerAndModel } from './actor' import { getOrCreateVideoAndAccountAndChannel } from './videos' import * as Bluebird from 'bluebird' +import { checkUrlsSameHost } from '../../helpers/activitypub' async function videoCommentActivityObjectToDBAttributes (video: VideoModel, actor: ActorModel, comment: VideoCommentObject) { let originCommentId: number = null @@ -33,8 +34,7 @@ async function videoCommentActivityObjectToDBAttributes (video: VideoModel, acto accountId: actor.Account.id, inReplyToCommentId, originCommentId, - createdAt: new Date(comment.published), - updatedAt: new Date(comment.updated) + createdAt: new Date(comment.published) } } @@ -61,21 +61,27 @@ async function addVideoComment (videoInstance: VideoModel, commentUrl: string) { const actorUrl = body.attributedTo if (!actorUrl) return { created: false } - const actor = await getOrCreateActorAndServerAndModel(actorUrl) + if (checkUrlsSameHost(commentUrl, actorUrl) !== true) { + throw new Error(`Actor url ${actorUrl} has not the same host than the comment url ${commentUrl}`) + } + + if (checkUrlsSameHost(body.id, commentUrl) !== true) { + throw new Error(`Comment url ${commentUrl} host is different from the AP object id ${body.id}`) + } + + const actor = await getOrCreateActorAndServerAndModel(actorUrl, 'all') const entry = await videoCommentActivityObjectToDBAttributes(videoInstance, actor, body) if (!entry) return { created: false } - const [ comment, created ] = await VideoCommentModel.findOrCreate({ - where: { - url: body.id - }, - defaults: entry - }) + const [ comment, created ] = await VideoCommentModel.upsert(entry, { returning: true }) + comment.Account = actor.Account + comment.Video = videoInstance return { comment, created } } -async function resolveThread (url: string, comments: VideoCommentModel[] = []) { +type ResolveThreadResult = Promise<{ video: VideoModel, parents: VideoCommentModel[] }> +async function resolveThread (url: string, comments: VideoCommentModel[] = []): ResolveThreadResult { // Already have this comment? const commentFromDatabase = await VideoCommentModel.loadByUrlAndPopulateReplyAndVideo(url) if (commentFromDatabase) { @@ -134,6 +140,14 @@ async function resolveThread (url: string, comments: VideoCommentModel[] = []) { const actorUrl = body.attributedTo if (!actorUrl) throw new Error('Miss attributed to in comment') + if (checkUrlsSameHost(url, actorUrl) !== true) { + throw new Error(`Actor url ${actorUrl} has not the same host than the comment url ${url}`) + } + + if (checkUrlsSameHost(body.id, url) !== true) { + throw new Error(`Comment url ${url} host is different from the AP object id ${body.id}`) + } + const actor = await getOrCreateActorAndServerAndModel(actorUrl) const comment = new VideoCommentModel({ url: body.id, @@ -148,7 +162,6 @@ async function resolveThread (url: string, comments: VideoCommentModel[] = []) { return resolveThread(body.inReplyTo, comments.concat([ comment ])) } - } export {