X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=server%2Flib%2Factivitypub%2Fvideo-comments.ts;h=e87301fe7d0b25250d67579de96ca5680828bd82;hb=b718fd22374d64534bcfe69932cf562894abed6a;hp=ffbd3a64e606f22de754400ebde8019d1f518d64;hpb=83e6519ba4ee752dc3148a16c69effbfccb13e6b;p=github%2FChocobozzz%2FPeerTube.git

diff --git a/server/lib/activitypub/video-comments.ts b/server/lib/activitypub/video-comments.ts
index ffbd3a64e..e87301fe7 100644
--- a/server/lib/activitypub/video-comments.ts
+++ b/server/lib/activitypub/video-comments.ts
@@ -9,6 +9,7 @@ import { VideoCommentModel } from '../../models/video/video-comment'
 import { getOrCreateActorAndServerAndModel } from './actor'
 import { getOrCreateVideoAndAccountAndChannel } from './videos'
 import * as Bluebird from 'bluebird'
+import { checkUrlsSameHost } from '../../helpers/activitypub'
 
 async function videoCommentActivityObjectToDBAttributes (video: VideoModel, actor: ActorModel, comment: VideoCommentObject) {
   let originCommentId: number = null
@@ -27,7 +28,7 @@ async function videoCommentActivityObjectToDBAttributes (video: VideoModel, acto
   }
 
   return {
-    url: comment.url,
+    url: comment.id,
     text: comment.content,
     videoId: video.id,
     accountId: actor.Account.id,
@@ -61,7 +62,15 @@ async function addVideoComment (videoInstance: VideoModel, commentUrl: string) {
   const actorUrl = body.attributedTo
   if (!actorUrl) return { created: false }
 
-  const actor = await getOrCreateActorAndServerAndModel(actorUrl)
+  if (checkUrlsSameHost(commentUrl, actorUrl) !== true) {
+    throw new Error(`Actor url ${actorUrl} has not the same host than the comment url ${commentUrl}`)
+  }
+
+  if (checkUrlsSameHost(body.id, commentUrl) !== true) {
+    throw new Error(`Comment url ${commentUrl} host is different from the AP object id ${body.id}`)
+  }
+
+  const actor = await getOrCreateActorAndServerAndModel(actorUrl, 'all')
   const entry = await videoCommentActivityObjectToDBAttributes(videoInstance, actor, body)
   if (!entry) return { created: false }
 
@@ -71,6 +80,8 @@ async function addVideoComment (videoInstance: VideoModel, commentUrl: string) {
     },
     defaults: entry
   })
+  comment.Account = actor.Account
+  comment.Video = videoInstance
 
   return { comment, created }
 }
@@ -94,7 +105,7 @@ async function resolveThread (url: string, comments: VideoCommentModel[] = []) {
   try {
     // Maybe it's a reply to a video?
     // If yes, it's done: we resolved all the thread
-    const { video } = await getOrCreateVideoAndAccountAndChannel(url)
+    const { video } = await getOrCreateVideoAndAccountAndChannel({ videoObject: url })
 
     if (comments.length !== 0) {
       const firstReply = comments[ comments.length - 1 ]
@@ -134,9 +145,17 @@ async function resolveThread (url: string, comments: VideoCommentModel[] = []) {
     const actorUrl = body.attributedTo
     if (!actorUrl) throw new Error('Miss attributed to in comment')
 
+    if (checkUrlsSameHost(url, actorUrl) !== true) {
+      throw new Error(`Actor url ${actorUrl} has not the same host than the comment url ${url}`)
+    }
+
+    if (checkUrlsSameHost(body.id, url) !== true) {
+      throw new Error(`Comment url ${url} host is different from the AP object id ${body.id}`)
+    }
+
     const actor = await getOrCreateActorAndServerAndModel(actorUrl)
     const comment = new VideoCommentModel({
-      url: body.url,
+      url: body.id,
       text: body.content,
       videoId: null,
       accountId: actor.Account.id,