X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=server%2Ftests%2Fapi%2Fcheck-params%2Fvideo-imports.ts;h=da05793a016f961173a98bc0ba75b5360088c1ed;hb=c3edc5b074aa4bb1861ed0a94d3713808e87170f;hp=957556c9b6bc6d0b32ec74800829337dfe953ee3;hpb=c0e8b12e7fd554ba4d2ceb0c4900804c6a4c63ea;p=github%2FChocobozzz%2FPeerTube.git

diff --git a/server/tests/api/check-params/video-imports.ts b/server/tests/api/check-params/video-imports.ts
index 957556c9b..da05793a0 100644
--- a/server/tests/api/check-params/video-imports.ts
+++ b/server/tests/api/check-params/video-imports.ts
@@ -2,22 +2,18 @@
 
 import 'mocha'
 import { omit } from 'lodash'
-import { HttpStatusCode } from '@shared/models'
+import { checkBadCountPagination, checkBadSortPagination, checkBadStartPagination, FIXTURE_URLS } from '@server/tests/shared'
+import { buildAbsoluteFixturePath } from '@shared/core-utils'
+import { HttpStatusCode, VideoPrivacy } from '@shared/models'
 import {
-  buildAbsoluteFixturePath,
-  checkBadCountPagination,
-  checkBadSortPagination,
-  checkBadStartPagination,
   cleanupTests,
   createSingleServer,
-  FIXTURE_URLS,
   makeGetRequest,
   makePostBodyRequest,
   makeUploadRequest,
   PeerTubeServer,
   setAccessTokensToServers
-} from '@shared/extra-utils'
-import { VideoPrivacy } from '@shared/models'
+} from '@shared/server-commands'
 
 describe('Test video imports API validator', function () {
   const path = '/api/v1/videos/imports'
@@ -109,6 +105,34 @@ describe('Test video imports API validator', function () {
       await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
     })
 
+    it('Should fail with localhost', async function () {
+      const fields = { ...baseCorrectParams, targetUrl: 'http://localhost:8000' }
+
+      await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
+    })
+
+    it('Should fail with a private IP target urls', async function () {
+      const targetUrls = [
+        'http://127.0.0.1:8000',
+        'http://127.0.0.1',
+        'http://127.0.0.1/hello',
+        'https://192.168.1.42',
+        'http://192.168.1.42'
+      ]
+
+      for (const targetUrl of targetUrls) {
+        const fields = { ...baseCorrectParams, targetUrl }
+
+        await makePostBodyRequest({
+          url: server.url,
+          path,
+          token: server.accessToken,
+          fields,
+          expectedStatus: HttpStatusCode.FORBIDDEN_403
+        })
+      }
+    })
+
     it('Should fail with a long name', async function () {
       const fields = { ...baseCorrectParams, name: 'super'.repeat(65) }