diff options
author | Chocobozzz <me@florianbigard.com> | 2018-05-09 16:16:22 +0200 |
---|---|---|
committer | Chocobozzz <me@florianbigard.com> | 2018-05-11 08:48:20 +0200 |
commit | 1d6e5dfc376f3c0c2120055cc093161e76419f98 (patch) | |
tree | b5333449166fdd0892704f8b9c1e976614857543 | |
parent | a077482fb7eece925c44cb31796b40e8e7b1f249 (diff) | |
download | PeerTube-1d6e5dfc376f3c0c2120055cc093161e76419f98.tar.gz PeerTube-1d6e5dfc376f3c0c2120055cc093161e76419f98.tar.zst PeerTube-1d6e5dfc376f3c0c2120055cc093161e76419f98.zip |
Improve video torrent AP object validator
4 files changed, 19 insertions, 20 deletions
diff --git a/server/helpers/custom-validators/activitypub/activity.ts b/server/helpers/custom-validators/activitypub/activity.ts index 7e4dccefb..cabedaf20 100644 --- a/server/helpers/custom-validators/activitypub/activity.ts +++ b/server/helpers/custom-validators/activitypub/activity.ts | |||
@@ -11,9 +11,9 @@ import { isUndoActivityValid } from './undo' | |||
11 | import { isVideoCommentCreateActivityValid, isVideoCommentDeleteActivityValid } from './video-comments' | 11 | import { isVideoCommentCreateActivityValid, isVideoCommentDeleteActivityValid } from './video-comments' |
12 | import { | 12 | import { |
13 | isVideoFlagValid, | 13 | isVideoFlagValid, |
14 | isVideoTorrentCreateActivityValid, | 14 | sanitizeAndCheckVideoTorrentCreateActivity, |
15 | isVideoTorrentDeleteActivityValid, | 15 | isVideoTorrentDeleteActivityValid, |
16 | isVideoTorrentUpdateActivityValid | 16 | sanitizeAndCheckVideoTorrentUpdateActivity |
17 | } from './videos' | 17 | } from './videos' |
18 | import { isViewActivityValid } from './view' | 18 | import { isViewActivityValid } from './view' |
19 | 19 | ||
@@ -62,13 +62,13 @@ export { | |||
62 | function checkCreateActivity (activity: any) { | 62 | function checkCreateActivity (activity: any) { |
63 | return isViewActivityValid(activity) || | 63 | return isViewActivityValid(activity) || |
64 | isDislikeActivityValid(activity) || | 64 | isDislikeActivityValid(activity) || |
65 | isVideoTorrentCreateActivityValid(activity) || | 65 | sanitizeAndCheckVideoTorrentCreateActivity(activity) || |
66 | isVideoFlagValid(activity) || | 66 | isVideoFlagValid(activity) || |
67 | isVideoCommentCreateActivityValid(activity) | 67 | isVideoCommentCreateActivityValid(activity) |
68 | } | 68 | } |
69 | 69 | ||
70 | function checkUpdateActivity (activity: any) { | 70 | function checkUpdateActivity (activity: any) { |
71 | return isVideoTorrentUpdateActivityValid(activity) || | 71 | return sanitizeAndCheckVideoTorrentUpdateActivity(activity) || |
72 | isActorUpdateActivityValid(activity) | 72 | isActorUpdateActivityValid(activity) |
73 | } | 73 | } |
74 | 74 | ||
diff --git a/server/helpers/custom-validators/activitypub/videos.ts b/server/helpers/custom-validators/activitypub/videos.ts index 8ec7df49a..0d2e8766d 100644 --- a/server/helpers/custom-validators/activitypub/videos.ts +++ b/server/helpers/custom-validators/activitypub/videos.ts | |||
@@ -12,14 +12,14 @@ import { | |||
12 | } from '../videos' | 12 | } from '../videos' |
13 | import { isActivityPubUrlValid, isBaseActivityValid, setValidAttributedTo } from './misc' | 13 | import { isActivityPubUrlValid, isBaseActivityValid, setValidAttributedTo } from './misc' |
14 | 14 | ||
15 | function isVideoTorrentCreateActivityValid (activity: any) { | 15 | function sanitizeAndCheckVideoTorrentCreateActivity (activity: any) { |
16 | return isBaseActivityValid(activity, 'Create') && | 16 | return isBaseActivityValid(activity, 'Create') && |
17 | isVideoTorrentObjectValid(activity.object) | 17 | sanitizeAndCheckVideoTorrentObject(activity.object) |
18 | } | 18 | } |
19 | 19 | ||
20 | function isVideoTorrentUpdateActivityValid (activity: any) { | 20 | function sanitizeAndCheckVideoTorrentUpdateActivity (activity: any) { |
21 | return isBaseActivityValid(activity, 'Update') && | 21 | return isBaseActivityValid(activity, 'Update') && |
22 | isVideoTorrentObjectValid(activity.object) | 22 | sanitizeAndCheckVideoTorrentObject(activity.object) |
23 | } | 23 | } |
24 | 24 | ||
25 | function isVideoTorrentDeleteActivityValid (activity: any) { | 25 | function isVideoTorrentDeleteActivityValid (activity: any) { |
@@ -42,13 +42,17 @@ function isActivityPubVideoDurationValid (value: string) { | |||
42 | isVideoDurationValid(value.replace(/[^0-9]+/g, '')) | 42 | isVideoDurationValid(value.replace(/[^0-9]+/g, '')) |
43 | } | 43 | } |
44 | 44 | ||
45 | function isVideoTorrentObjectValid (video: any) { | 45 | function sanitizeAndCheckVideoTorrentObject (video: any) { |
46 | if (!setValidRemoteTags(video)) return false | ||
47 | if (!setValidRemoteVideoUrls(video)) return false | ||
48 | if (!setRemoteVideoTruncatedContent(video)) return false | ||
49 | if (!setValidAttributedTo(video)) return false | ||
50 | |||
46 | return video.type === 'Video' && | 51 | return video.type === 'Video' && |
47 | isActivityPubUrlValid(video.id) && | 52 | isActivityPubUrlValid(video.id) && |
48 | isVideoNameValid(video.name) && | 53 | isVideoNameValid(video.name) && |
49 | isActivityPubVideoDurationValid(video.duration) && | 54 | isActivityPubVideoDurationValid(video.duration) && |
50 | isUUIDValid(video.uuid) && | 55 | isUUIDValid(video.uuid) && |
51 | setValidRemoteTags(video) && | ||
52 | (!video.category || isRemoteNumberIdentifierValid(video.category)) && | 56 | (!video.category || isRemoteNumberIdentifierValid(video.category)) && |
53 | (!video.licence || isRemoteNumberIdentifierValid(video.licence)) && | 57 | (!video.licence || isRemoteNumberIdentifierValid(video.licence)) && |
54 | (!video.language || isRemoteStringIdentifierValid(video.language)) && | 58 | (!video.language || isRemoteStringIdentifierValid(video.language)) && |
@@ -57,24 +61,21 @@ function isVideoTorrentObjectValid (video: any) { | |||
57 | isBooleanValid(video.commentsEnabled) && | 61 | isBooleanValid(video.commentsEnabled) && |
58 | isDateValid(video.published) && | 62 | isDateValid(video.published) && |
59 | isDateValid(video.updated) && | 63 | isDateValid(video.updated) && |
60 | setRemoteVideoTruncatedContent(video) && | ||
61 | (!video.content || isRemoteVideoContentValid(video.mediaType, video.content)) && | 64 | (!video.content || isRemoteVideoContentValid(video.mediaType, video.content)) && |
62 | isRemoteVideoIconValid(video.icon) && | 65 | isRemoteVideoIconValid(video.icon) && |
63 | setValidRemoteVideoUrls(video) && | ||
64 | video.url.length !== 0 && | 66 | video.url.length !== 0 && |
65 | setValidAttributedTo(video) && | ||
66 | video.attributedTo.length !== 0 | 67 | video.attributedTo.length !== 0 |
67 | } | 68 | } |
68 | 69 | ||
69 | // --------------------------------------------------------------------------- | 70 | // --------------------------------------------------------------------------- |
70 | 71 | ||
71 | export { | 72 | export { |
72 | isVideoTorrentCreateActivityValid, | 73 | sanitizeAndCheckVideoTorrentCreateActivity, |
73 | isVideoTorrentUpdateActivityValid, | 74 | sanitizeAndCheckVideoTorrentUpdateActivity, |
74 | isVideoTorrentDeleteActivityValid, | 75 | isVideoTorrentDeleteActivityValid, |
75 | isRemoteStringIdentifierValid, | 76 | isRemoteStringIdentifierValid, |
76 | isVideoFlagValid, | 77 | isVideoFlagValid, |
77 | isVideoTorrentObjectValid | 78 | sanitizeAndCheckVideoTorrentObject |
78 | } | 79 | } |
79 | 80 | ||
80 | // --------------------------------------------------------------------------- | 81 | // --------------------------------------------------------------------------- |
diff --git a/server/lib/activitypub/videos.ts b/server/lib/activitypub/videos.ts index 7cb1fe240..b81acbb35 100644 --- a/server/lib/activitypub/videos.ts +++ b/server/lib/activitypub/videos.ts | |||
@@ -5,7 +5,7 @@ import * as request from 'request' | |||
5 | import { ActivityIconObject } from '../../../shared/index' | 5 | import { ActivityIconObject } from '../../../shared/index' |
6 | import { VideoTorrentObject } from '../../../shared/models/activitypub/objects' | 6 | import { VideoTorrentObject } from '../../../shared/models/activitypub/objects' |
7 | import { VideoPrivacy, VideoRateType } from '../../../shared/models/videos' | 7 | import { VideoPrivacy, VideoRateType } from '../../../shared/models/videos' |
8 | import { isVideoTorrentObjectValid } from '../../helpers/custom-validators/activitypub/videos' | 8 | import { sanitizeAndCheckVideoTorrentObject } from '../../helpers/custom-validators/activitypub/videos' |
9 | import { isVideoFileInfoHashValid } from '../../helpers/custom-validators/videos' | 9 | import { isVideoFileInfoHashValid } from '../../helpers/custom-validators/videos' |
10 | import { retryTransactionWrapper } from '../../helpers/database-utils' | 10 | import { retryTransactionWrapper } from '../../helpers/database-utils' |
11 | import { logger } from '../../helpers/logger' | 11 | import { logger } from '../../helpers/logger' |
@@ -317,7 +317,7 @@ async function fetchRemoteVideo (videoUrl: string): Promise<VideoTorrentObject> | |||
317 | 317 | ||
318 | const { body } = await doRequest(options) | 318 | const { body } = await doRequest(options) |
319 | 319 | ||
320 | if (isVideoTorrentObjectValid(body) === false) { | 320 | if (sanitizeAndCheckVideoTorrentObject(body) === false) { |
321 | logger.debug('Remote video JSON is not valid.', { body }) | 321 | logger.debug('Remote video JSON is not valid.', { body }) |
322 | return undefined | 322 | return undefined |
323 | } | 323 | } |
diff --git a/server/middlewares/validators/activitypub/activity.ts b/server/middlewares/validators/activitypub/activity.ts index 4aace4c8e..3f9057c0c 100644 --- a/server/middlewares/validators/activitypub/activity.ts +++ b/server/middlewares/validators/activitypub/activity.ts | |||
@@ -1,10 +1,8 @@ | |||
1 | import * as express from 'express' | 1 | import * as express from 'express' |
2 | import { body } from 'express-validator/check' | ||
3 | import { isRootActivityValid } from '../../../helpers/custom-validators/activitypub/activity' | 2 | import { isRootActivityValid } from '../../../helpers/custom-validators/activitypub/activity' |
4 | import { logger } from '../../../helpers/logger' | 3 | import { logger } from '../../../helpers/logger' |
5 | import { getServerActor } from '../../../helpers/utils' | 4 | import { getServerActor } from '../../../helpers/utils' |
6 | import { ActorModel } from '../../../models/activitypub/actor' | 5 | import { ActorModel } from '../../../models/activitypub/actor' |
7 | import { areValidationErrors } from '../utils' | ||
8 | 6 | ||
9 | async function activityPubValidator (req: express.Request, res: express.Response, next: express.NextFunction) { | 7 | async function activityPubValidator (req: express.Request, res: express.Response, next: express.NextFunction) { |
10 | logger.debug('Checking activity pub parameters') | 8 | logger.debug('Checking activity pub parameters') |