aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorChocobozzz <me@florianbigard.com>2018-05-11 15:41:54 +0200
committerChocobozzz <me@florianbigard.com>2018-05-11 15:41:54 +0200
commit5cf135001124cd19183336dbfcae1cd432217b00 (patch)
tree2741f19ef66750a320c179dd8af435f6f768a98d
parent0f320037e689b2778959c12ddd4ce790f6e4ae4f (diff)
downloadPeerTube-5cf135001124cd19183336dbfcae1cd432217b00.tar.gz
PeerTube-5cf135001124cd19183336dbfcae1cd432217b00.tar.zst
PeerTube-5cf135001124cd19183336dbfcae1cd432217b00.zip
Improve AP validation for Notes
-rw-r--r--server/helpers/custom-validators/activitypub/video-comments.ts25
-rw-r--r--server/helpers/custom-validators/activitypub/videos.ts5
-rw-r--r--server/lib/activitypub/video-comments.ts6
3 files changed, 25 insertions, 11 deletions
diff --git a/server/helpers/custom-validators/activitypub/video-comments.ts b/server/helpers/custom-validators/activitypub/video-comments.ts
index 7e8cfece2..151d13075 100644
--- a/server/helpers/custom-validators/activitypub/video-comments.ts
+++ b/server/helpers/custom-validators/activitypub/video-comments.ts
@@ -1,16 +1,19 @@
1import * as validator from 'validator' 1import * as validator from 'validator'
2import { ACTIVITY_PUB } from '../../../initializers' 2import { ACTIVITY_PUB, CONSTRAINTS_FIELDS } from '../../../initializers'
3import { exists, isArray, isDateValid } from '../misc' 3import { exists, isArray, isDateValid } from '../misc'
4import { isActivityPubUrlValid, isBaseActivityValid } from './misc' 4import { isActivityPubUrlValid, isBaseActivityValid } from './misc'
5 5
6function isVideoCommentCreateActivityValid (activity: any) { 6function isVideoCommentCreateActivityValid (activity: any) {
7 return isBaseActivityValid(activity, 'Create') && 7 return isBaseActivityValid(activity, 'Create') &&
8 isVideoCommentObjectValid(activity.object) 8 sanitizeAndCheckVideoCommentObject(activity.object)
9} 9}
10 10
11function isVideoCommentObjectValid (comment: any) { 11function sanitizeAndCheckVideoCommentObject (comment: any) {
12 return comment.type === 'Note' && 12 if (comment.type !== 'Note') return false
13 isActivityPubUrlValid(comment.id) && 13
14 normalizeComment(comment)
15
16 return isActivityPubUrlValid(comment.id) &&
14 isCommentContentValid(comment.content) && 17 isCommentContentValid(comment.content) &&
15 isActivityPubUrlValid(comment.inReplyTo) && 18 isActivityPubUrlValid(comment.inReplyTo) &&
16 isDateValid(comment.published) && 19 isDateValid(comment.published) &&
@@ -31,7 +34,7 @@ function isVideoCommentDeleteActivityValid (activity: any) {
31export { 34export {
32 isVideoCommentCreateActivityValid, 35 isVideoCommentCreateActivityValid,
33 isVideoCommentDeleteActivityValid, 36 isVideoCommentDeleteActivityValid,
34 isVideoCommentObjectValid 37 sanitizeAndCheckVideoCommentObject
35} 38}
36 39
37// --------------------------------------------------------------------------- 40// ---------------------------------------------------------------------------
@@ -39,3 +42,13 @@ export {
39function isCommentContentValid (content: any) { 42function isCommentContentValid (content: any) {
40 return exists(content) && validator.isLength('' + content, { min: 1 }) 43 return exists(content) && validator.isLength('' + content, { min: 1 })
41} 44}
45
46function normalizeComment (comment: any) {
47 if (!comment) return
48
49 if (!comment.url || typeof comment.url !== 'string') {
50 comment.url = comment.url.href || comment.url.url
51 }
52
53 return
54}
diff --git a/server/helpers/custom-validators/activitypub/videos.ts b/server/helpers/custom-validators/activitypub/videos.ts
index 0d2e8766d..7e1d57c34 100644
--- a/server/helpers/custom-validators/activitypub/videos.ts
+++ b/server/helpers/custom-validators/activitypub/videos.ts
@@ -43,13 +43,14 @@ function isActivityPubVideoDurationValid (value: string) {
43} 43}
44 44
45function sanitizeAndCheckVideoTorrentObject (video: any) { 45function sanitizeAndCheckVideoTorrentObject (video: any) {
46 if (video.type !== 'Video') return false
47
46 if (!setValidRemoteTags(video)) return false 48 if (!setValidRemoteTags(video)) return false
47 if (!setValidRemoteVideoUrls(video)) return false 49 if (!setValidRemoteVideoUrls(video)) return false
48 if (!setRemoteVideoTruncatedContent(video)) return false 50 if (!setRemoteVideoTruncatedContent(video)) return false
49 if (!setValidAttributedTo(video)) return false 51 if (!setValidAttributedTo(video)) return false
50 52
51 return video.type === 'Video' && 53 return isActivityPubUrlValid(video.id) &&
52 isActivityPubUrlValid(video.id) &&
53 isVideoNameValid(video.name) && 54 isVideoNameValid(video.name) &&
54 isActivityPubVideoDurationValid(video.duration) && 55 isActivityPubVideoDurationValid(video.duration) &&
55 isUUIDValid(video.uuid) && 56 isUUIDValid(video.uuid) &&
diff --git a/server/lib/activitypub/video-comments.ts b/server/lib/activitypub/video-comments.ts
index 8ab0cdba4..60c9179a6 100644
--- a/server/lib/activitypub/video-comments.ts
+++ b/server/lib/activitypub/video-comments.ts
@@ -1,5 +1,5 @@
1import { VideoCommentObject } from '../../../shared/models/activitypub/objects/video-comment-object' 1import { VideoCommentObject } from '../../../shared/models/activitypub/objects/video-comment-object'
2import { isVideoCommentObjectValid } from '../../helpers/custom-validators/activitypub/video-comments' 2import { sanitizeAndCheckVideoCommentObject } from '../../helpers/custom-validators/activitypub/video-comments'
3import { logger } from '../../helpers/logger' 3import { logger } from '../../helpers/logger'
4import { doRequest } from '../../helpers/requests' 4import { doRequest } from '../../helpers/requests'
5import { ACTIVITY_PUB } from '../../initializers' 5import { ACTIVITY_PUB } from '../../initializers'
@@ -52,7 +52,7 @@ async function addVideoComment (videoInstance: VideoModel, commentUrl: string) {
52 activityPub: true 52 activityPub: true
53 }) 53 })
54 54
55 if (isVideoCommentObjectValid(body) === false) { 55 if (sanitizeAndCheckVideoCommentObject(body) === false) {
56 logger.debug('Remote video comment JSON is not valid.', { body }) 56 logger.debug('Remote video comment JSON is not valid.', { body })
57 return undefined 57 return undefined
58 } 58 }
@@ -123,7 +123,7 @@ async function resolveThread (url: string, comments: VideoCommentModel[] = []) {
123 activityPub: true 123 activityPub: true
124 }) 124 })
125 125
126 if (isVideoCommentObjectValid(body) === false) { 126 if (sanitizeAndCheckVideoCommentObject(body) === false) {
127 throw new Error('Remote video comment JSON is not valid :' + JSON.stringify(body)) 127 throw new Error('Remote video comment JSON is not valid :' + JSON.stringify(body))
128 } 128 }
129 129