diff options
author | Chocobozzz <me@florianbigard.com> | 2018-05-11 15:41:54 +0200 |
---|---|---|
committer | Chocobozzz <me@florianbigard.com> | 2018-05-11 15:41:54 +0200 |
commit | 5cf135001124cd19183336dbfcae1cd432217b00 (patch) | |
tree | 2741f19ef66750a320c179dd8af435f6f768a98d | |
parent | 0f320037e689b2778959c12ddd4ce790f6e4ae4f (diff) | |
download | PeerTube-5cf135001124cd19183336dbfcae1cd432217b00.tar.gz PeerTube-5cf135001124cd19183336dbfcae1cd432217b00.tar.zst PeerTube-5cf135001124cd19183336dbfcae1cd432217b00.zip |
Improve AP validation for Notes
-rw-r--r-- | server/helpers/custom-validators/activitypub/video-comments.ts | 25 | ||||
-rw-r--r-- | server/helpers/custom-validators/activitypub/videos.ts | 5 | ||||
-rw-r--r-- | server/lib/activitypub/video-comments.ts | 6 |
3 files changed, 25 insertions, 11 deletions
diff --git a/server/helpers/custom-validators/activitypub/video-comments.ts b/server/helpers/custom-validators/activitypub/video-comments.ts index 7e8cfece2..151d13075 100644 --- a/server/helpers/custom-validators/activitypub/video-comments.ts +++ b/server/helpers/custom-validators/activitypub/video-comments.ts | |||
@@ -1,16 +1,19 @@ | |||
1 | import * as validator from 'validator' | 1 | import * as validator from 'validator' |
2 | import { ACTIVITY_PUB } from '../../../initializers' | 2 | import { ACTIVITY_PUB, CONSTRAINTS_FIELDS } from '../../../initializers' |
3 | import { exists, isArray, isDateValid } from '../misc' | 3 | import { exists, isArray, isDateValid } from '../misc' |
4 | import { isActivityPubUrlValid, isBaseActivityValid } from './misc' | 4 | import { isActivityPubUrlValid, isBaseActivityValid } from './misc' |
5 | 5 | ||
6 | function isVideoCommentCreateActivityValid (activity: any) { | 6 | function isVideoCommentCreateActivityValid (activity: any) { |
7 | return isBaseActivityValid(activity, 'Create') && | 7 | return isBaseActivityValid(activity, 'Create') && |
8 | isVideoCommentObjectValid(activity.object) | 8 | sanitizeAndCheckVideoCommentObject(activity.object) |
9 | } | 9 | } |
10 | 10 | ||
11 | function isVideoCommentObjectValid (comment: any) { | 11 | function sanitizeAndCheckVideoCommentObject (comment: any) { |
12 | return comment.type === 'Note' && | 12 | if (comment.type !== 'Note') return false |
13 | isActivityPubUrlValid(comment.id) && | 13 | |
14 | normalizeComment(comment) | ||
15 | |||
16 | return isActivityPubUrlValid(comment.id) && | ||
14 | isCommentContentValid(comment.content) && | 17 | isCommentContentValid(comment.content) && |
15 | isActivityPubUrlValid(comment.inReplyTo) && | 18 | isActivityPubUrlValid(comment.inReplyTo) && |
16 | isDateValid(comment.published) && | 19 | isDateValid(comment.published) && |
@@ -31,7 +34,7 @@ function isVideoCommentDeleteActivityValid (activity: any) { | |||
31 | export { | 34 | export { |
32 | isVideoCommentCreateActivityValid, | 35 | isVideoCommentCreateActivityValid, |
33 | isVideoCommentDeleteActivityValid, | 36 | isVideoCommentDeleteActivityValid, |
34 | isVideoCommentObjectValid | 37 | sanitizeAndCheckVideoCommentObject |
35 | } | 38 | } |
36 | 39 | ||
37 | // --------------------------------------------------------------------------- | 40 | // --------------------------------------------------------------------------- |
@@ -39,3 +42,13 @@ export { | |||
39 | function isCommentContentValid (content: any) { | 42 | function isCommentContentValid (content: any) { |
40 | return exists(content) && validator.isLength('' + content, { min: 1 }) | 43 | return exists(content) && validator.isLength('' + content, { min: 1 }) |
41 | } | 44 | } |
45 | |||
46 | function normalizeComment (comment: any) { | ||
47 | if (!comment) return | ||
48 | |||
49 | if (!comment.url || typeof comment.url !== 'string') { | ||
50 | comment.url = comment.url.href || comment.url.url | ||
51 | } | ||
52 | |||
53 | return | ||
54 | } | ||
diff --git a/server/helpers/custom-validators/activitypub/videos.ts b/server/helpers/custom-validators/activitypub/videos.ts index 0d2e8766d..7e1d57c34 100644 --- a/server/helpers/custom-validators/activitypub/videos.ts +++ b/server/helpers/custom-validators/activitypub/videos.ts | |||
@@ -43,13 +43,14 @@ function isActivityPubVideoDurationValid (value: string) { | |||
43 | } | 43 | } |
44 | 44 | ||
45 | function sanitizeAndCheckVideoTorrentObject (video: any) { | 45 | function sanitizeAndCheckVideoTorrentObject (video: any) { |
46 | if (video.type !== 'Video') return false | ||
47 | |||
46 | if (!setValidRemoteTags(video)) return false | 48 | if (!setValidRemoteTags(video)) return false |
47 | if (!setValidRemoteVideoUrls(video)) return false | 49 | if (!setValidRemoteVideoUrls(video)) return false |
48 | if (!setRemoteVideoTruncatedContent(video)) return false | 50 | if (!setRemoteVideoTruncatedContent(video)) return false |
49 | if (!setValidAttributedTo(video)) return false | 51 | if (!setValidAttributedTo(video)) return false |
50 | 52 | ||
51 | return video.type === 'Video' && | 53 | return isActivityPubUrlValid(video.id) && |
52 | isActivityPubUrlValid(video.id) && | ||
53 | isVideoNameValid(video.name) && | 54 | isVideoNameValid(video.name) && |
54 | isActivityPubVideoDurationValid(video.duration) && | 55 | isActivityPubVideoDurationValid(video.duration) && |
55 | isUUIDValid(video.uuid) && | 56 | isUUIDValid(video.uuid) && |
diff --git a/server/lib/activitypub/video-comments.ts b/server/lib/activitypub/video-comments.ts index 8ab0cdba4..60c9179a6 100644 --- a/server/lib/activitypub/video-comments.ts +++ b/server/lib/activitypub/video-comments.ts | |||
@@ -1,5 +1,5 @@ | |||
1 | import { VideoCommentObject } from '../../../shared/models/activitypub/objects/video-comment-object' | 1 | import { VideoCommentObject } from '../../../shared/models/activitypub/objects/video-comment-object' |
2 | import { isVideoCommentObjectValid } from '../../helpers/custom-validators/activitypub/video-comments' | 2 | import { sanitizeAndCheckVideoCommentObject } from '../../helpers/custom-validators/activitypub/video-comments' |
3 | import { logger } from '../../helpers/logger' | 3 | import { logger } from '../../helpers/logger' |
4 | import { doRequest } from '../../helpers/requests' | 4 | import { doRequest } from '../../helpers/requests' |
5 | import { ACTIVITY_PUB } from '../../initializers' | 5 | import { ACTIVITY_PUB } from '../../initializers' |
@@ -52,7 +52,7 @@ async function addVideoComment (videoInstance: VideoModel, commentUrl: string) { | |||
52 | activityPub: true | 52 | activityPub: true |
53 | }) | 53 | }) |
54 | 54 | ||
55 | if (isVideoCommentObjectValid(body) === false) { | 55 | if (sanitizeAndCheckVideoCommentObject(body) === false) { |
56 | logger.debug('Remote video comment JSON is not valid.', { body }) | 56 | logger.debug('Remote video comment JSON is not valid.', { body }) |
57 | return undefined | 57 | return undefined |
58 | } | 58 | } |
@@ -123,7 +123,7 @@ async function resolveThread (url: string, comments: VideoCommentModel[] = []) { | |||
123 | activityPub: true | 123 | activityPub: true |
124 | }) | 124 | }) |
125 | 125 | ||
126 | if (isVideoCommentObjectValid(body) === false) { | 126 | if (sanitizeAndCheckVideoCommentObject(body) === false) { |
127 | throw new Error('Remote video comment JSON is not valid :' + JSON.stringify(body)) | 127 | throw new Error('Remote video comment JSON is not valid :' + JSON.stringify(body)) |
128 | } | 128 | } |
129 | 129 | ||