aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/controllers/api
diff options
context:
space:
mode:
authorChocobozzz <me@florianbigard.com>2022-02-09 08:58:40 +0100
committerChocobozzz <me@florianbigard.com>2022-02-09 11:54:18 +0100
commit474542d7ac60f7860daf9ea34d1c31968f43ab29 (patch)
treec3e19095e19930d3955ce8d56d8c099bdda17923 /server/controllers/api
parentba8a8367e7fde7915ae6633445bf46ebf4a9fe94 (diff)
downloadPeerTube-474542d7ac60f7860daf9ea34d1c31968f43ab29.tar.gz
PeerTube-474542d7ac60f7860daf9ea34d1c31968f43ab29.tar.zst
PeerTube-474542d7ac60f7860daf9ea34d1c31968f43ab29.zip
Add additional checks when importing a video
Diffstat (limited to 'server/controllers/api')
-rw-r--r--server/controllers/api/videos/import.ts29
1 files changed, 28 insertions, 1 deletions
diff --git a/server/controllers/api/videos/import.ts b/server/controllers/api/videos/import.ts
index 8cbfd3286..b54fa822c 100644
--- a/server/controllers/api/videos/import.ts
+++ b/server/controllers/api/videos/import.ts
@@ -1,9 +1,11 @@
1import express from 'express' 1import express from 'express'
2import { move, readFile } from 'fs-extra' 2import { move, readFile, remove } from 'fs-extra'
3import { decode } from 'magnet-uri' 3import { decode } from 'magnet-uri'
4import parseTorrent, { Instance } from 'parse-torrent' 4import parseTorrent, { Instance } from 'parse-torrent'
5import { join } from 'path' 5import { join } from 'path'
6import { isVTTFileValid } from '@server/helpers/custom-validators/video-captions'
6import { isVideoFileExtnameValid } from '@server/helpers/custom-validators/videos' 7import { isVideoFileExtnameValid } from '@server/helpers/custom-validators/videos'
8import { isResolvingToUnicastOnly } from '@server/helpers/dns'
7import { Hooks } from '@server/lib/plugins/hooks' 9import { Hooks } from '@server/lib/plugins/hooks'
8import { ServerConfigManager } from '@server/lib/server-config-manager' 10import { ServerConfigManager } from '@server/lib/server-config-manager'
9import { setVideoTags } from '@server/lib/video' 11import { setVideoTags } from '@server/lib/video'
@@ -195,6 +197,13 @@ async function addYoutubeDLImport (req: express.Request, res: express.Response)
195 }) 197 })
196 } 198 }
197 199
200 if (!await hasUnicastURLsOnly(youtubeDLInfo)) {
201 return res.fail({
202 status: HttpStatusCode.FORBIDDEN_403,
203 message: 'Cannot use non unicast IP as targetUrl.'
204 })
205 }
206
198 const video = await buildVideo(res.locals.videoChannel.id, body, youtubeDLInfo) 207 const video = await buildVideo(res.locals.videoChannel.id, body, youtubeDLInfo)
199 208
200 // Process video thumbnail from request.files 209 // Process video thumbnail from request.files
@@ -432,6 +441,11 @@ async function processYoutubeSubtitles (youtubeDL: YoutubeDLWrapper, targetUrl:
432 logger.info('Will create %s subtitles from youtube import %s.', subtitles.length, targetUrl) 441 logger.info('Will create %s subtitles from youtube import %s.', subtitles.length, targetUrl)
433 442
434 for (const subtitle of subtitles) { 443 for (const subtitle of subtitles) {
444 if (!await isVTTFileValid(subtitle.path)) {
445 await remove(subtitle.path)
446 continue
447 }
448
435 const videoCaption = new VideoCaptionModel({ 449 const videoCaption = new VideoCaptionModel({
436 videoId, 450 videoId,
437 language: subtitle.language, 451 language: subtitle.language,
@@ -449,3 +463,16 @@ async function processYoutubeSubtitles (youtubeDL: YoutubeDLWrapper, targetUrl:
449 logger.warn('Cannot get video subtitles.', { err }) 463 logger.warn('Cannot get video subtitles.', { err })
450 } 464 }
451} 465}
466
467async function hasUnicastURLsOnly (youtubeDLInfo: YoutubeDLInfo) {
468 const hosts = youtubeDLInfo.urls.map(u => new URL(u).hostname)
469 const uniqHosts = new Set(hosts)
470
471 for (const h of uniqHosts) {
472 if (await isResolvingToUnicastOnly(h) !== true) {
473 return false
474 }
475 }
476
477 return true
478}