aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/helpers
diff options
context:
space:
mode:
authorChocobozzz <me@florianbigard.com>2018-05-11 15:41:54 +0200
committerChocobozzz <me@florianbigard.com>2018-05-11 15:41:54 +0200
commit5cf135001124cd19183336dbfcae1cd432217b00 (patch)
tree2741f19ef66750a320c179dd8af435f6f768a98d /server/helpers
parent0f320037e689b2778959c12ddd4ce790f6e4ae4f (diff)
downloadPeerTube-5cf135001124cd19183336dbfcae1cd432217b00.tar.gz
PeerTube-5cf135001124cd19183336dbfcae1cd432217b00.tar.zst
PeerTube-5cf135001124cd19183336dbfcae1cd432217b00.zip
Improve AP validation for Notes
Diffstat (limited to 'server/helpers')
-rw-r--r--server/helpers/custom-validators/activitypub/video-comments.ts25
-rw-r--r--server/helpers/custom-validators/activitypub/videos.ts5
2 files changed, 22 insertions, 8 deletions
diff --git a/server/helpers/custom-validators/activitypub/video-comments.ts b/server/helpers/custom-validators/activitypub/video-comments.ts
index 7e8cfece2..151d13075 100644
--- a/server/helpers/custom-validators/activitypub/video-comments.ts
+++ b/server/helpers/custom-validators/activitypub/video-comments.ts
@@ -1,16 +1,19 @@
1import * as validator from 'validator' 1import * as validator from 'validator'
2import { ACTIVITY_PUB } from '../../../initializers' 2import { ACTIVITY_PUB, CONSTRAINTS_FIELDS } from '../../../initializers'
3import { exists, isArray, isDateValid } from '../misc' 3import { exists, isArray, isDateValid } from '../misc'
4import { isActivityPubUrlValid, isBaseActivityValid } from './misc' 4import { isActivityPubUrlValid, isBaseActivityValid } from './misc'
5 5
6function isVideoCommentCreateActivityValid (activity: any) { 6function isVideoCommentCreateActivityValid (activity: any) {
7 return isBaseActivityValid(activity, 'Create') && 7 return isBaseActivityValid(activity, 'Create') &&
8 isVideoCommentObjectValid(activity.object) 8 sanitizeAndCheckVideoCommentObject(activity.object)
9} 9}
10 10
11function isVideoCommentObjectValid (comment: any) { 11function sanitizeAndCheckVideoCommentObject (comment: any) {
12 return comment.type === 'Note' && 12 if (comment.type !== 'Note') return false
13 isActivityPubUrlValid(comment.id) && 13
14 normalizeComment(comment)
15
16 return isActivityPubUrlValid(comment.id) &&
14 isCommentContentValid(comment.content) && 17 isCommentContentValid(comment.content) &&
15 isActivityPubUrlValid(comment.inReplyTo) && 18 isActivityPubUrlValid(comment.inReplyTo) &&
16 isDateValid(comment.published) && 19 isDateValid(comment.published) &&
@@ -31,7 +34,7 @@ function isVideoCommentDeleteActivityValid (activity: any) {
31export { 34export {
32 isVideoCommentCreateActivityValid, 35 isVideoCommentCreateActivityValid,
33 isVideoCommentDeleteActivityValid, 36 isVideoCommentDeleteActivityValid,
34 isVideoCommentObjectValid 37 sanitizeAndCheckVideoCommentObject
35} 38}
36 39
37// --------------------------------------------------------------------------- 40// ---------------------------------------------------------------------------
@@ -39,3 +42,13 @@ export {
39function isCommentContentValid (content: any) { 42function isCommentContentValid (content: any) {
40 return exists(content) && validator.isLength('' + content, { min: 1 }) 43 return exists(content) && validator.isLength('' + content, { min: 1 })
41} 44}
45
46function normalizeComment (comment: any) {
47 if (!comment) return
48
49 if (!comment.url || typeof comment.url !== 'string') {
50 comment.url = comment.url.href || comment.url.url
51 }
52
53 return
54}
diff --git a/server/helpers/custom-validators/activitypub/videos.ts b/server/helpers/custom-validators/activitypub/videos.ts
index 0d2e8766d..7e1d57c34 100644
--- a/server/helpers/custom-validators/activitypub/videos.ts
+++ b/server/helpers/custom-validators/activitypub/videos.ts
@@ -43,13 +43,14 @@ function isActivityPubVideoDurationValid (value: string) {
43} 43}
44 44
45function sanitizeAndCheckVideoTorrentObject (video: any) { 45function sanitizeAndCheckVideoTorrentObject (video: any) {
46 if (video.type !== 'Video') return false
47
46 if (!setValidRemoteTags(video)) return false 48 if (!setValidRemoteTags(video)) return false
47 if (!setValidRemoteVideoUrls(video)) return false 49 if (!setValidRemoteVideoUrls(video)) return false
48 if (!setRemoteVideoTruncatedContent(video)) return false 50 if (!setRemoteVideoTruncatedContent(video)) return false
49 if (!setValidAttributedTo(video)) return false 51 if (!setValidAttributedTo(video)) return false
50 52
51 return video.type === 'Video' && 53 return isActivityPubUrlValid(video.id) &&
52 isActivityPubUrlValid(video.id) &&
53 isVideoNameValid(video.name) && 54 isVideoNameValid(video.name) &&
54 isActivityPubVideoDurationValid(video.duration) && 55 isActivityPubVideoDurationValid(video.duration) &&
55 isUUIDValid(video.uuid) && 56 isUUIDValid(video.uuid) &&