diff options
| author | Chocobozzz <me@florianbigard.com> | 2022-01-06 13:31:37 +0100 |
|---|---|---|
| committer | Chocobozzz <me@florianbigard.com> | 2022-01-06 13:31:37 +0100 |
| commit | c3edc5b074aa4bb1861ed0a94d3713808e87170f (patch) | |
| tree | 328af78334a13d0d20ca53b0d88c13128e0f1244 /server/middlewares/validators/videos/video-imports.ts | |
| parent | 75b7117f078461d2507572ba9da6527894e1b734 (diff) | |
| parent | 795212f7acc690c88c86d0fab8772f6564d59cb8 (diff) | |
| download | PeerTube-c3edc5b074aa4bb1861ed0a94d3713808e87170f.tar.gz PeerTube-c3edc5b074aa4bb1861ed0a94d3713808e87170f.tar.zst PeerTube-c3edc5b074aa4bb1861ed0a94d3713808e87170f.zip | |
Merge branch 'release/4.0.0' into develop
Diffstat (limited to 'server/middlewares/validators/videos/video-imports.ts')
| -rw-r--r-- | server/middlewares/validators/videos/video-imports.ts | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/server/middlewares/validators/videos/video-imports.ts b/server/middlewares/validators/videos/video-imports.ts index 640139c73..e4b54283f 100644 --- a/server/middlewares/validators/videos/video-imports.ts +++ b/server/middlewares/validators/videos/video-imports.ts | |||
| @@ -13,6 +13,7 @@ import { CONFIG } from '../../../initializers/config' | |||
| 13 | import { CONSTRAINTS_FIELDS } from '../../../initializers/constants' | 13 | import { CONSTRAINTS_FIELDS } from '../../../initializers/constants' |
| 14 | import { areValidationErrors, doesVideoChannelOfAccountExist } from '../shared' | 14 | import { areValidationErrors, doesVideoChannelOfAccountExist } from '../shared' |
| 15 | import { getCommonVideoEditAttributes } from './videos' | 15 | import { getCommonVideoEditAttributes } from './videos' |
| 16 | import { isValid as isIPValid, parse as parseIP } from 'ipaddr.js' | ||
| 16 | 17 | ||
| 17 | const videoImportAddValidator = getCommonVideoEditAttributes().concat([ | 18 | const videoImportAddValidator = getCommonVideoEditAttributes().concat([ |
| 18 | body('channelId') | 19 | body('channelId') |
| @@ -71,6 +72,23 @@ const videoImportAddValidator = getCommonVideoEditAttributes().concat([ | |||
| 71 | return res.fail({ message: 'Should have a magnetUri or a targetUrl or a torrent file.' }) | 72 | return res.fail({ message: 'Should have a magnetUri or a targetUrl or a torrent file.' }) |
| 72 | } | 73 | } |
| 73 | 74 | ||
| 75 | if (req.body.targetUrl) { | ||
| 76 | const hostname = new URL(req.body.targetUrl).hostname | ||
| 77 | |||
| 78 | if (isIPValid(hostname)) { | ||
| 79 | const parsed = parseIP(hostname) | ||
| 80 | |||
| 81 | if (parsed.range() !== 'unicast') { | ||
| 82 | cleanUpReqFiles(req) | ||
| 83 | |||
| 84 | return res.fail({ | ||
| 85 | status: HttpStatusCode.FORBIDDEN_403, | ||
| 86 | message: 'Cannot use non unicast IP as targetUrl.' | ||
| 87 | }) | ||
| 88 | } | ||
| 89 | } | ||
| 90 | } | ||
| 91 | |||
| 74 | if (!await isImportAccepted(req, res)) return cleanUpReqFiles(req) | 92 | if (!await isImportAccepted(req, res)) return cleanUpReqFiles(req) |
| 75 | 93 | ||
| 76 | return next() | 94 | return next() |