diff options
author | Chocobozzz <me@florianbigard.com> | 2018-11-14 15:01:28 +0100 |
---|---|---|
committer | Chocobozzz <me@florianbigard.com> | 2018-11-14 16:32:27 +0100 |
commit | 5c6d985faeef1d6793d3f44ca6374f1a9b722806 (patch) | |
tree | 567e31a84e721bf762189582f92ac2ec5c402bcc /server | |
parent | df66d81583e07ce049daeeef1edc6a87b57b3684 (diff) | |
download | PeerTube-5c6d985faeef1d6793d3f44ca6374f1a9b722806.tar.gz PeerTube-5c6d985faeef1d6793d3f44ca6374f1a9b722806.tar.zst PeerTube-5c6d985faeef1d6793d3f44ca6374f1a9b722806.zip |
Check activities host
Diffstat (limited to 'server')
32 files changed, 394 insertions, 119 deletions
diff --git a/server/controllers/activitypub/client.ts b/server/controllers/activitypub/client.ts index 433186179..ffbf1ba19 100644 --- a/server/controllers/activitypub/client.ts +++ b/server/controllers/activitypub/client.ts | |||
@@ -3,17 +3,22 @@ import * as express from 'express' | |||
3 | import { VideoPrivacy, VideoRateType } from '../../../shared/models/videos' | 3 | import { VideoPrivacy, VideoRateType } from '../../../shared/models/videos' |
4 | import { activityPubCollectionPagination, activityPubContextify } from '../../helpers/activitypub' | 4 | import { activityPubCollectionPagination, activityPubContextify } from '../../helpers/activitypub' |
5 | import { CONFIG, ROUTE_CACHE_LIFETIME } from '../../initializers' | 5 | import { CONFIG, ROUTE_CACHE_LIFETIME } from '../../initializers' |
6 | import { buildAnnounceWithVideoAudience } from '../../lib/activitypub/send' | 6 | import { buildAnnounceWithVideoAudience, buildDislikeActivity, buildLikeActivity } from '../../lib/activitypub/send' |
7 | import { audiencify, getAudience } from '../../lib/activitypub/audience' | 7 | import { audiencify, getAudience } from '../../lib/activitypub/audience' |
8 | import { buildCreateActivity } from '../../lib/activitypub/send/send-create' | 8 | import { buildCreateActivity } from '../../lib/activitypub/send/send-create' |
9 | import { | 9 | import { |
10 | asyncMiddleware, | 10 | asyncMiddleware, |
11 | videosShareValidator, | ||
11 | executeIfActivityPub, | 12 | executeIfActivityPub, |
12 | localAccountValidator, | 13 | localAccountValidator, |
13 | localVideoChannelValidator, | 14 | localVideoChannelValidator, |
14 | videosCustomGetValidator | 15 | videosCustomGetValidator |
15 | } from '../../middlewares' | 16 | } from '../../middlewares' |
16 | import { videoCommentGetValidator, videosGetValidator, videosShareValidator } from '../../middlewares/validators' | 17 | import { |
18 | getAccountVideoRateValidator, | ||
19 | videoCommentGetValidator, | ||
20 | videosGetValidator | ||
21 | } from '../../middlewares/validators' | ||
17 | import { AccountModel } from '../../models/account/account' | 22 | import { AccountModel } from '../../models/account/account' |
18 | import { ActorModel } from '../../models/activitypub/actor' | 23 | import { ActorModel } from '../../models/activitypub/actor' |
19 | import { ActorFollowModel } from '../../models/activitypub/actor-follow' | 24 | import { ActorFollowModel } from '../../models/activitypub/actor-follow' |
@@ -25,6 +30,7 @@ import { cacheRoute } from '../../middlewares/cache' | |||
25 | import { activityPubResponse } from './utils' | 30 | import { activityPubResponse } from './utils' |
26 | import { AccountVideoRateModel } from '../../models/account/account-video-rate' | 31 | import { AccountVideoRateModel } from '../../models/account/account-video-rate' |
27 | import { | 32 | import { |
33 | getRateUrl, | ||
28 | getVideoCommentsActivityPubUrl, | 34 | getVideoCommentsActivityPubUrl, |
29 | getVideoDislikesActivityPubUrl, | 35 | getVideoDislikesActivityPubUrl, |
30 | getVideoLikesActivityPubUrl, | 36 | getVideoLikesActivityPubUrl, |
@@ -48,6 +54,14 @@ activityPubClientRouter.get('/accounts?/:name/following', | |||
48 | executeIfActivityPub(asyncMiddleware(localAccountValidator)), | 54 | executeIfActivityPub(asyncMiddleware(localAccountValidator)), |
49 | executeIfActivityPub(asyncMiddleware(accountFollowingController)) | 55 | executeIfActivityPub(asyncMiddleware(accountFollowingController)) |
50 | ) | 56 | ) |
57 | activityPubClientRouter.get('/accounts?/:name/likes/:videoId', | ||
58 | executeIfActivityPub(asyncMiddleware(getAccountVideoRateValidator('like'))), | ||
59 | executeIfActivityPub(getAccountVideoRate('like')) | ||
60 | ) | ||
61 | activityPubClientRouter.get('/accounts?/:name/dislikes/:videoId', | ||
62 | executeIfActivityPub(asyncMiddleware(getAccountVideoRateValidator('dislike'))), | ||
63 | executeIfActivityPub(getAccountVideoRate('dislike')) | ||
64 | ) | ||
51 | 65 | ||
52 | activityPubClientRouter.get('/videos/watch/:id', | 66 | activityPubClientRouter.get('/videos/watch/:id', |
53 | executeIfActivityPub(asyncMiddleware(cacheRoute(ROUTE_CACHE_LIFETIME.ACTIVITY_PUB.VIDEOS))), | 67 | executeIfActivityPub(asyncMiddleware(cacheRoute(ROUTE_CACHE_LIFETIME.ACTIVITY_PUB.VIDEOS))), |
@@ -62,7 +76,7 @@ activityPubClientRouter.get('/videos/watch/:id/announces', | |||
62 | executeIfActivityPub(asyncMiddleware(videosCustomGetValidator('only-video'))), | 76 | executeIfActivityPub(asyncMiddleware(videosCustomGetValidator('only-video'))), |
63 | executeIfActivityPub(asyncMiddleware(videoAnnouncesController)) | 77 | executeIfActivityPub(asyncMiddleware(videoAnnouncesController)) |
64 | ) | 78 | ) |
65 | activityPubClientRouter.get('/videos/watch/:id/announces/:accountId', | 79 | activityPubClientRouter.get('/videos/watch/:id/announces/:actorId', |
66 | executeIfActivityPub(asyncMiddleware(videosShareValidator)), | 80 | executeIfActivityPub(asyncMiddleware(videosShareValidator)), |
67 | executeIfActivityPub(asyncMiddleware(videoAnnounceController)) | 81 | executeIfActivityPub(asyncMiddleware(videoAnnounceController)) |
68 | ) | 82 | ) |
@@ -133,6 +147,20 @@ async function accountFollowingController (req: express.Request, res: express.Re | |||
133 | return activityPubResponse(activityPubContextify(activityPubResult), res) | 147 | return activityPubResponse(activityPubContextify(activityPubResult), res) |
134 | } | 148 | } |
135 | 149 | ||
150 | function getAccountVideoRate (rateType: VideoRateType) { | ||
151 | return (req: express.Request, res: express.Response) => { | ||
152 | const accountVideoRate: AccountVideoRateModel = res.locals.accountVideoRate | ||
153 | |||
154 | const byActor = accountVideoRate.Account.Actor | ||
155 | const url = getRateUrl(rateType, byActor, accountVideoRate.Video) | ||
156 | const APObject = rateType === 'like' | ||
157 | ? buildLikeActivity(url, byActor, accountVideoRate.Video) | ||
158 | : buildCreateActivity(url, byActor, buildDislikeActivity(url, byActor, accountVideoRate.Video)) | ||
159 | |||
160 | return activityPubResponse(activityPubContextify(APObject), res) | ||
161 | } | ||
162 | } | ||
163 | |||
136 | async function videoController (req: express.Request, res: express.Response, next: express.NextFunction) { | 164 | async function videoController (req: express.Request, res: express.Response, next: express.NextFunction) { |
137 | const video: VideoModel = res.locals.video | 165 | const video: VideoModel = res.locals.video |
138 | 166 | ||
@@ -276,7 +304,7 @@ function videoRates (req: express.Request, rateType: VideoRateType, video: Video | |||
276 | const result = await AccountVideoRateModel.listAndCountAccountUrlsByVideoId(rateType, video.id, start, count) | 304 | const result = await AccountVideoRateModel.listAndCountAccountUrlsByVideoId(rateType, video.id, start, count) |
277 | return { | 305 | return { |
278 | total: result.count, | 306 | total: result.count, |
279 | data: result.rows.map(r => r.Account.Actor.url) | 307 | data: result.rows.map(r => r.url) |
280 | } | 308 | } |
281 | } | 309 | } |
282 | return activityPubCollectionPagination(url, handler, req.query.page) | 310 | return activityPubCollectionPagination(url, handler, req.query.page) |
diff --git a/server/controllers/activitypub/inbox.ts b/server/controllers/activitypub/inbox.ts index 738d155eb..f0e65015b 100644 --- a/server/controllers/activitypub/inbox.ts +++ b/server/controllers/activitypub/inbox.ts | |||
@@ -43,11 +43,13 @@ export { | |||
43 | // --------------------------------------------------------------------------- | 43 | // --------------------------------------------------------------------------- |
44 | 44 | ||
45 | const inboxQueue = queue<{ activities: Activity[], signatureActor?: ActorModel, inboxActor?: ActorModel }, Error>((task, cb) => { | 45 | const inboxQueue = queue<{ activities: Activity[], signatureActor?: ActorModel, inboxActor?: ActorModel }, Error>((task, cb) => { |
46 | processActivities(task.activities, task.signatureActor, task.inboxActor) | 46 | const options = { signatureActor: task.signatureActor, inboxActor: task.inboxActor } |
47 | |||
48 | processActivities(task.activities, options) | ||
47 | .then(() => cb()) | 49 | .then(() => cb()) |
48 | }) | 50 | }) |
49 | 51 | ||
50 | function inboxController (req: express.Request, res: express.Response, next: express.NextFunction) { | 52 | function inboxController (req: express.Request, res: express.Response) { |
51 | const rootActivity: RootActivity = req.body | 53 | const rootActivity: RootActivity = req.body |
52 | let activities: Activity[] = [] | 54 | let activities: Activity[] = [] |
53 | 55 | ||
diff --git a/server/controllers/api/videos/rate.ts b/server/controllers/api/videos/rate.ts index dc322bb0c..53952a0a2 100644 --- a/server/controllers/api/videos/rate.ts +++ b/server/controllers/api/videos/rate.ts | |||
@@ -2,8 +2,8 @@ import * as express from 'express' | |||
2 | import { UserVideoRateUpdate } from '../../../../shared' | 2 | import { UserVideoRateUpdate } from '../../../../shared' |
3 | import { logger } from '../../../helpers/logger' | 3 | import { logger } from '../../../helpers/logger' |
4 | import { sequelizeTypescript, VIDEO_RATE_TYPES } from '../../../initializers' | 4 | import { sequelizeTypescript, VIDEO_RATE_TYPES } from '../../../initializers' |
5 | import { sendVideoRateChange } from '../../../lib/activitypub' | 5 | import { getRateUrl, sendVideoRateChange } from '../../../lib/activitypub' |
6 | import { asyncMiddleware, asyncRetryTransactionMiddleware, authenticate, videoRateValidator } from '../../../middlewares' | 6 | import { asyncMiddleware, asyncRetryTransactionMiddleware, authenticate, videoUpdateRateValidator } from '../../../middlewares' |
7 | import { AccountModel } from '../../../models/account/account' | 7 | import { AccountModel } from '../../../models/account/account' |
8 | import { AccountVideoRateModel } from '../../../models/account/account-video-rate' | 8 | import { AccountVideoRateModel } from '../../../models/account/account-video-rate' |
9 | import { VideoModel } from '../../../models/video/video' | 9 | import { VideoModel } from '../../../models/video/video' |
@@ -12,7 +12,7 @@ const rateVideoRouter = express.Router() | |||
12 | 12 | ||
13 | rateVideoRouter.put('/:id/rate', | 13 | rateVideoRouter.put('/:id/rate', |
14 | authenticate, | 14 | authenticate, |
15 | asyncMiddleware(videoRateValidator), | 15 | asyncMiddleware(videoUpdateRateValidator), |
16 | asyncRetryTransactionMiddleware(rateVideo) | 16 | asyncRetryTransactionMiddleware(rateVideo) |
17 | ) | 17 | ) |
18 | 18 | ||
@@ -28,11 +28,12 @@ async function rateVideo (req: express.Request, res: express.Response) { | |||
28 | const body: UserVideoRateUpdate = req.body | 28 | const body: UserVideoRateUpdate = req.body |
29 | const rateType = body.rating | 29 | const rateType = body.rating |
30 | const videoInstance: VideoModel = res.locals.video | 30 | const videoInstance: VideoModel = res.locals.video |
31 | const userAccount: AccountModel = res.locals.oauth.token.User.Account | ||
31 | 32 | ||
32 | await sequelizeTypescript.transaction(async t => { | 33 | await sequelizeTypescript.transaction(async t => { |
33 | const sequelizeOptions = { transaction: t } | 34 | const sequelizeOptions = { transaction: t } |
34 | 35 | ||
35 | const accountInstance = await AccountModel.load(res.locals.oauth.token.User.Account.id, t) | 36 | const accountInstance = await AccountModel.load(userAccount.id, t) |
36 | const previousRate = await AccountVideoRateModel.load(accountInstance.id, videoInstance.id, t) | 37 | const previousRate = await AccountVideoRateModel.load(accountInstance.id, videoInstance.id, t) |
37 | 38 | ||
38 | let likesToIncrement = 0 | 39 | let likesToIncrement = 0 |
@@ -44,20 +45,22 @@ async function rateVideo (req: express.Request, res: express.Response) { | |||
44 | // There was a previous rate, update it | 45 | // There was a previous rate, update it |
45 | if (previousRate) { | 46 | if (previousRate) { |
46 | // We will remove the previous rate, so we will need to update the video count attribute | 47 | // We will remove the previous rate, so we will need to update the video count attribute |
47 | if (previousRate.type === VIDEO_RATE_TYPES.LIKE) likesToIncrement-- | 48 | if (previousRate.type === 'like') likesToIncrement-- |
48 | else if (previousRate.type === VIDEO_RATE_TYPES.DISLIKE) dislikesToIncrement-- | 49 | else if (previousRate.type === 'dislike') dislikesToIncrement-- |
49 | 50 | ||
50 | if (rateType === 'none') { // Destroy previous rate | 51 | if (rateType === 'none') { // Destroy previous rate |
51 | await previousRate.destroy(sequelizeOptions) | 52 | await previousRate.destroy(sequelizeOptions) |
52 | } else { // Update previous rate | 53 | } else { // Update previous rate |
53 | previousRate.type = rateType | 54 | previousRate.type = rateType |
55 | previousRate.url = getRateUrl(rateType, userAccount.Actor, videoInstance) | ||
54 | await previousRate.save(sequelizeOptions) | 56 | await previousRate.save(sequelizeOptions) |
55 | } | 57 | } |
56 | } else if (rateType !== 'none') { // There was not a previous rate, insert a new one if there is a rate | 58 | } else if (rateType !== 'none') { // There was not a previous rate, insert a new one if there is a rate |
57 | const query = { | 59 | const query = { |
58 | accountId: accountInstance.id, | 60 | accountId: accountInstance.id, |
59 | videoId: videoInstance.id, | 61 | videoId: videoInstance.id, |
60 | type: rateType | 62 | type: rateType, |
63 | url: getRateUrl(rateType, userAccount.Actor, videoInstance) | ||
61 | } | 64 | } |
62 | 65 | ||
63 | await AccountVideoRateModel.create(query, sequelizeOptions) | 66 | await AccountVideoRateModel.create(query, sequelizeOptions) |
diff --git a/server/helpers/activitypub.ts b/server/helpers/activitypub.ts index b0bcfe824..4bf6e387d 100644 --- a/server/helpers/activitypub.ts +++ b/server/helpers/activitypub.ts | |||
@@ -6,6 +6,7 @@ import { ACTIVITY_PUB } from '../initializers' | |||
6 | import { ActorModel } from '../models/activitypub/actor' | 6 | import { ActorModel } from '../models/activitypub/actor' |
7 | import { signJsonLDObject } from './peertube-crypto' | 7 | import { signJsonLDObject } from './peertube-crypto' |
8 | import { pageToStartAndCount } from './core-utils' | 8 | import { pageToStartAndCount } from './core-utils' |
9 | import { parse } from 'url' | ||
9 | 10 | ||
10 | function activityPubContextify <T> (data: T) { | 11 | function activityPubContextify <T> (data: T) { |
11 | return Object.assign(data, { | 12 | return Object.assign(data, { |
@@ -111,9 +112,17 @@ function getActorUrl (activityActor: string | ActivityPubActor) { | |||
111 | return activityActor.id | 112 | return activityActor.id |
112 | } | 113 | } |
113 | 114 | ||
115 | function checkUrlsSameHost (url1: string, url2: string) { | ||
116 | const idHost = parse(url1).host | ||
117 | const actorHost = parse(url2).host | ||
118 | |||
119 | return idHost && actorHost && idHost.toLowerCase() === actorHost.toLowerCase() | ||
120 | } | ||
121 | |||
114 | // --------------------------------------------------------------------------- | 122 | // --------------------------------------------------------------------------- |
115 | 123 | ||
116 | export { | 124 | export { |
125 | checkUrlsSameHost, | ||
117 | getActorUrl, | 126 | getActorUrl, |
118 | activityPubContextify, | 127 | activityPubContextify, |
119 | activityPubCollectionPagination, | 128 | activityPubCollectionPagination, |
diff --git a/server/helpers/requests.ts b/server/helpers/requests.ts index ee9e80404..51facc9e0 100644 --- a/server/helpers/requests.ts +++ b/server/helpers/requests.ts | |||
@@ -3,7 +3,7 @@ import { createWriteStream } from 'fs-extra' | |||
3 | import * as request from 'request' | 3 | import * as request from 'request' |
4 | import { ACTIVITY_PUB } from '../initializers' | 4 | import { ACTIVITY_PUB } from '../initializers' |
5 | 5 | ||
6 | function doRequest ( | 6 | function doRequest <T> ( |
7 | requestOptions: request.CoreOptions & request.UriOptions & { activityPub?: boolean } | 7 | requestOptions: request.CoreOptions & request.UriOptions & { activityPub?: boolean } |
8 | ): Bluebird<{ response: request.RequestResponse, body: any }> { | 8 | ): Bluebird<{ response: request.RequestResponse, body: any }> { |
9 | if (requestOptions.activityPub === true) { | 9 | if (requestOptions.activityPub === true) { |
@@ -11,7 +11,7 @@ function doRequest ( | |||
11 | requestOptions.headers['accept'] = ACTIVITY_PUB.ACCEPT_HEADER | 11 | requestOptions.headers['accept'] = ACTIVITY_PUB.ACCEPT_HEADER |
12 | } | 12 | } |
13 | 13 | ||
14 | return new Bluebird<{ response: request.RequestResponse, body: any }>((res, rej) => { | 14 | return new Bluebird<{ response: request.RequestResponse, body: T }>((res, rej) => { |
15 | request(requestOptions, (err, response, body) => err ? rej(err) : res({ response, body })) | 15 | request(requestOptions, (err, response, body) => err ? rej(err) : res({ response, body })) |
16 | }) | 16 | }) |
17 | } | 17 | } |
diff --git a/server/initializers/constants.ts b/server/initializers/constants.ts index 9aadbe824..ae3d671bb 100644 --- a/server/initializers/constants.ts +++ b/server/initializers/constants.ts | |||
@@ -16,7 +16,7 @@ let config: IConfig = require('config') | |||
16 | 16 | ||
17 | // --------------------------------------------------------------------------- | 17 | // --------------------------------------------------------------------------- |
18 | 18 | ||
19 | const LAST_MIGRATION_VERSION = 285 | 19 | const LAST_MIGRATION_VERSION = 290 |
20 | 20 | ||
21 | // --------------------------------------------------------------------------- | 21 | // --------------------------------------------------------------------------- |
22 | 22 | ||
@@ -336,6 +336,9 @@ const CONSTRAINTS_FIELDS = { | |||
336 | VIDEOS_REDUNDANCY: { | 336 | VIDEOS_REDUNDANCY: { |
337 | URL: { min: 3, max: 2000 } // Length | 337 | URL: { min: 3, max: 2000 } // Length |
338 | }, | 338 | }, |
339 | VIDEO_RATES: { | ||
340 | URL: { min: 3, max: 2000 } // Length | ||
341 | }, | ||
339 | VIDEOS: { | 342 | VIDEOS: { |
340 | NAME: { min: 3, max: 120 }, // Length | 343 | NAME: { min: 3, max: 120 }, // Length |
341 | LANGUAGE: { min: 1, max: 10 }, // Length | 344 | LANGUAGE: { min: 1, max: 10 }, // Length |
diff --git a/server/initializers/migrations/0290-account-video-rate-url.ts b/server/initializers/migrations/0290-account-video-rate-url.ts new file mode 100644 index 000000000..bdabf2929 --- /dev/null +++ b/server/initializers/migrations/0290-account-video-rate-url.ts | |||
@@ -0,0 +1,46 @@ | |||
1 | import * as Sequelize from 'sequelize' | ||
2 | |||
3 | async function up (utils: { | ||
4 | transaction: Sequelize.Transaction, | ||
5 | queryInterface: Sequelize.QueryInterface, | ||
6 | sequelize: Sequelize.Sequelize, | ||
7 | db: any | ||
8 | }): Promise<void> { | ||
9 | { | ||
10 | const data = { | ||
11 | type: Sequelize.STRING(2000), | ||
12 | allowNull: true | ||
13 | } | ||
14 | |||
15 | await utils.queryInterface.addColumn('accountVideoRate', 'url', data) | ||
16 | } | ||
17 | |||
18 | { | ||
19 | const builtUrlQuery = `SELECT "actor"."url" || '/' || "accountVideoRate"."type" || 's/' || "videoId" ` + | ||
20 | 'FROM "accountVideoRate" ' + | ||
21 | 'INNER JOIN account ON account.id = "accountVideoRate"."accountId" ' + | ||
22 | 'INNER JOIN actor ON actor.id = account."actorId" ' + | ||
23 | 'WHERE "base".id = "accountVideoRate".id' | ||
24 | |||
25 | const query = 'UPDATE "accountVideoRate" base SET "url" = (' + builtUrlQuery + ') WHERE "url" IS NULL' | ||
26 | await utils.sequelize.query(query) | ||
27 | } | ||
28 | |||
29 | { | ||
30 | const data = { | ||
31 | type: Sequelize.STRING(2000), | ||
32 | allowNull: false, | ||
33 | defaultValue: null | ||
34 | } | ||
35 | await utils.queryInterface.changeColumn('accountVideoRate', 'url', data) | ||
36 | } | ||
37 | } | ||
38 | |||
39 | function down (options) { | ||
40 | throw new Error('Not implemented.') | ||
41 | } | ||
42 | |||
43 | export { | ||
44 | up, | ||
45 | down | ||
46 | } | ||
diff --git a/server/lib/activitypub/actor.ts b/server/lib/activitypub/actor.ts index 45dd4443d..b16a00669 100644 --- a/server/lib/activitypub/actor.ts +++ b/server/lib/activitypub/actor.ts | |||
@@ -5,7 +5,7 @@ import * as url from 'url' | |||
5 | import * as uuidv4 from 'uuid/v4' | 5 | import * as uuidv4 from 'uuid/v4' |
6 | import { ActivityPubActor, ActivityPubActorType } from '../../../shared/models/activitypub' | 6 | import { ActivityPubActor, ActivityPubActorType } from '../../../shared/models/activitypub' |
7 | import { ActivityPubAttributedTo } from '../../../shared/models/activitypub/objects' | 7 | import { ActivityPubAttributedTo } from '../../../shared/models/activitypub/objects' |
8 | import { getActorUrl } from '../../helpers/activitypub' | 8 | import { checkUrlsSameHost, getActorUrl } from '../../helpers/activitypub' |
9 | import { isActorObjectValid, normalizeActor } from '../../helpers/custom-validators/activitypub/actor' | 9 | import { isActorObjectValid, normalizeActor } from '../../helpers/custom-validators/activitypub/actor' |
10 | import { isActivityPubUrlValid } from '../../helpers/custom-validators/activitypub/misc' | 10 | import { isActivityPubUrlValid } from '../../helpers/custom-validators/activitypub/misc' |
11 | import { retryTransactionWrapper, updateInstanceWithAnother } from '../../helpers/database-utils' | 11 | import { retryTransactionWrapper, updateInstanceWithAnother } from '../../helpers/database-utils' |
@@ -65,8 +65,12 @@ async function getOrCreateActorAndServerAndModel ( | |||
65 | const accountAttributedTo = result.attributedTo.find(a => a.type === 'Person') | 65 | const accountAttributedTo = result.attributedTo.find(a => a.type === 'Person') |
66 | if (!accountAttributedTo) throw new Error('Cannot find account attributed to video channel ' + actor.url) | 66 | if (!accountAttributedTo) throw new Error('Cannot find account attributed to video channel ' + actor.url) |
67 | 67 | ||
68 | if (checkUrlsSameHost(accountAttributedTo.id, actorUrl) !== true) { | ||
69 | throw new Error(`Account attributed to ${accountAttributedTo.id} does not have the same host than actor url ${actorUrl}`) | ||
70 | } | ||
71 | |||
68 | try { | 72 | try { |
69 | // Assert we don't recurse another time | 73 | // Don't recurse another time |
70 | ownerActor = await getOrCreateActorAndServerAndModel(accountAttributedTo.id, 'all', false) | 74 | ownerActor = await getOrCreateActorAndServerAndModel(accountAttributedTo.id, 'all', false) |
71 | } catch (err) { | 75 | } catch (err) { |
72 | logger.error('Cannot get or create account attributed to video channel ' + actor.url) | 76 | logger.error('Cannot get or create account attributed to video channel ' + actor.url) |
@@ -297,12 +301,15 @@ async function fetchRemoteActor (actorUrl: string): Promise<{ statusCode?: numbe | |||
297 | normalizeActor(requestResult.body) | 301 | normalizeActor(requestResult.body) |
298 | 302 | ||
299 | const actorJSON: ActivityPubActor = requestResult.body | 303 | const actorJSON: ActivityPubActor = requestResult.body |
300 | |||
301 | if (isActorObjectValid(actorJSON) === false) { | 304 | if (isActorObjectValid(actorJSON) === false) { |
302 | logger.debug('Remote actor JSON is not valid.', { actorJSON: actorJSON }) | 305 | logger.debug('Remote actor JSON is not valid.', { actorJSON: actorJSON }) |
303 | return { result: undefined, statusCode: requestResult.response.statusCode } | 306 | return { result: undefined, statusCode: requestResult.response.statusCode } |
304 | } | 307 | } |
305 | 308 | ||
309 | if (checkUrlsSameHost(actorJSON.id, actorUrl) !== true) { | ||
310 | throw new Error('Actor url ' + actorUrl + ' has not the same host than its AP id ' + actorJSON.id) | ||
311 | } | ||
312 | |||
306 | const followersCount = await fetchActorTotalItems(actorJSON.followers) | 313 | const followersCount = await fetchActorTotalItems(actorJSON.followers) |
307 | const followingCount = await fetchActorTotalItems(actorJSON.following) | 314 | const followingCount = await fetchActorTotalItems(actorJSON.following) |
308 | 315 | ||
diff --git a/server/lib/activitypub/crawl.ts b/server/lib/activitypub/crawl.ts index db9ce3293..1b9b14c2e 100644 --- a/server/lib/activitypub/crawl.ts +++ b/server/lib/activitypub/crawl.ts | |||
@@ -2,6 +2,7 @@ import { ACTIVITY_PUB, JOB_REQUEST_TIMEOUT } from '../../initializers' | |||
2 | import { doRequest } from '../../helpers/requests' | 2 | import { doRequest } from '../../helpers/requests' |
3 | import { logger } from '../../helpers/logger' | 3 | import { logger } from '../../helpers/logger' |
4 | import * as Bluebird from 'bluebird' | 4 | import * as Bluebird from 'bluebird' |
5 | import { ActivityPubOrderedCollection } from '../../../shared/models/activitypub' | ||
5 | 6 | ||
6 | async function crawlCollectionPage <T> (uri: string, handler: (items: T[]) => Promise<any> | Bluebird<any>) { | 7 | async function crawlCollectionPage <T> (uri: string, handler: (items: T[]) => Promise<any> | Bluebird<any>) { |
7 | logger.info('Crawling ActivityPub data on %s.', uri) | 8 | logger.info('Crawling ActivityPub data on %s.', uri) |
@@ -14,7 +15,7 @@ async function crawlCollectionPage <T> (uri: string, handler: (items: T[]) => Pr | |||
14 | timeout: JOB_REQUEST_TIMEOUT | 15 | timeout: JOB_REQUEST_TIMEOUT |
15 | } | 16 | } |
16 | 17 | ||
17 | const response = await doRequest(options) | 18 | const response = await doRequest<ActivityPubOrderedCollection<T>>(options) |
18 | const firstBody = response.body | 19 | const firstBody = response.body |
19 | 20 | ||
20 | let limit = ACTIVITY_PUB.FETCH_PAGE_LIMIT | 21 | let limit = ACTIVITY_PUB.FETCH_PAGE_LIMIT |
@@ -23,7 +24,7 @@ async function crawlCollectionPage <T> (uri: string, handler: (items: T[]) => Pr | |||
23 | while (nextLink && i < limit) { | 24 | while (nextLink && i < limit) { |
24 | options.uri = nextLink | 25 | options.uri = nextLink |
25 | 26 | ||
26 | const { body } = await doRequest(options) | 27 | const { body } = await doRequest<ActivityPubOrderedCollection<T>>(options) |
27 | nextLink = body.next | 28 | nextLink = body.next |
28 | i++ | 29 | i++ |
29 | 30 | ||
diff --git a/server/lib/activitypub/process/index.ts b/server/lib/activitypub/process/index.ts index db4980a72..5466739c1 100644 --- a/server/lib/activitypub/process/index.ts +++ b/server/lib/activitypub/process/index.ts | |||
@@ -1,9 +1 @@ | |||
1 | export * from './process' | export * from './process' | |
2 | export * from './process-accept' | ||
3 | export * from './process-announce' | ||
4 | export * from './process-create' | ||
5 | export * from './process-delete' | ||
6 | export * from './process-follow' | ||
7 | export * from './process-like' | ||
8 | export * from './process-undo' | ||
9 | export * from './process-update' | ||
diff --git a/server/lib/activitypub/process/process-create.ts b/server/lib/activitypub/process/process-create.ts index cefe89db0..920d02cd2 100644 --- a/server/lib/activitypub/process/process-create.ts +++ b/server/lib/activitypub/process/process-create.ts | |||
@@ -12,6 +12,8 @@ import { getOrCreateVideoAndAccountAndChannel } from '../videos' | |||
12 | import { forwardVideoRelatedActivity } from '../send/utils' | 12 | import { forwardVideoRelatedActivity } from '../send/utils' |
13 | import { Redis } from '../../redis' | 13 | import { Redis } from '../../redis' |
14 | import { createOrUpdateCacheFile } from '../cache-file' | 14 | import { createOrUpdateCacheFile } from '../cache-file' |
15 | import { immutableAssign } from '../../../tests/utils' | ||
16 | import { getVideoDislikeActivityPubUrl, getVideoLikeActivityPubUrl } from '../url' | ||
15 | 17 | ||
16 | async function processCreateActivity (activity: ActivityCreate, byActor: ActorModel) { | 18 | async function processCreateActivity (activity: ActivityCreate, byActor: ActorModel) { |
17 | const activityObject = activity.object | 19 | const activityObject = activity.object |
@@ -65,9 +67,10 @@ async function processCreateDislike (byActor: ActorModel, activity: ActivityCrea | |||
65 | videoId: video.id, | 67 | videoId: video.id, |
66 | accountId: byAccount.id | 68 | accountId: byAccount.id |
67 | } | 69 | } |
70 | |||
68 | const [ , created ] = await AccountVideoRateModel.findOrCreate({ | 71 | const [ , created ] = await AccountVideoRateModel.findOrCreate({ |
69 | where: rate, | 72 | where: rate, |
70 | defaults: rate, | 73 | defaults: immutableAssign(rate, { url: getVideoDislikeActivityPubUrl(byActor, video) }), |
71 | transaction: t | 74 | transaction: t |
72 | }) | 75 | }) |
73 | if (created === true) await video.increment('dislikes', { transaction: t }) | 76 | if (created === true) await video.increment('dislikes', { transaction: t }) |
diff --git a/server/lib/activitypub/process/process-like.ts b/server/lib/activitypub/process/process-like.ts index f7200db61..0dca17551 100644 --- a/server/lib/activitypub/process/process-like.ts +++ b/server/lib/activitypub/process/process-like.ts | |||
@@ -5,6 +5,8 @@ import { AccountVideoRateModel } from '../../../models/account/account-video-rat | |||
5 | import { ActorModel } from '../../../models/activitypub/actor' | 5 | import { ActorModel } from '../../../models/activitypub/actor' |
6 | import { forwardVideoRelatedActivity } from '../send/utils' | 6 | import { forwardVideoRelatedActivity } from '../send/utils' |
7 | import { getOrCreateVideoAndAccountAndChannel } from '../videos' | 7 | import { getOrCreateVideoAndAccountAndChannel } from '../videos' |
8 | import { immutableAssign } from '../../../tests/utils' | ||
9 | import { getVideoDislikeActivityPubUrl, getVideoLikeActivityPubUrl } from '../url' | ||
8 | 10 | ||
9 | async function processLikeActivity (activity: ActivityLike, byActor: ActorModel) { | 11 | async function processLikeActivity (activity: ActivityLike, byActor: ActorModel) { |
10 | return retryTransactionWrapper(processLikeVideo, byActor, activity) | 12 | return retryTransactionWrapper(processLikeVideo, byActor, activity) |
@@ -34,7 +36,7 @@ async function processLikeVideo (byActor: ActorModel, activity: ActivityLike) { | |||
34 | } | 36 | } |
35 | const [ , created ] = await AccountVideoRateModel.findOrCreate({ | 37 | const [ , created ] = await AccountVideoRateModel.findOrCreate({ |
36 | where: rate, | 38 | where: rate, |
37 | defaults: rate, | 39 | defaults: immutableAssign(rate, { url: getVideoLikeActivityPubUrl(byActor, video) }), |
38 | transaction: t | 40 | transaction: t |
39 | }) | 41 | }) |
40 | if (created === true) await video.increment('likes', { transaction: t }) | 42 | if (created === true) await video.increment('likes', { transaction: t }) |
diff --git a/server/lib/activitypub/process/process-undo.ts b/server/lib/activitypub/process/process-undo.ts index ff019cd8c..438a013b6 100644 --- a/server/lib/activitypub/process/process-undo.ts +++ b/server/lib/activitypub/process/process-undo.ts | |||
@@ -55,7 +55,8 @@ async function processUndoLike (byActor: ActorModel, activity: ActivityUndo) { | |||
55 | return sequelizeTypescript.transaction(async t => { | 55 | return sequelizeTypescript.transaction(async t => { |
56 | if (!byActor.Account) throw new Error('Unknown account ' + byActor.url) | 56 | if (!byActor.Account) throw new Error('Unknown account ' + byActor.url) |
57 | 57 | ||
58 | const rate = await AccountVideoRateModel.load(byActor.Account.id, video.id, t) | 58 | let rate = await AccountVideoRateModel.loadByUrl(likeActivity.id, t) |
59 | if (!rate) rate = await AccountVideoRateModel.load(byActor.Account.id, video.id, t) | ||
59 | if (!rate) throw new Error(`Unknown rate by account ${byActor.Account.id} for video ${video.id}.`) | 60 | if (!rate) throw new Error(`Unknown rate by account ${byActor.Account.id} for video ${video.id}.`) |
60 | 61 | ||
61 | await rate.destroy({ transaction: t }) | 62 | await rate.destroy({ transaction: t }) |
@@ -78,7 +79,8 @@ async function processUndoDislike (byActor: ActorModel, activity: ActivityUndo) | |||
78 | return sequelizeTypescript.transaction(async t => { | 79 | return sequelizeTypescript.transaction(async t => { |
79 | if (!byActor.Account) throw new Error('Unknown account ' + byActor.url) | 80 | if (!byActor.Account) throw new Error('Unknown account ' + byActor.url) |
80 | 81 | ||
81 | const rate = await AccountVideoRateModel.load(byActor.Account.id, video.id, t) | 82 | let rate = await AccountVideoRateModel.loadByUrl(dislike.id, t) |
83 | if (!rate) rate = await AccountVideoRateModel.load(byActor.Account.id, video.id, t) | ||
82 | if (!rate) throw new Error(`Unknown rate by account ${byActor.Account.id} for video ${video.id}.`) | 84 | if (!rate) throw new Error(`Unknown rate by account ${byActor.Account.id} for video ${video.id}.`) |
83 | 85 | ||
84 | await rate.destroy({ transaction: t }) | 86 | await rate.destroy({ transaction: t }) |
diff --git a/server/lib/activitypub/process/process.ts b/server/lib/activitypub/process/process.ts index b263f1ea2..b9b255ddf 100644 --- a/server/lib/activitypub/process/process.ts +++ b/server/lib/activitypub/process/process.ts | |||
@@ -1,5 +1,5 @@ | |||
1 | import { Activity, ActivityType } from '../../../../shared/models/activitypub' | 1 | import { Activity, ActivityType } from '../../../../shared/models/activitypub' |
2 | import { getActorUrl } from '../../../helpers/activitypub' | 2 | import { checkUrlsSameHost, getActorUrl } from '../../../helpers/activitypub' |
3 | import { logger } from '../../../helpers/logger' | 3 | import { logger } from '../../../helpers/logger' |
4 | import { ActorModel } from '../../../models/activitypub/actor' | 4 | import { ActorModel } from '../../../models/activitypub/actor' |
5 | import { processAcceptActivity } from './process-accept' | 5 | import { processAcceptActivity } from './process-accept' |
@@ -25,11 +25,17 @@ const processActivity: { [ P in ActivityType ]: (activity: Activity, byActor: Ac | |||
25 | Like: processLikeActivity | 25 | Like: processLikeActivity |
26 | } | 26 | } |
27 | 27 | ||
28 | async function processActivities (activities: Activity[], signatureActor?: ActorModel, inboxActor?: ActorModel) { | 28 | async function processActivities ( |
29 | activities: Activity[], | ||
30 | options: { | ||
31 | signatureActor?: ActorModel | ||
32 | inboxActor?: ActorModel | ||
33 | outboxUrl?: string | ||
34 | } = {}) { | ||
29 | const actorsCache: { [ url: string ]: ActorModel } = {} | 35 | const actorsCache: { [ url: string ]: ActorModel } = {} |
30 | 36 | ||
31 | for (const activity of activities) { | 37 | for (const activity of activities) { |
32 | if (!signatureActor && [ 'Create', 'Announce', 'Like' ].indexOf(activity.type) === -1) { | 38 | if (!options.signatureActor && [ 'Create', 'Announce', 'Like' ].indexOf(activity.type) === -1) { |
33 | logger.error('Cannot process activity %s (type: %s) without the actor signature.', activity.id, activity.type) | 39 | logger.error('Cannot process activity %s (type: %s) without the actor signature.', activity.id, activity.type) |
34 | continue | 40 | continue |
35 | } | 41 | } |
@@ -37,12 +43,17 @@ async function processActivities (activities: Activity[], signatureActor?: Actor | |||
37 | const actorUrl = getActorUrl(activity.actor) | 43 | const actorUrl = getActorUrl(activity.actor) |
38 | 44 | ||
39 | // When we fetch remote data, we don't have signature | 45 | // When we fetch remote data, we don't have signature |
40 | if (signatureActor && actorUrl !== signatureActor.url) { | 46 | if (options.signatureActor && actorUrl !== options.signatureActor.url) { |
41 | logger.warn('Signature mismatch between %s and %s.', actorUrl, signatureActor.url) | 47 | logger.warn('Signature mismatch between %s and %s, skipping.', actorUrl, options.signatureActor.url) |
42 | continue | 48 | continue |
43 | } | 49 | } |
44 | 50 | ||
45 | const byActor = signatureActor || actorsCache[actorUrl] || await getOrCreateActorAndServerAndModel(actorUrl) | 51 | if (options.outboxUrl && checkUrlsSameHost(options.outboxUrl, actorUrl) !== true) { |
52 | logger.warn('Host mismatch between outbox URL %s and actor URL %s, skipping.', options.outboxUrl, actorUrl) | ||
53 | continue | ||
54 | } | ||
55 | |||
56 | const byActor = options.signatureActor || actorsCache[actorUrl] || await getOrCreateActorAndServerAndModel(actorUrl) | ||
46 | actorsCache[actorUrl] = byActor | 57 | actorsCache[actorUrl] = byActor |
47 | 58 | ||
48 | const activityProcessor = processActivity[activity.type] | 59 | const activityProcessor = processActivity[activity.type] |
@@ -52,7 +63,7 @@ async function processActivities (activities: Activity[], signatureActor?: Actor | |||
52 | } | 63 | } |
53 | 64 | ||
54 | try { | 65 | try { |
55 | await activityProcessor(activity, byActor, inboxActor) | 66 | await activityProcessor(activity, byActor, options.inboxActor) |
56 | } catch (err) { | 67 | } catch (err) { |
57 | logger.warn('Cannot process activity %s.', activity.type, { err }) | 68 | logger.warn('Cannot process activity %s.', activity.type, { err }) |
58 | } | 69 | } |
diff --git a/server/lib/activitypub/send/send-create.ts b/server/lib/activitypub/send/send-create.ts index 285edba3b..e3fca0a17 100644 --- a/server/lib/activitypub/send/send-create.ts +++ b/server/lib/activitypub/send/send-create.ts | |||
@@ -95,7 +95,7 @@ async function sendCreateView (byActor: ActorModel, video: VideoModel, t: Transa | |||
95 | logger.info('Creating job to send view of %s.', video.url) | 95 | logger.info('Creating job to send view of %s.', video.url) |
96 | 96 | ||
97 | const url = getVideoViewActivityPubUrl(byActor, video) | 97 | const url = getVideoViewActivityPubUrl(byActor, video) |
98 | const viewActivity = buildViewActivity(byActor, video) | 98 | const viewActivity = buildViewActivity(url, byActor, video) |
99 | 99 | ||
100 | return sendVideoRelatedCreateActivity({ | 100 | return sendVideoRelatedCreateActivity({ |
101 | // Use the server actor to send the view | 101 | // Use the server actor to send the view |
@@ -111,7 +111,7 @@ async function sendCreateDislike (byActor: ActorModel, video: VideoModel, t: Tra | |||
111 | logger.info('Creating job to dislike %s.', video.url) | 111 | logger.info('Creating job to dislike %s.', video.url) |
112 | 112 | ||
113 | const url = getVideoDislikeActivityPubUrl(byActor, video) | 113 | const url = getVideoDislikeActivityPubUrl(byActor, video) |
114 | const dislikeActivity = buildDislikeActivity(byActor, video) | 114 | const dislikeActivity = buildDislikeActivity(url, byActor, video) |
115 | 115 | ||
116 | return sendVideoRelatedCreateActivity({ | 116 | return sendVideoRelatedCreateActivity({ |
117 | byActor, | 117 | byActor, |
@@ -136,16 +136,18 @@ function buildCreateActivity (url: string, byActor: ActorModel, object: any, aud | |||
136 | ) | 136 | ) |
137 | } | 137 | } |
138 | 138 | ||
139 | function buildDislikeActivity (byActor: ActorModel, video: VideoModel) { | 139 | function buildDislikeActivity (url: string, byActor: ActorModel, video: VideoModel) { |
140 | return { | 140 | return { |
141 | id: url, | ||
141 | type: 'Dislike', | 142 | type: 'Dislike', |
142 | actor: byActor.url, | 143 | actor: byActor.url, |
143 | object: video.url | 144 | object: video.url |
144 | } | 145 | } |
145 | } | 146 | } |
146 | 147 | ||
147 | function buildViewActivity (byActor: ActorModel, video: VideoModel) { | 148 | function buildViewActivity (url: string, byActor: ActorModel, video: VideoModel) { |
148 | return { | 149 | return { |
150 | id: url, | ||
149 | type: 'View', | 151 | type: 'View', |
150 | actor: byActor.url, | 152 | actor: byActor.url, |
151 | object: video.url | 153 | object: video.url |
diff --git a/server/lib/activitypub/send/send-like.ts b/server/lib/activitypub/send/send-like.ts index 89307acc6..35227887a 100644 --- a/server/lib/activitypub/send/send-like.ts +++ b/server/lib/activitypub/send/send-like.ts | |||
@@ -24,8 +24,8 @@ function buildLikeActivity (url: string, byActor: ActorModel, video: VideoModel, | |||
24 | 24 | ||
25 | return audiencify( | 25 | return audiencify( |
26 | { | 26 | { |
27 | type: 'Like' as 'Like', | ||
28 | id: url, | 27 | id: url, |
28 | type: 'Like' as 'Like', | ||
29 | actor: byActor.url, | 29 | actor: byActor.url, |
30 | object: video.url | 30 | object: video.url |
31 | }, | 31 | }, |
diff --git a/server/lib/activitypub/send/send-undo.ts b/server/lib/activitypub/send/send-undo.ts index 5236d2cb3..bf1b6e117 100644 --- a/server/lib/activitypub/send/send-undo.ts +++ b/server/lib/activitypub/send/send-undo.ts | |||
@@ -64,7 +64,7 @@ async function sendUndoDislike (byActor: ActorModel, video: VideoModel, t: Trans | |||
64 | logger.info('Creating job to undo a dislike of video %s.', video.url) | 64 | logger.info('Creating job to undo a dislike of video %s.', video.url) |
65 | 65 | ||
66 | const dislikeUrl = getVideoDislikeActivityPubUrl(byActor, video) | 66 | const dislikeUrl = getVideoDislikeActivityPubUrl(byActor, video) |
67 | const dislikeActivity = buildDislikeActivity(byActor, video) | 67 | const dislikeActivity = buildDislikeActivity(dislikeUrl, byActor, video) |
68 | const createDislikeActivity = buildCreateActivity(dislikeUrl, byActor, dislikeActivity) | 68 | const createDislikeActivity = buildCreateActivity(dislikeUrl, byActor, dislikeActivity) |
69 | 69 | ||
70 | return sendUndoVideoRelatedActivity({ byActor, video, url: dislikeUrl, activity: createDislikeActivity, transaction: t }) | 70 | return sendUndoVideoRelatedActivity({ byActor, video, url: dislikeUrl, activity: createDislikeActivity, transaction: t }) |
diff --git a/server/lib/activitypub/share.ts b/server/lib/activitypub/share.ts index 3ff60a97c..d2649e2d5 100644 --- a/server/lib/activitypub/share.ts +++ b/server/lib/activitypub/share.ts | |||
@@ -4,13 +4,14 @@ import { getServerActor } from '../../helpers/utils' | |||
4 | import { VideoModel } from '../../models/video/video' | 4 | import { VideoModel } from '../../models/video/video' |
5 | import { VideoShareModel } from '../../models/video/video-share' | 5 | import { VideoShareModel } from '../../models/video/video-share' |
6 | import { sendUndoAnnounce, sendVideoAnnounce } from './send' | 6 | import { sendUndoAnnounce, sendVideoAnnounce } from './send' |
7 | import { getAnnounceActivityPubUrl } from './url' | 7 | import { getVideoAnnounceActivityPubUrl } from './url' |
8 | import { VideoChannelModel } from '../../models/video/video-channel' | 8 | import { VideoChannelModel } from '../../models/video/video-channel' |
9 | import * as Bluebird from 'bluebird' | 9 | import * as Bluebird from 'bluebird' |
10 | import { doRequest } from '../../helpers/requests' | 10 | import { doRequest } from '../../helpers/requests' |
11 | import { getOrCreateActorAndServerAndModel } from './actor' | 11 | import { getOrCreateActorAndServerAndModel } from './actor' |
12 | import { logger } from '../../helpers/logger' | 12 | import { logger } from '../../helpers/logger' |
13 | import { CRAWL_REQUEST_CONCURRENCY } from '../../initializers' | 13 | import { CRAWL_REQUEST_CONCURRENCY } from '../../initializers' |
14 | import { checkUrlsSameHost, getActorUrl } from '../../helpers/activitypub' | ||
14 | 15 | ||
15 | async function shareVideoByServerAndChannel (video: VideoModel, t: Transaction) { | 16 | async function shareVideoByServerAndChannel (video: VideoModel, t: Transaction) { |
16 | if (video.privacy === VideoPrivacy.PRIVATE) return undefined | 17 | if (video.privacy === VideoPrivacy.PRIVATE) return undefined |
@@ -38,9 +39,13 @@ async function addVideoShares (shareUrls: string[], instance: VideoModel) { | |||
38 | json: true, | 39 | json: true, |
39 | activityPub: true | 40 | activityPub: true |
40 | }) | 41 | }) |
41 | if (!body || !body.actor) throw new Error('Body of body actor is invalid') | 42 | if (!body || !body.actor) throw new Error('Body or body actor is invalid') |
43 | |||
44 | const actorUrl = getActorUrl(body.actor) | ||
45 | if (checkUrlsSameHost(shareUrl, actorUrl) !== true) { | ||
46 | throw new Error(`Actor url ${actorUrl} has not the same host than the share url ${shareUrl}`) | ||
47 | } | ||
42 | 48 | ||
43 | const actorUrl = body.actor | ||
44 | const actor = await getOrCreateActorAndServerAndModel(actorUrl) | 49 | const actor = await getOrCreateActorAndServerAndModel(actorUrl) |
45 | 50 | ||
46 | const entry = { | 51 | const entry = { |
@@ -72,7 +77,7 @@ export { | |||
72 | async function shareByServer (video: VideoModel, t: Transaction) { | 77 | async function shareByServer (video: VideoModel, t: Transaction) { |
73 | const serverActor = await getServerActor() | 78 | const serverActor = await getServerActor() |
74 | 79 | ||
75 | const serverShareUrl = getAnnounceActivityPubUrl(video.url, serverActor) | 80 | const serverShareUrl = getVideoAnnounceActivityPubUrl(serverActor, video) |
76 | return VideoShareModel.findOrCreate({ | 81 | return VideoShareModel.findOrCreate({ |
77 | defaults: { | 82 | defaults: { |
78 | actorId: serverActor.id, | 83 | actorId: serverActor.id, |
@@ -91,7 +96,7 @@ async function shareByServer (video: VideoModel, t: Transaction) { | |||
91 | } | 96 | } |
92 | 97 | ||
93 | async function shareByVideoChannel (video: VideoModel, t: Transaction) { | 98 | async function shareByVideoChannel (video: VideoModel, t: Transaction) { |
94 | const videoChannelShareUrl = getAnnounceActivityPubUrl(video.url, video.VideoChannel.Actor) | 99 | const videoChannelShareUrl = getVideoAnnounceActivityPubUrl(video.VideoChannel.Actor, video) |
95 | return VideoShareModel.findOrCreate({ | 100 | return VideoShareModel.findOrCreate({ |
96 | defaults: { | 101 | defaults: { |
97 | actorId: video.VideoChannel.actorId, | 102 | actorId: video.VideoChannel.actorId, |
diff --git a/server/lib/activitypub/url.ts b/server/lib/activitypub/url.ts index e792be698..38f15448c 100644 --- a/server/lib/activitypub/url.ts +++ b/server/lib/activitypub/url.ts | |||
@@ -33,14 +33,14 @@ function getVideoAbuseActivityPubUrl (videoAbuse: VideoAbuseModel) { | |||
33 | } | 33 | } |
34 | 34 | ||
35 | function getVideoViewActivityPubUrl (byActor: ActorModel, video: VideoModel) { | 35 | function getVideoViewActivityPubUrl (byActor: ActorModel, video: VideoModel) { |
36 | return video.url + '/views/' + byActor.uuid + '/' + new Date().toISOString() | 36 | return byActor.url + '/views/videos/' + video.id + '/' + new Date().toISOString() |
37 | } | 37 | } |
38 | 38 | ||
39 | function getVideoLikeActivityPubUrl (byActor: ActorModel, video: VideoModel) { | 39 | function getVideoLikeActivityPubUrl (byActor: ActorModel, video: VideoModel | { id: number }) { |
40 | return byActor.url + '/likes/' + video.id | 40 | return byActor.url + '/likes/' + video.id |
41 | } | 41 | } |
42 | 42 | ||
43 | function getVideoDislikeActivityPubUrl (byActor: ActorModel, video: VideoModel) { | 43 | function getVideoDislikeActivityPubUrl (byActor: ActorModel, video: VideoModel | { id: number }) { |
44 | return byActor.url + '/dislikes/' + video.id | 44 | return byActor.url + '/dislikes/' + video.id |
45 | } | 45 | } |
46 | 46 | ||
@@ -74,8 +74,8 @@ function getActorFollowAcceptActivityPubUrl (actorFollow: ActorFollowModel) { | |||
74 | return follower.url + '/accepts/follows/' + me.id | 74 | return follower.url + '/accepts/follows/' + me.id |
75 | } | 75 | } |
76 | 76 | ||
77 | function getAnnounceActivityPubUrl (originalUrl: string, byActor: ActorModel) { | 77 | function getVideoAnnounceActivityPubUrl (byActor: ActorModel, video: VideoModel) { |
78 | return originalUrl + '/announces/' + byActor.id | 78 | return video.url + '/announces/' + byActor.id |
79 | } | 79 | } |
80 | 80 | ||
81 | function getDeleteActivityPubUrl (originalUrl: string) { | 81 | function getDeleteActivityPubUrl (originalUrl: string) { |
@@ -97,7 +97,7 @@ export { | |||
97 | getVideoAbuseActivityPubUrl, | 97 | getVideoAbuseActivityPubUrl, |
98 | getActorFollowActivityPubUrl, | 98 | getActorFollowActivityPubUrl, |
99 | getActorFollowAcceptActivityPubUrl, | 99 | getActorFollowAcceptActivityPubUrl, |
100 | getAnnounceActivityPubUrl, | 100 | getVideoAnnounceActivityPubUrl, |
101 | getUpdateActivityPubUrl, | 101 | getUpdateActivityPubUrl, |
102 | getUndoActivityPubUrl, | 102 | getUndoActivityPubUrl, |
103 | getVideoViewActivityPubUrl, | 103 | getVideoViewActivityPubUrl, |
diff --git a/server/lib/activitypub/video-comments.ts b/server/lib/activitypub/video-comments.ts index c8c17f4c4..5868e7297 100644 --- a/server/lib/activitypub/video-comments.ts +++ b/server/lib/activitypub/video-comments.ts | |||
@@ -9,6 +9,7 @@ import { VideoCommentModel } from '../../models/video/video-comment' | |||
9 | import { getOrCreateActorAndServerAndModel } from './actor' | 9 | import { getOrCreateActorAndServerAndModel } from './actor' |
10 | import { getOrCreateVideoAndAccountAndChannel } from './videos' | 10 | import { getOrCreateVideoAndAccountAndChannel } from './videos' |
11 | import * as Bluebird from 'bluebird' | 11 | import * as Bluebird from 'bluebird' |
12 | import { checkUrlsSameHost } from '../../helpers/activitypub' | ||
12 | 13 | ||
13 | async function videoCommentActivityObjectToDBAttributes (video: VideoModel, actor: ActorModel, comment: VideoCommentObject) { | 14 | async function videoCommentActivityObjectToDBAttributes (video: VideoModel, actor: ActorModel, comment: VideoCommentObject) { |
14 | let originCommentId: number = null | 15 | let originCommentId: number = null |
@@ -61,6 +62,14 @@ async function addVideoComment (videoInstance: VideoModel, commentUrl: string) { | |||
61 | const actorUrl = body.attributedTo | 62 | const actorUrl = body.attributedTo |
62 | if (!actorUrl) return { created: false } | 63 | if (!actorUrl) return { created: false } |
63 | 64 | ||
65 | if (checkUrlsSameHost(commentUrl, actorUrl) !== true) { | ||
66 | throw new Error(`Actor url ${actorUrl} has not the same host than the comment url ${commentUrl}`) | ||
67 | } | ||
68 | |||
69 | if (checkUrlsSameHost(body.id, commentUrl) !== true) { | ||
70 | throw new Error(`Comment url ${commentUrl} host is different from the AP object id ${body.id}`) | ||
71 | } | ||
72 | |||
64 | const actor = await getOrCreateActorAndServerAndModel(actorUrl) | 73 | const actor = await getOrCreateActorAndServerAndModel(actorUrl) |
65 | const entry = await videoCommentActivityObjectToDBAttributes(videoInstance, actor, body) | 74 | const entry = await videoCommentActivityObjectToDBAttributes(videoInstance, actor, body) |
66 | if (!entry) return { created: false } | 75 | if (!entry) return { created: false } |
@@ -134,6 +143,14 @@ async function resolveThread (url: string, comments: VideoCommentModel[] = []) { | |||
134 | const actorUrl = body.attributedTo | 143 | const actorUrl = body.attributedTo |
135 | if (!actorUrl) throw new Error('Miss attributed to in comment') | 144 | if (!actorUrl) throw new Error('Miss attributed to in comment') |
136 | 145 | ||
146 | if (checkUrlsSameHost(url, actorUrl) !== true) { | ||
147 | throw new Error(`Actor url ${actorUrl} has not the same host than the comment url ${url}`) | ||
148 | } | ||
149 | |||
150 | if (checkUrlsSameHost(body.id, url) !== true) { | ||
151 | throw new Error(`Comment url ${url} host is different from the AP object id ${body.id}`) | ||
152 | } | ||
153 | |||
137 | const actor = await getOrCreateActorAndServerAndModel(actorUrl) | 154 | const actor = await getOrCreateActorAndServerAndModel(actorUrl) |
138 | const comment = new VideoCommentModel({ | 155 | const comment = new VideoCommentModel({ |
139 | url: body.id, | 156 | url: body.id, |
diff --git a/server/lib/activitypub/video-rates.ts b/server/lib/activitypub/video-rates.ts index 1619251c3..1854b44c4 100644 --- a/server/lib/activitypub/video-rates.ts +++ b/server/lib/activitypub/video-rates.ts | |||
@@ -8,13 +8,35 @@ import { getOrCreateActorAndServerAndModel } from './actor' | |||
8 | import { AccountVideoRateModel } from '../../models/account/account-video-rate' | 8 | import { AccountVideoRateModel } from '../../models/account/account-video-rate' |
9 | import { logger } from '../../helpers/logger' | 9 | import { logger } from '../../helpers/logger' |
10 | import { CRAWL_REQUEST_CONCURRENCY } from '../../initializers' | 10 | import { CRAWL_REQUEST_CONCURRENCY } from '../../initializers' |
11 | import { doRequest } from '../../helpers/requests' | ||
12 | import { checkUrlsSameHost, getActorUrl } from '../../helpers/activitypub' | ||
13 | import { ActorModel } from '../../models/activitypub/actor' | ||
14 | import { getVideoDislikeActivityPubUrl, getVideoLikeActivityPubUrl } from './url' | ||
11 | 15 | ||
12 | async function createRates (actorUrls: string[], video: VideoModel, rate: VideoRateType) { | 16 | async function createRates (ratesUrl: string[], video: VideoModel, rate: VideoRateType) { |
13 | let rateCounts = 0 | 17 | let rateCounts = 0 |
14 | 18 | ||
15 | await Bluebird.map(actorUrls, async actorUrl => { | 19 | await Bluebird.map(ratesUrl, async rateUrl => { |
16 | try { | 20 | try { |
21 | // Fetch url | ||
22 | const { body } = await doRequest({ | ||
23 | uri: rateUrl, | ||
24 | json: true, | ||
25 | activityPub: true | ||
26 | }) | ||
27 | if (!body || !body.actor) throw new Error('Body or body actor is invalid') | ||
28 | |||
29 | const actorUrl = getActorUrl(body.actor) | ||
30 | if (checkUrlsSameHost(actorUrl, rateUrl) !== true) { | ||
31 | throw new Error(`Rate url ${rateUrl} has not the same host than actor url ${actorUrl}`) | ||
32 | } | ||
33 | |||
34 | if (checkUrlsSameHost(body.id, rateUrl) !== true) { | ||
35 | throw new Error(`Rate url ${rateUrl} host is different from the AP object id ${body.id}`) | ||
36 | } | ||
37 | |||
17 | const actor = await getOrCreateActorAndServerAndModel(actorUrl) | 38 | const actor = await getOrCreateActorAndServerAndModel(actorUrl) |
39 | |||
18 | const [ , created ] = await AccountVideoRateModel | 40 | const [ , created ] = await AccountVideoRateModel |
19 | .findOrCreate({ | 41 | .findOrCreate({ |
20 | where: { | 42 | where: { |
@@ -24,13 +46,14 @@ async function createRates (actorUrls: string[], video: VideoModel, rate: VideoR | |||
24 | defaults: { | 46 | defaults: { |
25 | videoId: video.id, | 47 | videoId: video.id, |
26 | accountId: actor.Account.id, | 48 | accountId: actor.Account.id, |
27 | type: rate | 49 | type: rate, |
50 | url: body.id | ||
28 | } | 51 | } |
29 | }) | 52 | }) |
30 | 53 | ||
31 | if (created) rateCounts += 1 | 54 | if (created) rateCounts += 1 |
32 | } catch (err) { | 55 | } catch (err) { |
33 | logger.warn('Cannot add rate %s for actor %s.', rate, actorUrl, { err }) | 56 | logger.warn('Cannot add rate %s.', rateUrl, { err }) |
34 | } | 57 | } |
35 | }, { concurrency: CRAWL_REQUEST_CONCURRENCY }) | 58 | }, { concurrency: CRAWL_REQUEST_CONCURRENCY }) |
36 | 59 | ||
@@ -62,7 +85,12 @@ async function sendVideoRateChange (account: AccountModel, | |||
62 | if (dislikes > 0) await sendCreateDislike(actor, video, t) | 85 | if (dislikes > 0) await sendCreateDislike(actor, video, t) |
63 | } | 86 | } |
64 | 87 | ||
88 | function getRateUrl (rateType: VideoRateType, actor: ActorModel, video: VideoModel) { | ||
89 | return rateType === 'like' ? getVideoLikeActivityPubUrl(actor, video) : getVideoDislikeActivityPubUrl(actor, video) | ||
90 | } | ||
91 | |||
65 | export { | 92 | export { |
93 | getRateUrl, | ||
66 | createRates, | 94 | createRates, |
67 | sendVideoRateChange | 95 | sendVideoRateChange |
68 | } | 96 | } |
diff --git a/server/lib/activitypub/videos.ts b/server/lib/activitypub/videos.ts index 3da363c0a..5bd03c8c6 100644 --- a/server/lib/activitypub/videos.ts +++ b/server/lib/activitypub/videos.ts | |||
@@ -29,6 +29,7 @@ import { createRates } from './video-rates' | |||
29 | import { addVideoShares, shareVideoByServerAndChannel } from './share' | 29 | import { addVideoShares, shareVideoByServerAndChannel } from './share' |
30 | import { AccountModel } from '../../models/account/account' | 30 | import { AccountModel } from '../../models/account/account' |
31 | import { fetchVideoByUrl, VideoFetchByUrlType } from '../../helpers/video' | 31 | import { fetchVideoByUrl, VideoFetchByUrlType } from '../../helpers/video' |
32 | import { checkUrlsSameHost } from '../../helpers/activitypub' | ||
32 | 33 | ||
33 | async function federateVideoIfNeeded (video: VideoModel, isNewVideo: boolean, transaction?: sequelize.Transaction) { | 34 | async function federateVideoIfNeeded (video: VideoModel, isNewVideo: boolean, transaction?: sequelize.Transaction) { |
34 | // If the video is not private and published, we federate it | 35 | // If the video is not private and published, we federate it |
@@ -63,7 +64,7 @@ async function fetchRemoteVideo (videoUrl: string): Promise<{ response: request. | |||
63 | 64 | ||
64 | const { response, body } = await doRequest(options) | 65 | const { response, body } = await doRequest(options) |
65 | 66 | ||
66 | if (sanitizeAndCheckVideoTorrentObject(body) === false) { | 67 | if (sanitizeAndCheckVideoTorrentObject(body) === false || checkUrlsSameHost(body.id, videoUrl) !== true) { |
67 | logger.debug('Remote video JSON is not valid.', { body }) | 68 | logger.debug('Remote video JSON is not valid.', { body }) |
68 | return { response, videoObject: undefined } | 69 | return { response, videoObject: undefined } |
69 | } | 70 | } |
@@ -107,6 +108,10 @@ function getOrCreateVideoChannelFromVideoObject (videoObject: VideoTorrentObject | |||
107 | const channel = videoObject.attributedTo.find(a => a.type === 'Group') | 108 | const channel = videoObject.attributedTo.find(a => a.type === 'Group') |
108 | if (!channel) throw new Error('Cannot find associated video channel to video ' + videoObject.url) | 109 | if (!channel) throw new Error('Cannot find associated video channel to video ' + videoObject.url) |
109 | 110 | ||
111 | if (checkUrlsSameHost(channel.id, videoObject.id) !== true) { | ||
112 | throw new Error(`Video channel url ${channel.id} does not have the same host than video object id ${videoObject.id}`) | ||
113 | } | ||
114 | |||
110 | return getOrCreateActorAndServerAndModel(channel.id, 'all') | 115 | return getOrCreateActorAndServerAndModel(channel.id, 'all') |
111 | } | 116 | } |
112 | 117 | ||
diff --git a/server/lib/job-queue/handlers/activitypub-http-fetcher.ts b/server/lib/job-queue/handlers/activitypub-http-fetcher.ts index 42217c27c..67ccfa995 100644 --- a/server/lib/job-queue/handlers/activitypub-http-fetcher.ts +++ b/server/lib/job-queue/handlers/activitypub-http-fetcher.ts | |||
@@ -23,7 +23,7 @@ async function processActivityPubHttpFetcher (job: Bull.Job) { | |||
23 | if (payload.videoId) video = await VideoModel.loadAndPopulateAccountAndServerAndTags(payload.videoId) | 23 | if (payload.videoId) video = await VideoModel.loadAndPopulateAccountAndServerAndTags(payload.videoId) |
24 | 24 | ||
25 | const fetcherType: { [ id in FetchType ]: (items: any[]) => Promise<any> } = { | 25 | const fetcherType: { [ id in FetchType ]: (items: any[]) => Promise<any> } = { |
26 | 'activity': items => processActivities(items), | 26 | 'activity': items => processActivities(items, { outboxUrl: payload.uri }), |
27 | 'video-likes': items => createRates(items, video, 'like'), | 27 | 'video-likes': items => createRates(items, video, 'like'), |
28 | 'video-dislikes': items => createRates(items, video, 'dislike'), | 28 | 'video-dislikes': items => createRates(items, video, 'dislike'), |
29 | 'video-shares': items => addVideoShares(items, video), | 29 | 'video-shares': items => addVideoShares(items, video), |
diff --git a/server/middlewares/validators/videos/index.ts b/server/middlewares/validators/videos/index.ts index 294783d85..a0d585b93 100644 --- a/server/middlewares/validators/videos/index.ts +++ b/server/middlewares/validators/videos/index.ts | |||
@@ -5,4 +5,6 @@ export * from './video-channels' | |||
5 | export * from './video-comments' | 5 | export * from './video-comments' |
6 | export * from './video-imports' | 6 | export * from './video-imports' |
7 | export * from './video-watch' | 7 | export * from './video-watch' |
8 | export * from './video-rates' | ||
9 | export * from './video-shares' | ||
8 | export * from './videos' | 10 | export * from './videos' |
diff --git a/server/middlewares/validators/videos/video-rates.ts b/server/middlewares/validators/videos/video-rates.ts new file mode 100644 index 000000000..793354520 --- /dev/null +++ b/server/middlewares/validators/videos/video-rates.ts | |||
@@ -0,0 +1,55 @@ | |||
1 | import * as express from 'express' | ||
2 | import 'express-validator' | ||
3 | import { body, param } from 'express-validator/check' | ||
4 | import { isIdOrUUIDValid, isIdValid } from '../../../helpers/custom-validators/misc' | ||
5 | import { isVideoExist, isVideoRatingTypeValid } from '../../../helpers/custom-validators/videos' | ||
6 | import { logger } from '../../../helpers/logger' | ||
7 | import { areValidationErrors } from '../utils' | ||
8 | import { AccountVideoRateModel } from '../../../models/account/account-video-rate' | ||
9 | import { VideoRateType } from '../../../../shared/models/videos' | ||
10 | import { isAccountNameValid } from '../../../helpers/custom-validators/accounts' | ||
11 | |||
12 | const videoUpdateRateValidator = [ | ||
13 | param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), | ||
14 | body('rating').custom(isVideoRatingTypeValid).withMessage('Should have a valid rate type'), | ||
15 | |||
16 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | ||
17 | logger.debug('Checking videoRate parameters', { parameters: req.body }) | ||
18 | |||
19 | if (areValidationErrors(req, res)) return | ||
20 | if (!await isVideoExist(req.params.id, res)) return | ||
21 | |||
22 | return next() | ||
23 | } | ||
24 | ] | ||
25 | |||
26 | const getAccountVideoRateValidator = function (rateType: VideoRateType) { | ||
27 | return [ | ||
28 | param('name').custom(isAccountNameValid).withMessage('Should have a valid account name'), | ||
29 | param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'), | ||
30 | |||
31 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | ||
32 | logger.debug('Checking videoCommentGetValidator parameters.', { parameters: req.params }) | ||
33 | |||
34 | if (areValidationErrors(req, res)) return | ||
35 | |||
36 | const rate = await AccountVideoRateModel.loadLocalAndPopulateVideo(rateType, req.params.name, req.params.videoId) | ||
37 | if (!rate) { | ||
38 | return res.status(404) | ||
39 | .json({ error: 'Video rate not found' }) | ||
40 | .end() | ||
41 | } | ||
42 | |||
43 | res.locals.accountVideoRate = rate | ||
44 | |||
45 | return next() | ||
46 | } | ||
47 | ] | ||
48 | } | ||
49 | |||
50 | // --------------------------------------------------------------------------- | ||
51 | |||
52 | export { | ||
53 | videoUpdateRateValidator, | ||
54 | getAccountVideoRateValidator | ||
55 | } | ||
diff --git a/server/middlewares/validators/videos/video-shares.ts b/server/middlewares/validators/videos/video-shares.ts new file mode 100644 index 000000000..646d7acb1 --- /dev/null +++ b/server/middlewares/validators/videos/video-shares.ts | |||
@@ -0,0 +1,38 @@ | |||
1 | import * as express from 'express' | ||
2 | import 'express-validator' | ||
3 | import { param } from 'express-validator/check' | ||
4 | import { isIdOrUUIDValid, isIdValid } from '../../../helpers/custom-validators/misc' | ||
5 | import { isVideoExist } from '../../../helpers/custom-validators/videos' | ||
6 | import { logger } from '../../../helpers/logger' | ||
7 | import { VideoShareModel } from '../../../models/video/video-share' | ||
8 | import { areValidationErrors } from '../utils' | ||
9 | import { VideoModel } from '../../../models/video/video' | ||
10 | |||
11 | const videosShareValidator = [ | ||
12 | param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), | ||
13 | param('actorId').custom(isIdValid).not().isEmpty().withMessage('Should have a valid actor id'), | ||
14 | |||
15 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | ||
16 | logger.debug('Checking videoShare parameters', { parameters: req.params }) | ||
17 | |||
18 | if (areValidationErrors(req, res)) return | ||
19 | if (!await isVideoExist(req.params.id, res)) return | ||
20 | |||
21 | const video: VideoModel = res.locals.video | ||
22 | |||
23 | const share = await VideoShareModel.load(req.params.actorId, video.id) | ||
24 | if (!share) { | ||
25 | return res.status(404) | ||
26 | .end() | ||
27 | } | ||
28 | |||
29 | res.locals.videoShare = share | ||
30 | return next() | ||
31 | } | ||
32 | ] | ||
33 | |||
34 | // --------------------------------------------------------------------------- | ||
35 | |||
36 | export { | ||
37 | videosShareValidator | ||
38 | } | ||
diff --git a/server/middlewares/validators/videos/videos.ts b/server/middlewares/validators/videos/videos.ts index 9dc52a134..656d161d8 100644 --- a/server/middlewares/validators/videos/videos.ts +++ b/server/middlewares/validators/videos/videos.ts | |||
@@ -26,14 +26,12 @@ import { | |||
26 | isVideoLicenceValid, | 26 | isVideoLicenceValid, |
27 | isVideoNameValid, | 27 | isVideoNameValid, |
28 | isVideoPrivacyValid, | 28 | isVideoPrivacyValid, |
29 | isVideoRatingTypeValid, | ||
30 | isVideoSupportValid, | 29 | isVideoSupportValid, |
31 | isVideoTagsValid | 30 | isVideoTagsValid |
32 | } from '../../../helpers/custom-validators/videos' | 31 | } from '../../../helpers/custom-validators/videos' |
33 | import { getDurationFromVideoFile } from '../../../helpers/ffmpeg-utils' | 32 | import { getDurationFromVideoFile } from '../../../helpers/ffmpeg-utils' |
34 | import { logger } from '../../../helpers/logger' | 33 | import { logger } from '../../../helpers/logger' |
35 | import { CONSTRAINTS_FIELDS } from '../../../initializers' | 34 | import { CONSTRAINTS_FIELDS } from '../../../initializers' |
36 | import { VideoShareModel } from '../../../models/video/video-share' | ||
37 | import { authenticate } from '../../oauth' | 35 | import { authenticate } from '../../oauth' |
38 | import { areValidationErrors } from '../utils' | 36 | import { areValidationErrors } from '../utils' |
39 | import { cleanUpReqFiles } from '../../../helpers/express-utils' | 37 | import { cleanUpReqFiles } from '../../../helpers/express-utils' |
@@ -188,41 +186,6 @@ const videosRemoveValidator = [ | |||
188 | } | 186 | } |
189 | ] | 187 | ] |
190 | 188 | ||
191 | const videoRateValidator = [ | ||
192 | param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), | ||
193 | body('rating').custom(isVideoRatingTypeValid).withMessage('Should have a valid rate type'), | ||
194 | |||
195 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | ||
196 | logger.debug('Checking videoRate parameters', { parameters: req.body }) | ||
197 | |||
198 | if (areValidationErrors(req, res)) return | ||
199 | if (!await isVideoExist(req.params.id, res)) return | ||
200 | |||
201 | return next() | ||
202 | } | ||
203 | ] | ||
204 | |||
205 | const videosShareValidator = [ | ||
206 | param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), | ||
207 | param('accountId').custom(isIdValid).not().isEmpty().withMessage('Should have a valid account id'), | ||
208 | |||
209 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | ||
210 | logger.debug('Checking videoShare parameters', { parameters: req.params }) | ||
211 | |||
212 | if (areValidationErrors(req, res)) return | ||
213 | if (!await isVideoExist(req.params.id, res)) return | ||
214 | |||
215 | const share = await VideoShareModel.load(req.params.accountId, res.locals.video.id, undefined) | ||
216 | if (!share) { | ||
217 | return res.status(404) | ||
218 | .end() | ||
219 | } | ||
220 | |||
221 | res.locals.videoShare = share | ||
222 | return next() | ||
223 | } | ||
224 | ] | ||
225 | |||
226 | const videosChangeOwnershipValidator = [ | 189 | const videosChangeOwnershipValidator = [ |
227 | param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), | 190 | param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'), |
228 | 191 | ||
@@ -415,9 +378,6 @@ export { | |||
415 | videosGetValidator, | 378 | videosGetValidator, |
416 | videosCustomGetValidator, | 379 | videosCustomGetValidator, |
417 | videosRemoveValidator, | 380 | videosRemoveValidator, |
418 | videosShareValidator, | ||
419 | |||
420 | videoRateValidator, | ||
421 | 381 | ||
422 | videosChangeOwnershipValidator, | 382 | videosChangeOwnershipValidator, |
423 | videosTerminateChangeOwnershipValidator, | 383 | videosTerminateChangeOwnershipValidator, |
diff --git a/server/models/account/account-video-rate.ts b/server/models/account/account-video-rate.ts index c99e32012..18762f0c5 100644 --- a/server/models/account/account-video-rate.ts +++ b/server/models/account/account-video-rate.ts | |||
@@ -1,12 +1,14 @@ | |||
1 | import { values } from 'lodash' | 1 | import { values } from 'lodash' |
2 | import { Transaction } from 'sequelize' | 2 | import { Transaction } from 'sequelize' |
3 | import { AllowNull, BelongsTo, Column, CreatedAt, DataType, ForeignKey, Model, Table, UpdatedAt } from 'sequelize-typescript' | 3 | import { AllowNull, BelongsTo, Column, CreatedAt, DataType, ForeignKey, Is, Model, Table, UpdatedAt } from 'sequelize-typescript' |
4 | import { IFindOptions } from 'sequelize-typescript/lib/interfaces/IFindOptions' | 4 | import { IFindOptions } from 'sequelize-typescript/lib/interfaces/IFindOptions' |
5 | import { VideoRateType } from '../../../shared/models/videos' | 5 | import { VideoRateType } from '../../../shared/models/videos' |
6 | import { VIDEO_RATE_TYPES } from '../../initializers' | 6 | import { CONSTRAINTS_FIELDS, VIDEO_RATE_TYPES } from '../../initializers' |
7 | import { VideoModel } from '../video/video' | 7 | import { VideoModel } from '../video/video' |
8 | import { AccountModel } from './account' | 8 | import { AccountModel } from './account' |
9 | import { ActorModel } from '../activitypub/actor' | 9 | import { ActorModel } from '../activitypub/actor' |
10 | import { throwIfNotValid } from '../utils' | ||
11 | import { isActivityPubUrlValid } from '../../helpers/custom-validators/activitypub/misc' | ||
10 | 12 | ||
11 | /* | 13 | /* |
12 | Account rates per video. | 14 | Account rates per video. |
@@ -26,6 +28,10 @@ import { ActorModel } from '../activitypub/actor' | |||
26 | }, | 28 | }, |
27 | { | 29 | { |
28 | fields: [ 'videoId', 'type' ] | 30 | fields: [ 'videoId', 'type' ] |
31 | }, | ||
32 | { | ||
33 | fields: [ 'url' ], | ||
34 | unique: true | ||
29 | } | 35 | } |
30 | ] | 36 | ] |
31 | }) | 37 | }) |
@@ -35,6 +41,11 @@ export class AccountVideoRateModel extends Model<AccountVideoRateModel> { | |||
35 | @Column(DataType.ENUM(values(VIDEO_RATE_TYPES))) | 41 | @Column(DataType.ENUM(values(VIDEO_RATE_TYPES))) |
36 | type: VideoRateType | 42 | type: VideoRateType |
37 | 43 | ||
44 | @AllowNull(false) | ||
45 | @Is('AccountVideoRateUrl', value => throwIfNotValid(value, isActivityPubUrlValid, 'url')) | ||
46 | @Column(DataType.STRING(CONSTRAINTS_FIELDS.VIDEO_RATES.URL.max)) | ||
47 | url: string | ||
48 | |||
38 | @CreatedAt | 49 | @CreatedAt |
39 | createdAt: Date | 50 | createdAt: Date |
40 | 51 | ||
@@ -65,7 +76,7 @@ export class AccountVideoRateModel extends Model<AccountVideoRateModel> { | |||
65 | }) | 76 | }) |
66 | Account: AccountModel | 77 | Account: AccountModel |
67 | 78 | ||
68 | static load (accountId: number, videoId: number, transaction: Transaction) { | 79 | static load (accountId: number, videoId: number, transaction?: Transaction) { |
69 | const options: IFindOptions<AccountVideoRateModel> = { | 80 | const options: IFindOptions<AccountVideoRateModel> = { |
70 | where: { | 81 | where: { |
71 | accountId, | 82 | accountId, |
@@ -77,6 +88,49 @@ export class AccountVideoRateModel extends Model<AccountVideoRateModel> { | |||
77 | return AccountVideoRateModel.findOne(options) | 88 | return AccountVideoRateModel.findOne(options) |
78 | } | 89 | } |
79 | 90 | ||
91 | static loadLocalAndPopulateVideo (rateType: VideoRateType, accountName: string, videoId: number, transaction?: Transaction) { | ||
92 | const options: IFindOptions<AccountVideoRateModel> = { | ||
93 | where: { | ||
94 | videoId, | ||
95 | type: rateType | ||
96 | }, | ||
97 | include: [ | ||
98 | { | ||
99 | model: AccountModel.unscoped(), | ||
100 | required: true, | ||
101 | include: [ | ||
102 | { | ||
103 | attributes: [ 'id', 'url', 'preferredUsername' ], | ||
104 | model: ActorModel.unscoped(), | ||
105 | required: true, | ||
106 | where: { | ||
107 | preferredUsername: accountName | ||
108 | } | ||
109 | } | ||
110 | ] | ||
111 | }, | ||
112 | { | ||
113 | model: VideoModel.unscoped(), | ||
114 | required: true | ||
115 | } | ||
116 | ] | ||
117 | } | ||
118 | if (transaction) options.transaction = transaction | ||
119 | |||
120 | return AccountVideoRateModel.findOne(options) | ||
121 | } | ||
122 | |||
123 | static loadByUrl (url: string, transaction: Transaction) { | ||
124 | const options: IFindOptions<AccountVideoRateModel> = { | ||
125 | where: { | ||
126 | url | ||
127 | } | ||
128 | } | ||
129 | if (transaction) options.transaction = transaction | ||
130 | |||
131 | return AccountVideoRateModel.findOne(options) | ||
132 | } | ||
133 | |||
80 | static listAndCountAccountUrlsByVideoId (rateType: VideoRateType, videoId: number, start: number, count: number, t?: Transaction) { | 134 | static listAndCountAccountUrlsByVideoId (rateType: VideoRateType, videoId: number, start: number, count: number, t?: Transaction) { |
81 | const query = { | 135 | const query = { |
82 | offset: start, | 136 | offset: start, |
diff --git a/server/models/oauth/oauth-token.ts b/server/models/oauth/oauth-token.ts index ef9592c04..ecf846821 100644 --- a/server/models/oauth/oauth-token.ts +++ b/server/models/oauth/oauth-token.ts | |||
@@ -47,7 +47,7 @@ enum ScopeNames { | |||
47 | required: true, | 47 | required: true, |
48 | include: [ | 48 | include: [ |
49 | { | 49 | { |
50 | attributes: [ 'id' ], | 50 | attributes: [ 'id', 'url' ], |
51 | model: () => ActorModel.unscoped(), | 51 | model: () => ActorModel.unscoped(), |
52 | required: true | 52 | required: true |
53 | } | 53 | } |
diff --git a/server/models/video/video-share.ts b/server/models/video/video-share.ts index fa9a70d50..c87f71277 100644 --- a/server/models/video/video-share.ts +++ b/server/models/video/video-share.ts | |||
@@ -88,7 +88,7 @@ export class VideoShareModel extends Model<VideoShareModel> { | |||
88 | }) | 88 | }) |
89 | Video: VideoModel | 89 | Video: VideoModel |
90 | 90 | ||
91 | static load (actorId: number, videoId: number, t: Sequelize.Transaction) { | 91 | static load (actorId: number, videoId: number, t?: Sequelize.Transaction) { |
92 | return VideoShareModel.scope(ScopeNames.WITH_ACTOR).findOne({ | 92 | return VideoShareModel.scope(ScopeNames.WITH_ACTOR).findOne({ |
93 | where: { | 93 | where: { |
94 | actorId, | 94 | actorId, |
diff --git a/server/tests/api/activitypub/security.ts b/server/tests/api/activitypub/security.ts index c5428abbb..e7899bb14 100644 --- a/server/tests/api/activitypub/security.ts +++ b/server/tests/api/activitypub/security.ts | |||
@@ -2,7 +2,7 @@ | |||
2 | 2 | ||
3 | import 'mocha' | 3 | import 'mocha' |
4 | 4 | ||
5 | import { flushAndRunMultipleServers, flushTests, killallServers, makeAPRequest, makeFollowRequest, ServerInfo } from '../../utils' | 5 | import { flushAndRunMultipleServers, flushTests, killallServers, makePOSTAPRequest, makeFollowRequest, ServerInfo } from '../../utils' |
6 | import { HTTP_SIGNATURE } from '../../../initializers' | 6 | import { HTTP_SIGNATURE } from '../../../initializers' |
7 | import { buildDigest, buildGlobalHeaders } from '../../../lib/job-queue/handlers/utils/activitypub-http-utils' | 7 | import { buildDigest, buildGlobalHeaders } from '../../../lib/job-queue/handlers/utils/activitypub-http-utils' |
8 | import * as chai from 'chai' | 8 | import * as chai from 'chai' |
@@ -63,7 +63,7 @@ describe('Test ActivityPub security', function () { | |||
63 | Digest: buildDigest({ hello: 'coucou' }) | 63 | Digest: buildDigest({ hello: 'coucou' }) |
64 | } | 64 | } |
65 | 65 | ||
66 | const { response } = await makeAPRequest(url, body, baseHttpSignature, headers) | 66 | const { response } = await makePOSTAPRequest(url, body, baseHttpSignature, headers) |
67 | 67 | ||
68 | expect(response.statusCode).to.equal(403) | 68 | expect(response.statusCode).to.equal(403) |
69 | }) | 69 | }) |
@@ -73,7 +73,7 @@ describe('Test ActivityPub security', function () { | |||
73 | const headers = buildGlobalHeaders(body) | 73 | const headers = buildGlobalHeaders(body) |
74 | headers['date'] = 'Wed, 21 Oct 2015 07:28:00 GMT' | 74 | headers['date'] = 'Wed, 21 Oct 2015 07:28:00 GMT' |
75 | 75 | ||
76 | const { response } = await makeAPRequest(url, body, baseHttpSignature, headers) | 76 | const { response } = await makePOSTAPRequest(url, body, baseHttpSignature, headers) |
77 | 77 | ||
78 | expect(response.statusCode).to.equal(403) | 78 | expect(response.statusCode).to.equal(403) |
79 | }) | 79 | }) |
@@ -85,7 +85,7 @@ describe('Test ActivityPub security', function () { | |||
85 | const body = activityPubContextify(require('./json/peertube/announce-without-context.json')) | 85 | const body = activityPubContextify(require('./json/peertube/announce-without-context.json')) |
86 | const headers = buildGlobalHeaders(body) | 86 | const headers = buildGlobalHeaders(body) |
87 | 87 | ||
88 | const { response } = await makeAPRequest(url, body, baseHttpSignature, headers) | 88 | const { response } = await makePOSTAPRequest(url, body, baseHttpSignature, headers) |
89 | 89 | ||
90 | expect(response.statusCode).to.equal(403) | 90 | expect(response.statusCode).to.equal(403) |
91 | }) | 91 | }) |
@@ -97,7 +97,7 @@ describe('Test ActivityPub security', function () { | |||
97 | const body = activityPubContextify(require('./json/peertube/announce-without-context.json')) | 97 | const body = activityPubContextify(require('./json/peertube/announce-without-context.json')) |
98 | const headers = buildGlobalHeaders(body) | 98 | const headers = buildGlobalHeaders(body) |
99 | 99 | ||
100 | const { response } = await makeAPRequest(url, body, baseHttpSignature, headers) | 100 | const { response } = await makePOSTAPRequest(url, body, baseHttpSignature, headers) |
101 | 101 | ||
102 | expect(response.statusCode).to.equal(204) | 102 | expect(response.statusCode).to.equal(204) |
103 | }) | 103 | }) |
@@ -126,7 +126,7 @@ describe('Test ActivityPub security', function () { | |||
126 | 126 | ||
127 | const headers = buildGlobalHeaders(signedBody) | 127 | const headers = buildGlobalHeaders(signedBody) |
128 | 128 | ||
129 | const { response } = await makeAPRequest(url, signedBody, baseHttpSignature, headers) | 129 | const { response } = await makePOSTAPRequest(url, signedBody, baseHttpSignature, headers) |
130 | 130 | ||
131 | expect(response.statusCode).to.equal(403) | 131 | expect(response.statusCode).to.equal(403) |
132 | }) | 132 | }) |
@@ -147,7 +147,7 @@ describe('Test ActivityPub security', function () { | |||
147 | 147 | ||
148 | const headers = buildGlobalHeaders(signedBody) | 148 | const headers = buildGlobalHeaders(signedBody) |
149 | 149 | ||
150 | const { response } = await makeAPRequest(url, signedBody, baseHttpSignature, headers) | 150 | const { response } = await makePOSTAPRequest(url, signedBody, baseHttpSignature, headers) |
151 | 151 | ||
152 | expect(response.statusCode).to.equal(403) | 152 | expect(response.statusCode).to.equal(403) |
153 | }) | 153 | }) |
@@ -163,7 +163,7 @@ describe('Test ActivityPub security', function () { | |||
163 | 163 | ||
164 | const headers = buildGlobalHeaders(signedBody) | 164 | const headers = buildGlobalHeaders(signedBody) |
165 | 165 | ||
166 | const { response } = await makeAPRequest(url, signedBody, baseHttpSignature, headers) | 166 | const { response } = await makePOSTAPRequest(url, signedBody, baseHttpSignature, headers) |
167 | 167 | ||
168 | expect(response.statusCode).to.equal(204) | 168 | expect(response.statusCode).to.equal(204) |
169 | }) | 169 | }) |
diff --git a/server/tests/utils/requests/activitypub.ts b/server/tests/utils/requests/activitypub.ts index e3e08ce67..96fee60a8 100644 --- a/server/tests/utils/requests/activitypub.ts +++ b/server/tests/utils/requests/activitypub.ts | |||
@@ -3,7 +3,7 @@ import { HTTP_SIGNATURE } from '../../../initializers' | |||
3 | import { buildGlobalHeaders } from '../../../lib/job-queue/handlers/utils/activitypub-http-utils' | 3 | import { buildGlobalHeaders } from '../../../lib/job-queue/handlers/utils/activitypub-http-utils' |
4 | import { activityPubContextify } from '../../../helpers/activitypub' | 4 | import { activityPubContextify } from '../../../helpers/activitypub' |
5 | 5 | ||
6 | function makeAPRequest (url: string, body: any, httpSignature: any, headers: any) { | 6 | function makePOSTAPRequest (url: string, body: any, httpSignature: any, headers: any) { |
7 | const options = { | 7 | const options = { |
8 | method: 'POST', | 8 | method: 'POST', |
9 | uri: url, | 9 | uri: url, |
@@ -34,10 +34,10 @@ async function makeFollowRequest (to: { url: string }, by: { url: string, privat | |||
34 | } | 34 | } |
35 | const headers = buildGlobalHeaders(body) | 35 | const headers = buildGlobalHeaders(body) |
36 | 36 | ||
37 | return makeAPRequest(to.url, body, httpSignature, headers) | 37 | return makePOSTAPRequest(to.url, body, httpSignature, headers) |
38 | } | 38 | } |
39 | 39 | ||
40 | export { | 40 | export { |
41 | makeAPRequest, | 41 | makePOSTAPRequest, |
42 | makeFollowRequest | 42 | makeFollowRequest |
43 | } | 43 | } |