aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/helpers
diff options
context:
space:
mode:
Diffstat (limited to 'server/helpers')
-rw-r--r--server/helpers/custom-validators/misc.ts9
-rw-r--r--server/helpers/custom-validators/plugins.ts82
2 files changed, 91 insertions, 0 deletions
diff --git a/server/helpers/custom-validators/misc.ts b/server/helpers/custom-validators/misc.ts
index 3a3deab0c..f72513c1c 100644
--- a/server/helpers/custom-validators/misc.ts
+++ b/server/helpers/custom-validators/misc.ts
@@ -1,10 +1,18 @@
1import 'multer' 1import 'multer'
2import * as validator from 'validator' 2import * as validator from 'validator'
3import { sep } from 'path'
3 4
4function exists (value: any) { 5function exists (value: any) {
5 return value !== undefined && value !== null 6 return value !== undefined && value !== null
6} 7}
7 8
9function isSafePath (p: string) {
10 return exists(p) &&
11 (p + '').split(sep).every(part => {
12 return [ '', '.', '..' ].includes(part) === false
13 })
14}
15
8function isArray (value: any) { 16function isArray (value: any) {
9 return Array.isArray(value) 17 return Array.isArray(value)
10} 18}
@@ -97,6 +105,7 @@ export {
97 isNotEmptyIntArray, 105 isNotEmptyIntArray,
98 isArray, 106 isArray,
99 isIdValid, 107 isIdValid,
108 isSafePath,
100 isUUIDValid, 109 isUUIDValid,
101 isIdOrUUIDValid, 110 isIdOrUUIDValid,
102 isDateValid, 111 isDateValid,
diff --git a/server/helpers/custom-validators/plugins.ts b/server/helpers/custom-validators/plugins.ts
new file mode 100644
index 000000000..ff687dc3f
--- /dev/null
+++ b/server/helpers/custom-validators/plugins.ts
@@ -0,0 +1,82 @@
1import { exists, isArray, isSafePath } from './misc'
2import * as validator from 'validator'
3import { PluginType } from '../../../shared/models/plugins/plugin.type'
4import { CONSTRAINTS_FIELDS } from '../../initializers/constants'
5import { PluginPackageJson } from '../../../shared/models/plugins/plugin-package-json.model'
6import { isUrlValid } from './activitypub/misc'
7
8const PLUGINS_CONSTRAINTS_FIELDS = CONSTRAINTS_FIELDS.PLUGINS
9
10function isPluginTypeValid (value: any) {
11 return exists(value) && validator.isInt('' + value) && PluginType[value] !== undefined
12}
13
14function isPluginNameValid (value: string) {
15 return exists(value) &&
16 validator.isLength(value, PLUGINS_CONSTRAINTS_FIELDS.NAME) &&
17 validator.matches(value, /^[a-z\-]+$/)
18}
19
20function isPluginDescriptionValid (value: string) {
21 return exists(value) && validator.isLength(value, PLUGINS_CONSTRAINTS_FIELDS.DESCRIPTION)
22}
23
24function isPluginVersionValid (value: string) {
25 if (!exists(value)) return false
26
27 const parts = (value + '').split('.')
28
29 return parts.length === 3 && parts.every(p => validator.isInt(p))
30}
31
32function isPluginEngineValid (engine: any) {
33 return exists(engine) && exists(engine.peertube)
34}
35
36function isStaticDirectoriesValid (staticDirs: any) {
37 if (!exists(staticDirs) || typeof staticDirs !== 'object') return false
38
39 for (const key of Object.keys(staticDirs)) {
40 if (!isSafePath(staticDirs[key])) return false
41 }
42
43 return true
44}
45
46function isClientScriptsValid (clientScripts: any[]) {
47 return isArray(clientScripts) &&
48 clientScripts.every(c => {
49 return isSafePath(c.script) && isArray(c.scopes)
50 })
51}
52
53function isCSSPathsValid (css: any[]) {
54 return isArray(css) && css.every(c => isSafePath(c))
55}
56
57function isPackageJSONValid (packageJSON: PluginPackageJson, pluginType: PluginType) {
58 return isPluginNameValid(packageJSON.name) &&
59 isPluginDescriptionValid(packageJSON.description) &&
60 isPluginEngineValid(packageJSON.engine) &&
61 isUrlValid(packageJSON.homepage) &&
62 exists(packageJSON.author) &&
63 isUrlValid(packageJSON.bugs) &&
64 (pluginType === PluginType.THEME || isSafePath(packageJSON.library)) &&
65 isStaticDirectoriesValid(packageJSON.staticDirs) &&
66 isCSSPathsValid(packageJSON.css) &&
67 isClientScriptsValid(packageJSON.clientScripts)
68}
69
70function isLibraryCodeValid (library: any) {
71 return typeof library.register === 'function'
72 && typeof library.unregister === 'function'
73}
74
75export {
76 isPluginTypeValid,
77 isPackageJSONValid,
78 isPluginVersionValid,
79 isPluginNameValid,
80 isPluginDescriptionValid,
81 isLibraryCodeValid
82}