diff options
Diffstat (limited to 'server/helpers')
-rw-r--r-- | server/helpers/custom-validators/activitypub/actor.ts | 18 |
1 files changed, 8 insertions, 10 deletions
diff --git a/server/helpers/custom-validators/activitypub/actor.ts b/server/helpers/custom-validators/activitypub/actor.ts index 5930bd5da..ec8da3350 100644 --- a/server/helpers/custom-validators/activitypub/actor.ts +++ b/server/helpers/custom-validators/activitypub/actor.ts | |||
@@ -1,8 +1,8 @@ | |||
1 | import * as validator from 'validator' | 1 | import * as validator from 'validator' |
2 | import { CONSTRAINTS_FIELDS } from '../../../initializers' | 2 | import { CONSTRAINTS_FIELDS } from '../../../initializers' |
3 | import { isAccountNameValid } from '../accounts' | 3 | import { isAccountNameValid } from '../accounts' |
4 | import { exists, isUUIDValid } from '../misc' | 4 | import { exists } from '../misc' |
5 | import { isVideoChannelDescriptionValid, isVideoChannelNameValid } from '../video-channels' | 5 | import { isVideoChannelNameValid } from '../video-channels' |
6 | import { isActivityPubUrlValid, isBaseActivityValid, setValidAttributedTo } from './misc' | 6 | import { isActivityPubUrlValid, isBaseActivityValid, setValidAttributedTo } from './misc' |
7 | 7 | ||
8 | function isActorEndpointsObjectValid (endpointObject: any) { | 8 | function isActorEndpointsObjectValid (endpointObject: any) { |
@@ -23,41 +23,39 @@ function isActorPublicKeyValid (publicKey: string) { | |||
23 | return exists(publicKey) && | 23 | return exists(publicKey) && |
24 | typeof publicKey === 'string' && | 24 | typeof publicKey === 'string' && |
25 | publicKey.startsWith('-----BEGIN PUBLIC KEY-----') && | 25 | publicKey.startsWith('-----BEGIN PUBLIC KEY-----') && |
26 | publicKey.endsWith('-----END PUBLIC KEY-----') && | 26 | publicKey.indexOf('-----END PUBLIC KEY-----') !== -1 && |
27 | validator.isLength(publicKey, CONSTRAINTS_FIELDS.ACTOR.PUBLIC_KEY) | 27 | validator.isLength(publicKey, CONSTRAINTS_FIELDS.ACTOR.PUBLIC_KEY) |
28 | } | 28 | } |
29 | 29 | ||
30 | const actorNameRegExp = new RegExp('[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_]+') | ||
30 | function isActorPreferredUsernameValid (preferredUsername: string) { | 31 | function isActorPreferredUsernameValid (preferredUsername: string) { |
31 | return isAccountNameValid(preferredUsername) || isVideoChannelNameValid(preferredUsername) | 32 | return exists(preferredUsername) && validator.matches(preferredUsername, actorNameRegExp) |
32 | } | 33 | } |
33 | 34 | ||
34 | const actorNameRegExp = new RegExp('[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_]+') | ||
35 | function isActorNameValid (name: string) { | 35 | function isActorNameValid (name: string) { |
36 | return exists(name) && validator.matches(name, actorNameRegExp) | 36 | return isAccountNameValid(name) || isVideoChannelNameValid(name) |
37 | } | 37 | } |
38 | 38 | ||
39 | function isActorPrivateKeyValid (privateKey: string) { | 39 | function isActorPrivateKeyValid (privateKey: string) { |
40 | return exists(privateKey) && | 40 | return exists(privateKey) && |
41 | typeof privateKey === 'string' && | 41 | typeof privateKey === 'string' && |
42 | privateKey.startsWith('-----BEGIN RSA PRIVATE KEY-----') && | 42 | privateKey.startsWith('-----BEGIN RSA PRIVATE KEY-----') && |
43 | privateKey.endsWith('-----END RSA PRIVATE KEY-----') && | 43 | // Sometimes there is a \n at the end, so just assert the string contains the end mark |
44 | privateKey.indexOf('-----END RSA PRIVATE KEY-----') !== -1 && | ||
44 | validator.isLength(privateKey, CONSTRAINTS_FIELDS.ACTOR.PRIVATE_KEY) | 45 | validator.isLength(privateKey, CONSTRAINTS_FIELDS.ACTOR.PRIVATE_KEY) |
45 | } | 46 | } |
46 | 47 | ||
47 | function isRemoteActorValid (remoteActor: any) { | 48 | function isRemoteActorValid (remoteActor: any) { |
48 | return isActivityPubUrlValid(remoteActor.id) && | 49 | return isActivityPubUrlValid(remoteActor.id) && |
49 | isUUIDValid(remoteActor.uuid) && | ||
50 | isActorTypeValid(remoteActor.type) && | 50 | isActorTypeValid(remoteActor.type) && |
51 | isActivityPubUrlValid(remoteActor.following) && | 51 | isActivityPubUrlValid(remoteActor.following) && |
52 | isActivityPubUrlValid(remoteActor.followers) && | 52 | isActivityPubUrlValid(remoteActor.followers) && |
53 | isActivityPubUrlValid(remoteActor.inbox) && | 53 | isActivityPubUrlValid(remoteActor.inbox) && |
54 | isActivityPubUrlValid(remoteActor.outbox) && | 54 | isActivityPubUrlValid(remoteActor.outbox) && |
55 | isActorNameValid(remoteActor.name) && | ||
56 | isActorPreferredUsernameValid(remoteActor.preferredUsername) && | 55 | isActorPreferredUsernameValid(remoteActor.preferredUsername) && |
57 | isActivityPubUrlValid(remoteActor.url) && | 56 | isActivityPubUrlValid(remoteActor.url) && |
58 | isActorPublicKeyObjectValid(remoteActor.publicKey) && | 57 | isActorPublicKeyObjectValid(remoteActor.publicKey) && |
59 | isActorEndpointsObjectValid(remoteActor.endpoints) && | 58 | isActorEndpointsObjectValid(remoteActor.endpoints) && |
60 | (!remoteActor.summary || isVideoChannelDescriptionValid(remoteActor.summary)) && | ||
61 | setValidAttributedTo(remoteActor) && | 59 | setValidAttributedTo(remoteActor) && |
62 | // If this is not an account, it should be attributed to an account | 60 | // If this is not an account, it should be attributed to an account |
63 | // In PeerTube we use this to attach a video channel to a specific account | 61 | // In PeerTube we use this to attach a video channel to a specific account |