7 files changed, 158 insertions, 12 deletions
diff --git a/server/helpers/custom-validators/activitypub/activity.ts b/server/helpers/custom-validators/activitypub/activity.ts
index b5c96f6e7..90a918523 100644
--- a/server/helpers/custom-validators/activitypub/activity.ts
+++ b/server/helpers/custom-validators/activitypub/activity.ts
@@ -8,6 +8,7 @@ import { isActivityPubUrlValid, isBaseActivityValid, isObjectValid } from './mis
 import { isPlaylistObjectValid } from './playlist'
 import { sanitizeAndCheckVideoCommentObject } from './video-comments'
 import { sanitizeAndCheckVideoTorrentObject } from './videos'
+import { isWatchActionObjectValid } from './watch-action'
 function isRootActivityValid (activity: any) {
  return isCollection(activity) || isActivity(activity)
@@ -82,6 +83,7 @@ function isCreateActivityValid (activity: any) {
      isDislikeActivityValid(activity.object) ||
      isFlagActivityValid(activity.object) ||
      isPlaylistObjectValid(activity.object) ||
+      isWatchActionObjectValid(activity.object) ||
      isCacheFileObjectValid(activity.object) ||
      sanitizeAndCheckVideoCommentObject(activity.object) ||
diff --git a/server/helpers/custom-validators/activitypub/misc.ts b/server/helpers/custom-validators/activitypub/misc.ts
index 4ee8e6fee..9d823299f 100644
--- a/server/helpers/custom-validators/activitypub/misc.ts
+++ b/server/helpers/custom-validators/activitypub/misc.ts
@@ -57,10 +57,19 @@ function setValidAttributedTo (obj: any) {
  return true
 }
+function isActivityPubVideoDurationValid (value: string) {
+  // https://www.w3.org/TR/activitystreams-vocabulary/#dfn-duration
+  return exists(value) &&
+    typeof value === 'string' &&
+    value.startsWith('PT') &&
+    value.endsWith('S')
+}
 export {
  isUrlValid,
  isActivityPubUrlValid,
  isBaseActivityValid,
  setValidAttributedTo,
-  isObjectValid
+  isObjectValid,
+  isActivityPubVideoDurationValid
 }
diff --git a/server/helpers/custom-validators/activitypub/videos.ts b/server/helpers/custom-validators/activitypub/videos.ts
index 80a321117..2a2f008b9 100644
--- a/server/helpers/custom-validators/activitypub/videos.ts
+++ b/server/helpers/custom-validators/activitypub/videos.ts
@@ -4,7 +4,7 @@ import { ActivityTrackerUrlObject, ActivityVideoFileMetadataUrlObject } from '@s
 import { LiveVideoLatencyMode, VideoState } from '../../../../shared/models/videos'
 import { ACTIVITY_PUB, CONSTRAINTS_FIELDS } from '../../../initializers/constants'
 import { peertubeTruncate } from '../../core-utils'
-import { exists, isArray, isBooleanValid, isDateValid, isUUIDValid } from '../misc'
+import { isArray, isBooleanValid, isDateValid, isUUIDValid } from '../misc'
 import { isLiveLatencyModeValid } from '../video-lives'
 import {
  isVideoDurationValid,
@@ -14,22 +14,13 @@ import {
  isVideoTruncatedDescriptionValid,
  isVideoViewsValid
 } from '../videos'
-import { isActivityPubUrlValid, isBaseActivityValid, setValidAttributedTo } from './misc'
+import { isActivityPubUrlValid, isActivityPubVideoDurationValid, isBaseActivityValid, setValidAttributedTo } from './misc'
 function sanitizeAndCheckVideoTorrentUpdateActivity (activity: any) {
  return isBaseActivityValid(activity, 'Update') &&
    sanitizeAndCheckVideoTorrentObject(activity.object)
 }
-function isActivityPubVideoDurationValid (value: string) {
-  // https://www.w3.org/TR/activitystreams-vocabulary/#dfn-duration
-  return exists(value) &&
-    typeof value === 'string' &&
-    value.startsWith('PT') &&
-    value.endsWith('S') &&
-    isVideoDurationValid(value.replace(/[^0-9]+/g, ''))
-}
 function sanitizeAndCheckVideoTorrentObject (video: any) {
  if (!video || video.type !== 'Video') return false
@@ -71,6 +62,7 @@ function sanitizeAndCheckVideoTorrentObject (video: any) {
  return isActivityPubUrlValid(video.id) &&
    isVideoNameValid(video.name) &&
    isActivityPubVideoDurationValid(video.duration) &&
+    isVideoDurationValid(video.duration.replace(/[^0-9]+/g, '')) &&
    isUUIDValid(video.uuid) &&
    (!video.category || isRemoteNumberIdentifierValid(video.category)) &&
    (!video.licence || isRemoteNumberIdentifierValid(video.licence)) &&
diff --git a/server/helpers/custom-validators/activitypub/watch-action.ts b/server/helpers/custom-validators/activitypub/watch-action.ts
new file mode 100644
index 000000000..b9ffa63f6
--- /dev/null
+++ b/server/helpers/custom-validators/activitypub/watch-action.ts
@@ -0,0 +1,37 @@
+import { WatchActionObject } from '@shared/models'
+import { exists, isDateValid, isUUIDValid } from '../misc'
+import { isVideoTimeValid } from '../video-view'
+import { isActivityPubVideoDurationValid, isObjectValid } from './misc'
+function isWatchActionObjectValid (action: WatchActionObject) {
+  return exists(action) &&
+    action.type === 'WatchAction' &&
+    isObjectValid(action.id) &&
+    isActivityPubVideoDurationValid(action.duration) &&
+    isDateValid(action.startTime) &&
+    isDateValid(action.endTime) &&
+    isLocationValid(action.location) &&
+    isUUIDValid(action.uuid) &&
+    isObjectValid(action.object) &&
+    isWatchSectionsValid(action.watchSections)
+}
+// ---------------------------------------------------------------------------
+export {
+  isWatchActionObjectValid
+}
+// ---------------------------------------------------------------------------
+function isLocationValid (location: any) {
+  if (!location) return true
+  return typeof location === 'object' && typeof location.addressCountry === 'string'
+}
+function isWatchSectionsValid (sections: WatchActionObject['watchSections']) {
+  return Array.isArray(sections) && sections.every(s => {
+    return isVideoTimeValid(s.startTimestamp) && isVideoTimeValid(s.endTimestamp)
+  })
+}
diff --git a/server/helpers/custom-validators/video-stats.ts b/server/helpers/custom-validators/video-stats.ts
new file mode 100644
index 000000000..1e22f0654
--- /dev/null
+++ b/server/helpers/custom-validators/video-stats.ts
@@ -0,0 +1,16 @@
+import { VideoStatsTimeserieMetric } from '@shared/models'
+const validMetrics = new Set<VideoStatsTimeserieMetric>([
+  'viewers',
+  'aggregateWatchTime'
+])
+function isValidStatTimeserieMetric (value: VideoStatsTimeserieMetric) {
+  return validMetrics.has(value)
+}
+// ---------------------------------------------------------------------------
+export {
+  isValidStatTimeserieMetric
+}
diff --git a/server/helpers/custom-validators/video-view.ts b/server/helpers/custom-validators/video-view.ts
new file mode 100644
index 000000000..091c92083
--- /dev/null
+++ b/server/helpers/custom-validators/video-view.ts
@@ -0,0 +1,12 @@
+import { exists } from './misc'
+function isVideoTimeValid (value: number, videoDuration?: number) {
+  if (value < 0) return false
+  if (exists(videoDuration) && value > videoDuration) return false
+  return true
+}
+export {
+  isVideoTimeValid
+}
diff --git a/server/helpers/geo-ip.ts b/server/helpers/geo-ip.ts
new file mode 100644
index 000000000..4ba7011c2
--- /dev/null
+++ b/server/helpers/geo-ip.ts
@@ -0,0 +1,78 @@
+import { pathExists, writeFile } from 'fs-extra'
+import maxmind, { CountryResponse, Reader } from 'maxmind'
+import { join } from 'path'
+import { CONFIG } from '@server/initializers/config'
+import { logger, loggerTagsFactory } from './logger'
+import { isBinaryResponse, peertubeGot } from './requests'
+const lTags = loggerTagsFactory('geo-ip')
+const mmbdFilename = 'dbip-country-lite-latest.mmdb'
+const mmdbPath = join(CONFIG.STORAGE.BIN_DIR, mmbdFilename)
+export class GeoIP {
+  private static instance: GeoIP
+  private reader: Reader<CountryResponse>
+  private constructor () {
+  }
+  async safeCountryISOLookup (ip: string): Promise<string> {
+    if (CONFIG.GEO_IP.ENABLED === false) return null
+    await this.initReaderIfNeeded()
+    try {
+      const result = this.reader.get(ip)
+      if (!result) return null
+      return result.country.iso_code
+    } catch (err) {
+      logger.error('Cannot get country from IP.', { err })
+      return null
+    }
+  }
+  async updateDatabase () {
+    if (CONFIG.GEO_IP.ENABLED === false) return
+    const url = CONFIG.GEO_IP.COUNTRY.DATABASE_URL
+    logger.info('Updating GeoIP database from %s.', url, lTags())
+    const gotOptions = { context: { bodyKBLimit: 200_000 }, responseType: 'buffer' as 'buffer' }
+    try {
+      const gotResult = await peertubeGot(url, gotOptions)
+      if (!isBinaryResponse(gotResult)) {
+        throw new Error('Not a binary response')
+      }
+      await writeFile(mmdbPath, gotResult.body)
+      // Reini reader
+      this.reader = undefined
+      logger.info('GeoIP database updated %s.', mmdbPath, lTags())
+    } catch (err) {
+      logger.error('Cannot update GeoIP database from %s.', url, { err, ...lTags() })
+    }
+  }
+  private async initReaderIfNeeded () {
+    if (!this.reader) {
+      if (!await pathExists(mmdbPath)) {
+        await this.updateDatabase()
+      }
+      this.reader = await maxmind.open(mmdbPath)
+    }
+  }
+  static get Instance () {
+    return this.instance || (this.instance = new this())
+  }
+}

diff --git a/server/helpers/custom-validators/activitypub/activity.ts b/server/helpers/custom-validators/activitypub/activity.ts index b5c96f6e7..90a918523 100644 --- a/server/helpers/custom-validators/activitypub/activity.ts +++ b/server/helpers/custom-validators/activitypub/activity.ts
@@ -8,6 +8,7 @@ import { isActivityPubUrlValid, isBaseActivityValid, isObjectValid } from './mis
8	import { isPlaylistObjectValid } from './playlist'	8	import { isPlaylistObjectValid } from './playlist'
9	import { sanitizeAndCheckVideoCommentObject } from './video-comments'	9	import { sanitizeAndCheckVideoCommentObject } from './video-comments'
10	import { sanitizeAndCheckVideoTorrentObject } from './videos'	10	import { sanitizeAndCheckVideoTorrentObject } from './videos'
		11	import { isWatchActionObjectValid } from './watch-action'
11		12
12	function isRootActivityValid (activity: any) {	13	function isRootActivityValid (activity: any) {
13	return isCollection(activity) \|\| isActivity(activity)	14	return isCollection(activity) \|\| isActivity(activity)
@@ -82,6 +83,7 @@ function isCreateActivityValid (activity: any) {
82	isDislikeActivityValid(activity.object) \|\|	83	isDislikeActivityValid(activity.object) \|\|
83	isFlagActivityValid(activity.object) \|\|	84	isFlagActivityValid(activity.object) \|\|
84	isPlaylistObjectValid(activity.object) \|\|	85	isPlaylistObjectValid(activity.object) \|\|
		86	isWatchActionObjectValid(activity.object) \|\|
85		87
86	isCacheFileObjectValid(activity.object) \|\|	88	isCacheFileObjectValid(activity.object) \|\|
87	sanitizeAndCheckVideoCommentObject(activity.object) \|\|	89	sanitizeAndCheckVideoCommentObject(activity.object) \|\|


diff --git a/server/helpers/custom-validators/activitypub/misc.ts b/server/helpers/custom-validators/activitypub/misc.ts index 4ee8e6fee..9d823299f 100644 --- a/server/helpers/custom-validators/activitypub/misc.ts +++ b/server/helpers/custom-validators/activitypub/misc.ts
@@ -57,10 +57,19 @@ function setValidAttributedTo (obj: any) {
57	return true	57	return true
58	}	58	}
59		59
		60	function isActivityPubVideoDurationValid (value: string) {
		61	// https://www.w3.org/TR/activitystreams-vocabulary/#dfn-duration
		62	return exists(value) &&
		63	typeof value === 'string' &&
		64	value.startsWith('PT') &&
		65	value.endsWith('S')
		66	}
		67
60	export {	68	export {
61	isUrlValid,	69	isUrlValid,
62	isActivityPubUrlValid,	70	isActivityPubUrlValid,
63	isBaseActivityValid,	71	isBaseActivityValid,
64	setValidAttributedTo,	72	setValidAttributedTo,
65	isObjectValid	73	isObjectValid,
		74	isActivityPubVideoDurationValid
66	}	75	}


diff --git a/server/helpers/custom-validators/activitypub/videos.ts b/server/helpers/custom-validators/activitypub/videos.ts index 80a321117..2a2f008b9 100644 --- a/server/helpers/custom-validators/activitypub/videos.ts +++ b/server/helpers/custom-validators/activitypub/videos.ts
@@ -4,7 +4,7 @@ import { ActivityTrackerUrlObject, ActivityVideoFileMetadataUrlObject } from '@s
4	import { LiveVideoLatencyMode, VideoState } from '../../../../shared/models/videos'	4	import { LiveVideoLatencyMode, VideoState } from '../../../../shared/models/videos'
5	import { ACTIVITY_PUB, CONSTRAINTS_FIELDS } from '../../../initializers/constants'	5	import { ACTIVITY_PUB, CONSTRAINTS_FIELDS } from '../../../initializers/constants'
6	import { peertubeTruncate } from '../../core-utils'	6	import { peertubeTruncate } from '../../core-utils'
7	import { exists, isArray, isBooleanValid, isDateValid, isUUIDValid } from '../misc'	7	import { isArray, isBooleanValid, isDateValid, isUUIDValid } from '../misc'
8	import { isLiveLatencyModeValid } from '../video-lives'	8	import { isLiveLatencyModeValid } from '../video-lives'
9	import {	9	import {
10	isVideoDurationValid,	10	isVideoDurationValid,
@@ -14,22 +14,13 @@ import {
14	isVideoTruncatedDescriptionValid,	14	isVideoTruncatedDescriptionValid,
15	isVideoViewsValid	15	isVideoViewsValid
16	} from '../videos'	16	} from '../videos'
17	import { isActivityPubUrlValid, isBaseActivityValid, setValidAttributedTo } from './misc'	17	import { isActivityPubUrlValid, isActivityPubVideoDurationValid, isBaseActivityValid, setValidAttributedTo } from './misc'
18		18
19	function sanitizeAndCheckVideoTorrentUpdateActivity (activity: any) {	19	function sanitizeAndCheckVideoTorrentUpdateActivity (activity: any) {
20	return isBaseActivityValid(activity, 'Update') &&	20	return isBaseActivityValid(activity, 'Update') &&
21	sanitizeAndCheckVideoTorrentObject(activity.object)	21	sanitizeAndCheckVideoTorrentObject(activity.object)
22	}	22	}
23		23
24	function isActivityPubVideoDurationValid (value: string) {
25	// https://www.w3.org/TR/activitystreams-vocabulary/#dfn-duration
26	return exists(value) &&
27	typeof value === 'string' &&
28	value.startsWith('PT') &&
29	value.endsWith('S') &&
30	isVideoDurationValid(value.replace(/[^0-9]+/g, ''))
31	}
32
33	function sanitizeAndCheckVideoTorrentObject (video: any) {	24	function sanitizeAndCheckVideoTorrentObject (video: any) {
34	if (!video \|\| video.type !== 'Video') return false	25	if (!video \|\| video.type !== 'Video') return false
35		26
@@ -71,6 +62,7 @@ function sanitizeAndCheckVideoTorrentObject (video: any) {
71	return isActivityPubUrlValid(video.id) &&	62	return isActivityPubUrlValid(video.id) &&
72	isVideoNameValid(video.name) &&	63	isVideoNameValid(video.name) &&
73	isActivityPubVideoDurationValid(video.duration) &&	64	isActivityPubVideoDurationValid(video.duration) &&
		65	isVideoDurationValid(video.duration.replace(/[^0-9]+/g, '')) &&
74	isUUIDValid(video.uuid) &&	66	isUUIDValid(video.uuid) &&
75	(!video.category \|\| isRemoteNumberIdentifierValid(video.category)) &&	67	(!video.category \|\| isRemoteNumberIdentifierValid(video.category)) &&
76	(!video.licence \|\| isRemoteNumberIdentifierValid(video.licence)) &&	68	(!video.licence \|\| isRemoteNumberIdentifierValid(video.licence)) &&


diff --git a/server/helpers/custom-validators/activitypub/watch-action.ts b/server/helpers/custom-validators/activitypub/watch-action.ts new file mode 100644 index 000000000..b9ffa63f6 --- /dev/null +++ b/server/helpers/custom-validators/activitypub/watch-action.ts
@@ -0,0 +1,37 @@
		1	import { WatchActionObject } from '@shared/models'
		2	import { exists, isDateValid, isUUIDValid } from '../misc'
		3	import { isVideoTimeValid } from '../video-view'
		4	import { isActivityPubVideoDurationValid, isObjectValid } from './misc'
		5
		6	function isWatchActionObjectValid (action: WatchActionObject) {
		7	return exists(action) &&
		8	action.type === 'WatchAction' &&
		9	isObjectValid(action.id) &&
		10	isActivityPubVideoDurationValid(action.duration) &&
		11	isDateValid(action.startTime) &&
		12	isDateValid(action.endTime) &&
		13	isLocationValid(action.location) &&
		14	isUUIDValid(action.uuid) &&
		15	isObjectValid(action.object) &&
		16	isWatchSectionsValid(action.watchSections)
		17	}
		18
		19	// ---------------------------------------------------------------------------
		20
		21	export {
		22	isWatchActionObjectValid
		23	}
		24
		25	// ---------------------------------------------------------------------------
		26
		27	function isLocationValid (location: any) {
		28	if (!location) return true
		29
		30	return typeof location === 'object' && typeof location.addressCountry === 'string'
		31	}
		32
		33	function isWatchSectionsValid (sections: WatchActionObject['watchSections']) {
		34	return Array.isArray(sections) && sections.every(s => {
		35	return isVideoTimeValid(s.startTimestamp) && isVideoTimeValid(s.endTimestamp)
		36	})
		37	}


diff --git a/server/helpers/custom-validators/video-stats.ts b/server/helpers/custom-validators/video-stats.ts new file mode 100644 index 000000000..1e22f0654 --- /dev/null +++ b/server/helpers/custom-validators/video-stats.ts
@@ -0,0 +1,16 @@
		1	import { VideoStatsTimeserieMetric } from '@shared/models'
		2
		3	const validMetrics = new Set<VideoStatsTimeserieMetric>([
		4	'viewers',
		5	'aggregateWatchTime'
		6	])
		7
		8	function isValidStatTimeserieMetric (value: VideoStatsTimeserieMetric) {
		9	return validMetrics.has(value)
		10	}
		11
		12	// ---------------------------------------------------------------------------
		13
		14	export {
		15	isValidStatTimeserieMetric
		16	}


diff --git a/server/helpers/custom-validators/video-view.ts b/server/helpers/custom-validators/video-view.ts new file mode 100644 index 000000000..091c92083 --- /dev/null +++ b/server/helpers/custom-validators/video-view.ts
@@ -0,0 +1,12 @@
		1	import { exists } from './misc'
		2
		3	function isVideoTimeValid (value: number, videoDuration?: number) {
		4	if (value < 0) return false
		5	if (exists(videoDuration) && value > videoDuration) return false
		6
		7	return true
		8	}
		9
		10	export {
		11	isVideoTimeValid
		12	}


diff --git a/server/helpers/geo-ip.ts b/server/helpers/geo-ip.ts new file mode 100644 index 000000000..4ba7011c2 --- /dev/null +++ b/server/helpers/geo-ip.ts
@@ -0,0 +1,78 @@
		1	import { pathExists, writeFile } from 'fs-extra'
		2	import maxmind, { CountryResponse, Reader } from 'maxmind'
		3	import { join } from 'path'
		4	import { CONFIG } from '@server/initializers/config'
		5	import { logger, loggerTagsFactory } from './logger'
		6	import { isBinaryResponse, peertubeGot } from './requests'
		7
		8	const lTags = loggerTagsFactory('geo-ip')
		9
		10	const mmbdFilename = 'dbip-country-lite-latest.mmdb'
		11	const mmdbPath = join(CONFIG.STORAGE.BIN_DIR, mmbdFilename)
		12
		13	export class GeoIP {
		14	private static instance: GeoIP
		15
		16	private reader: Reader<CountryResponse>
		17
		18	private constructor () {
		19	}
		20
		21	async safeCountryISOLookup (ip: string): Promise<string> {
		22	if (CONFIG.GEO_IP.ENABLED === false) return null
		23
		24	await this.initReaderIfNeeded()
		25
		26	try {
		27	const result = this.reader.get(ip)
		28	if (!result) return null
		29
		30	return result.country.iso_code
		31	} catch (err) {
		32	logger.error('Cannot get country from IP.', { err })
		33
		34	return null
		35	}
		36	}
		37
		38	async updateDatabase () {
		39	if (CONFIG.GEO_IP.ENABLED === false) return
		40
		41	const url = CONFIG.GEO_IP.COUNTRY.DATABASE_URL
		42
		43	logger.info('Updating GeoIP database from %s.', url, lTags())
		44
		45	const gotOptions = { context: { bodyKBLimit: 200_000 }, responseType: 'buffer' as 'buffer' }
		46
		47	try {
		48	const gotResult = await peertubeGot(url, gotOptions)
		49
		50	if (!isBinaryResponse(gotResult)) {
		51	throw new Error('Not a binary response')
		52	}
		53
		54	await writeFile(mmdbPath, gotResult.body)
		55
		56	// Reini reader
		57	this.reader = undefined
		58
		59	logger.info('GeoIP database updated %s.', mmdbPath, lTags())
		60	} catch (err) {
		61	logger.error('Cannot update GeoIP database from %s.', url, { err, ...lTags() })
		62	}
		63	}
		64
		65	private async initReaderIfNeeded () {
		66	if (!this.reader) {
		67	if (!await pathExists(mmdbPath)) {
		68	await this.updateDatabase()
		69	}
		70
		71	this.reader = await maxmind.open(mmdbPath)
		72	}
		73	}
		74
		75	static get Instance () {
		76	return this.instance \|\| (this.instance = new this())
		77	}
		78	}