diff options
Diffstat (limited to 'server/lib/activitypub/video-comments.ts')
| -rw-r--r-- | server/lib/activitypub/video-comments.ts | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/server/lib/activitypub/video-comments.ts b/server/lib/activitypub/video-comments.ts index c8c17f4c4..5868e7297 100644 --- a/server/lib/activitypub/video-comments.ts +++ b/server/lib/activitypub/video-comments.ts | |||
| @@ -9,6 +9,7 @@ import { VideoCommentModel } from '../../models/video/video-comment' | |||
| 9 | import { getOrCreateActorAndServerAndModel } from './actor' | 9 | import { getOrCreateActorAndServerAndModel } from './actor' |
| 10 | import { getOrCreateVideoAndAccountAndChannel } from './videos' | 10 | import { getOrCreateVideoAndAccountAndChannel } from './videos' |
| 11 | import * as Bluebird from 'bluebird' | 11 | import * as Bluebird from 'bluebird' |
| 12 | import { checkUrlsSameHost } from '../../helpers/activitypub' | ||
| 12 | 13 | ||
| 13 | async function videoCommentActivityObjectToDBAttributes (video: VideoModel, actor: ActorModel, comment: VideoCommentObject) { | 14 | async function videoCommentActivityObjectToDBAttributes (video: VideoModel, actor: ActorModel, comment: VideoCommentObject) { |
| 14 | let originCommentId: number = null | 15 | let originCommentId: number = null |
| @@ -61,6 +62,14 @@ async function addVideoComment (videoInstance: VideoModel, commentUrl: string) { | |||
| 61 | const actorUrl = body.attributedTo | 62 | const actorUrl = body.attributedTo |
| 62 | if (!actorUrl) return { created: false } | 63 | if (!actorUrl) return { created: false } |
| 63 | 64 | ||
| 65 | if (checkUrlsSameHost(commentUrl, actorUrl) !== true) { | ||
| 66 | throw new Error(`Actor url ${actorUrl} has not the same host than the comment url ${commentUrl}`) | ||
| 67 | } | ||
| 68 | |||
| 69 | if (checkUrlsSameHost(body.id, commentUrl) !== true) { | ||
| 70 | throw new Error(`Comment url ${commentUrl} host is different from the AP object id ${body.id}`) | ||
| 71 | } | ||
| 72 | |||
| 64 | const actor = await getOrCreateActorAndServerAndModel(actorUrl) | 73 | const actor = await getOrCreateActorAndServerAndModel(actorUrl) |
| 65 | const entry = await videoCommentActivityObjectToDBAttributes(videoInstance, actor, body) | 74 | const entry = await videoCommentActivityObjectToDBAttributes(videoInstance, actor, body) |
| 66 | if (!entry) return { created: false } | 75 | if (!entry) return { created: false } |
| @@ -134,6 +143,14 @@ async function resolveThread (url: string, comments: VideoCommentModel[] = []) { | |||
| 134 | const actorUrl = body.attributedTo | 143 | const actorUrl = body.attributedTo |
| 135 | if (!actorUrl) throw new Error('Miss attributed to in comment') | 144 | if (!actorUrl) throw new Error('Miss attributed to in comment') |
| 136 | 145 | ||
| 146 | if (checkUrlsSameHost(url, actorUrl) !== true) { | ||
| 147 | throw new Error(`Actor url ${actorUrl} has not the same host than the comment url ${url}`) | ||
| 148 | } | ||
| 149 | |||
| 150 | if (checkUrlsSameHost(body.id, url) !== true) { | ||
| 151 | throw new Error(`Comment url ${url} host is different from the AP object id ${body.id}`) | ||
| 152 | } | ||
| 153 | |||
| 137 | const actor = await getOrCreateActorAndServerAndModel(actorUrl) | 154 | const actor = await getOrCreateActorAndServerAndModel(actorUrl) |
| 138 | const comment = new VideoCommentModel({ | 155 | const comment = new VideoCommentModel({ |
| 139 | url: body.id, | 156 | url: body.id, |