aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/middlewares/validators/oembed.ts
diff options
context:
space:
mode:
Diffstat (limited to 'server/middlewares/validators/oembed.ts')
-rw-r--r--server/middlewares/validators/oembed.ts59
1 files changed, 28 insertions, 31 deletions
diff --git a/server/middlewares/validators/oembed.ts b/server/middlewares/validators/oembed.ts
index f8e34d2d4..31f06dc65 100644
--- a/server/middlewares/validators/oembed.ts
+++ b/server/middlewares/validators/oembed.ts
@@ -1,15 +1,10 @@
1import { query } from 'express-validator/check'
2import * as express from 'express' 1import * as express from 'express'
2import { query } from 'express-validator/check'
3import { join } from 'path' 3import { join } from 'path'
4 4import { isIdOrUUIDValid, isTestInstance, logger } from '../../helpers'
5import { checkErrors } from './utils'
6import { CONFIG } from '../../initializers' 5import { CONFIG } from '../../initializers'
7import { 6import { areValidationErrors } from './utils'
8 logger, 7import { isVideoExist } from '../../helpers/custom-validators/videos'
9 isTestInstance,
10 checkVideoExists,
11 isIdOrUUIDValid
12} from '../../helpers'
13 8
14const urlShouldStartWith = CONFIG.WEBSERVER.SCHEME + '://' + join(CONFIG.WEBSERVER.HOST, 'videos', 'watch') + '/' 9const urlShouldStartWith = CONFIG.WEBSERVER.SCHEME + '://' + join(CONFIG.WEBSERVER.HOST, 'videos', 'watch') + '/'
15const videoWatchRegex = new RegExp('([^/]+)$') 10const videoWatchRegex = new RegExp('([^/]+)$')
@@ -29,33 +24,35 @@ const oembedValidator = [
29 query('maxheight').optional().isInt().withMessage('Should have a valid max height'), 24 query('maxheight').optional().isInt().withMessage('Should have a valid max height'),
30 query('format').optional().isIn([ 'xml', 'json' ]).withMessage('Should have a valid format'), 25 query('format').optional().isIn([ 'xml', 'json' ]).withMessage('Should have a valid format'),
31 26
32 (req: express.Request, res: express.Response, next: express.NextFunction) => { 27 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
33 logger.debug('Checking oembed parameters', { parameters: req.query }) 28 logger.debug('Checking oembed parameters', { parameters: req.query })
34 29
35 checkErrors(req, res, () => { 30 if (areValidationErrors(req, res)) return
36 if (req.query.format !== undefined && req.query.format !== 'json') { 31
37 return res.status(501) 32 if (req.query.format !== undefined && req.query.format !== 'json') {
38 .json({ error: 'Requested format is not implemented on server.' }) 33 return res.status(501)
39 .end() 34 .json({ error: 'Requested format is not implemented on server.' })
40 } 35 .end()
36 }
37
38 const startIsOk = req.query.url.startsWith(urlShouldStartWith)
39 const matches = videoWatchRegex.exec(req.query.url)
40 if (startIsOk === false || matches === null) {
41 return res.status(400)
42 .json({ error: 'Invalid url.' })
43 .end()
44 }
41 45
42 const startIsOk = req.query.url.startsWith(urlShouldStartWith) 46 const videoId = matches[1]
43 const matches = videoWatchRegex.exec(req.query.url) 47 if (isIdOrUUIDValid(videoId) === false) {
44 if (startIsOk === false || matches === null) { 48 return res.status(400)
45 return res.status(400) 49 .json({ error: 'Invalid video id.' })
46 .json({ error: 'Invalid url.' }) 50 .end()
47 .end() 51 }
48 }
49 52
50 const videoId = matches[1] 53 if (!await isVideoExist(videoId, res)) return
51 if (isIdOrUUIDValid(videoId) === false) {
52 return res.status(400)
53 .json({ error: 'Invalid video id.' })
54 .end()
55 }
56 54
57 checkVideoExists(videoId, res, next) 55 return next()
58 })
59 } 56 }
60] 57]
61 58