diff options
Diffstat (limited to 'server/middlewares/validators/oembed.ts')
-rw-r--r-- | server/middlewares/validators/oembed.ts | 59 |
1 files changed, 28 insertions, 31 deletions
diff --git a/server/middlewares/validators/oembed.ts b/server/middlewares/validators/oembed.ts index f8e34d2d4..31f06dc65 100644 --- a/server/middlewares/validators/oembed.ts +++ b/server/middlewares/validators/oembed.ts | |||
@@ -1,15 +1,10 @@ | |||
1 | import { query } from 'express-validator/check' | ||
2 | import * as express from 'express' | 1 | import * as express from 'express' |
2 | import { query } from 'express-validator/check' | ||
3 | import { join } from 'path' | 3 | import { join } from 'path' |
4 | 4 | import { isIdOrUUIDValid, isTestInstance, logger } from '../../helpers' | |
5 | import { checkErrors } from './utils' | ||
6 | import { CONFIG } from '../../initializers' | 5 | import { CONFIG } from '../../initializers' |
7 | import { | 6 | import { areValidationErrors } from './utils' |
8 | logger, | 7 | import { isVideoExist } from '../../helpers/custom-validators/videos' |
9 | isTestInstance, | ||
10 | checkVideoExists, | ||
11 | isIdOrUUIDValid | ||
12 | } from '../../helpers' | ||
13 | 8 | ||
14 | const urlShouldStartWith = CONFIG.WEBSERVER.SCHEME + '://' + join(CONFIG.WEBSERVER.HOST, 'videos', 'watch') + '/' | 9 | const urlShouldStartWith = CONFIG.WEBSERVER.SCHEME + '://' + join(CONFIG.WEBSERVER.HOST, 'videos', 'watch') + '/' |
15 | const videoWatchRegex = new RegExp('([^/]+)$') | 10 | const videoWatchRegex = new RegExp('([^/]+)$') |
@@ -29,33 +24,35 @@ const oembedValidator = [ | |||
29 | query('maxheight').optional().isInt().withMessage('Should have a valid max height'), | 24 | query('maxheight').optional().isInt().withMessage('Should have a valid max height'), |
30 | query('format').optional().isIn([ 'xml', 'json' ]).withMessage('Should have a valid format'), | 25 | query('format').optional().isIn([ 'xml', 'json' ]).withMessage('Should have a valid format'), |
31 | 26 | ||
32 | (req: express.Request, res: express.Response, next: express.NextFunction) => { | 27 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { |
33 | logger.debug('Checking oembed parameters', { parameters: req.query }) | 28 | logger.debug('Checking oembed parameters', { parameters: req.query }) |
34 | 29 | ||
35 | checkErrors(req, res, () => { | 30 | if (areValidationErrors(req, res)) return |
36 | if (req.query.format !== undefined && req.query.format !== 'json') { | 31 | |
37 | return res.status(501) | 32 | if (req.query.format !== undefined && req.query.format !== 'json') { |
38 | .json({ error: 'Requested format is not implemented on server.' }) | 33 | return res.status(501) |
39 | .end() | 34 | .json({ error: 'Requested format is not implemented on server.' }) |
40 | } | 35 | .end() |
36 | } | ||
37 | |||
38 | const startIsOk = req.query.url.startsWith(urlShouldStartWith) | ||
39 | const matches = videoWatchRegex.exec(req.query.url) | ||
40 | if (startIsOk === false || matches === null) { | ||
41 | return res.status(400) | ||
42 | .json({ error: 'Invalid url.' }) | ||
43 | .end() | ||
44 | } | ||
41 | 45 | ||
42 | const startIsOk = req.query.url.startsWith(urlShouldStartWith) | 46 | const videoId = matches[1] |
43 | const matches = videoWatchRegex.exec(req.query.url) | 47 | if (isIdOrUUIDValid(videoId) === false) { |
44 | if (startIsOk === false || matches === null) { | 48 | return res.status(400) |
45 | return res.status(400) | 49 | .json({ error: 'Invalid video id.' }) |
46 | .json({ error: 'Invalid url.' }) | 50 | .end() |
47 | .end() | 51 | } |
48 | } | ||
49 | 52 | ||
50 | const videoId = matches[1] | 53 | if (!await isVideoExist(videoId, res)) return |
51 | if (isIdOrUUIDValid(videoId) === false) { | ||
52 | return res.status(400) | ||
53 | .json({ error: 'Invalid video id.' }) | ||
54 | .end() | ||
55 | } | ||
56 | 54 | ||
57 | checkVideoExists(videoId, res, next) | 55 | return next() |
58 | }) | ||
59 | } | 56 | } |
60 | ] | 57 | ] |
61 | 58 | ||