5 files changed, 67 insertions, 25 deletions
diff --git a/server/middlewares/activitypub.ts b/server/middlewares/activitypub.ts
index 6cf8eea6f..bed2bfeab 100644
--- a/server/middlewares/activitypub.ts
+++ b/server/middlewares/activitypub.ts
@@ -1,12 +1,9 @@
-import { Request, Response, NextFunction } from 'express'
+import { NextFunction, Request, Response, RequestHandler } from 'express'
-import { database as db } from '../initializers'
-import {
-  logger,
-  getAccountFromWebfinger,
-  isSignatureVerified
-} from '../helpers'
 import { ActivityPubSignature } from '../../shared'
+import { isSignatureVerified, logger } from '../helpers'
+import { fetchRemoteAccountAndCreatePod } from '../helpers/activitypub'
+import { database as db, ACTIVITY_PUB_ACCEPT_HEADER } from '../initializers'
+import { each, eachSeries, waterfall } from 'async'
 async function checkSignature (req: Request, res: Response, next: NextFunction) {
  const signatureObject: ActivityPubSignature = req.body.signature
@@ -17,35 +14,40 @@ async function checkSignature (req: Request, res: Response, next: NextFunction)
  // We don't have this account in our database, fetch it on remote
  if (!account) {
-    account = await getAccountFromWebfinger(signatureObject.creator)
+    const accountResult = await fetchRemoteAccountAndCreatePod(signatureObject.creator)
-    if (!account) {
+    if (!accountResult) {
      return res.sendStatus(403)
    }
    // Save our new account in database
+    account = accountResult.account
    await account.save()
  }
  const verified = await isSignatureVerified(account, req.body)
  if (verified === false) return res.sendStatus(403)
-  res.locals.signature.account = account
+  res.locals.signature = {
+    account
+  }
  return next()
 }
-function executeIfActivityPub (fun: any | any[]) {
+function executeIfActivityPub (fun: RequestHandler | RequestHandler[]) {
  return (req: Request, res: Response, next: NextFunction) => {
-    if (req.header('Accept') !== 'application/ld+json; profile="https://www.w3.org/ns/activitystreams"') {
+    if (req.header('Accept') !== ACTIVITY_PUB_ACCEPT_HEADER) {
      return next()
    }
    if (Array.isArray(fun) === true) {
-      fun[0](req, res, next) // FIXME: doesn't work
+      return eachSeries(fun as RequestHandler[], (f, cb) => {
+        f(req, res, cb)
+      }, next)
    }
-    return fun(req, res, next)
+    return (fun as RequestHandler)(req, res, next)
  }
 }
diff --git a/server/middlewares/validators/account.ts b/server/middlewares/validators/account.ts
index 3ccf2ea21..58eeed3cc 100644
--- a/server/middlewares/validators/account.ts
+++ b/server/middlewares/validators/account.ts
@@ -8,13 +8,13 @@ import {
  isUserVideoQuotaValid,
  logger
 } from '../../helpers'
-import { isAccountNameWithHostValid } from '../../helpers/custom-validators/video-accounts'
+import { isAccountNameValid } from '../../helpers/custom-validators/accounts'
 import { database as db } from '../../initializers/database'
 import { AccountInstance } from '../../models'
 import { checkErrors } from './utils'
 const localAccountValidator = [
-  param('nameWithHost').custom(isAccountNameWithHostValid).withMessage('Should have a valid account with domain name (myuser@domain.tld)'),
+  param('name').custom(isAccountNameValid).withMessage('Should have a valid account name'),
  (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking localAccountValidator parameters', { parameters: req.params })
@@ -33,10 +33,8 @@ export {
 // ---------------------------------------------------------------------------
-function checkLocalAccountExists (nameWithHost: string, res: express.Response, callback: (err: Error, account: AccountInstance) => void) {
+function checkLocalAccountExists (name: string, res: express.Response, callback: (err: Error, account: AccountInstance) => void) {
-  const [ name, host ] = nameWithHost.split('@')
+  db.Account.loadLocalByName(name)
-  db.Account.loadLocalAccountByNameAndPod(name, host)
    .then(account => {
      if (!account) {
        return res.status(404)
diff --git a/server/middlewares/validators/activitypub/activity.ts b/server/middlewares/validators/activitypub/activity.ts
index 78a6d1444..0de8b2d85 100644
--- a/server/middlewares/validators/activitypub/activity.ts
+++ b/server/middlewares/validators/activitypub/activity.ts
@@ -1,11 +1,10 @@
-import { body } from 'express-validator/check'
 import * as express from 'express'
+import { body } from 'express-validator/check'
-import { logger, isRootActivityValid } from '../../../helpers'
+import { isRootActivityValid, logger } from '../../../helpers'
 import { checkErrors } from '../utils'
 const activityPubValidator = [
-  body('data').custom(isRootActivityValid),
+  body('').custom((value, { req }) => isRootActivityValid(req.body)),
  (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking activity pub parameters', { parameters: req.body })
diff --git a/server/middlewares/validators/index.ts b/server/middlewares/validators/index.ts
index 46c00d679..92a4bad28 100644
--- a/server/middlewares/validators/index.ts
+++ b/server/middlewares/validators/index.ts
@@ -8,3 +8,4 @@ export * from './users'
 export * from './videos'
 export * from './video-blacklist'
 export * from './video-channels'
+export * from './webfinger'
diff --git a/server/middlewares/validators/webfinger.ts b/server/middlewares/validators/webfinger.ts
new file mode 100644
index 000000000..068e03ad7
--- /dev/null
+++ b/server/middlewares/validators/webfinger.ts
@@ -0,0 +1,42 @@
+import { query } from 'express-validator/check'
+import * as express from 'express'
+import { checkErrors } from './utils'
+import { logger, isWebfingerResourceValid } from '../../helpers'
+import { database as db } from '../../initializers'
+const webfingerValidator = [
+  query('resource').custom(isWebfingerResourceValid).withMessage('Should have a valid webfinger resource'),
+  (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    logger.debug('Checking webfinger parameters', { parameters: req.query })
+    checkErrors(req, res, () => {
+      // Remove 'acct:' from the beginning of the string
+      const nameWithHost = req.query.resource.substr(5)
+      const [ name, ] = nameWithHost.split('@')
+      db.Account.loadLocalByName(name)
+        .then(account => {
+          if (!account) {
+            return res.status(404)
+              .send({ error: 'Account not found' })
+              .end()
+          }
+          res.locals.account = account
+          return next()
+        })
+        .catch(err => {
+          logger.error('Error in webfinger validator.', err)
+          return res.sendStatus(500)
+        })
+    })
+  }
+]
+// ---------------------------------------------------------------------------
+export {
+  webfingerValidator
+}

diff --git a/server/middlewares/activitypub.ts b/server/middlewares/activitypub.ts index 6cf8eea6f..bed2bfeab 100644 --- a/server/middlewares/activitypub.ts +++ b/server/middlewares/activitypub.ts
@@ -1,12 +1,9 @@
1	import { Request, Response, NextFunction } from 'express'	1	import { NextFunction, Request, Response, RequestHandler } from 'express'
2
3	import { database as db } from '../initializers'
4	import {
5	logger,
6	getAccountFromWebfinger,
7	isSignatureVerified
8	} from '../helpers'
9	import { ActivityPubSignature } from '../../shared'	2	import { ActivityPubSignature } from '../../shared'
		3	import { isSignatureVerified, logger } from '../helpers'
		4	import { fetchRemoteAccountAndCreatePod } from '../helpers/activitypub'
		5	import { database as db, ACTIVITY_PUB_ACCEPT_HEADER } from '../initializers'
		6	import { each, eachSeries, waterfall } from 'async'
10		7
11	async function checkSignature (req: Request, res: Response, next: NextFunction) {	8	async function checkSignature (req: Request, res: Response, next: NextFunction) {
12	const signatureObject: ActivityPubSignature = req.body.signature	9	const signatureObject: ActivityPubSignature = req.body.signature
@@ -17,35 +14,40 @@ async function checkSignature (req: Request, res: Response, next: NextFunction)
17		14
18	// We don't have this account in our database, fetch it on remote	15	// We don't have this account in our database, fetch it on remote
19	if (!account) {	16	if (!account) {
20	account = await getAccountFromWebfinger(signatureObject.creator)	17	const accountResult = await fetchRemoteAccountAndCreatePod(signatureObject.creator)
21		18
22	if (!account) {	19	if (!accountResult) {
23	return res.sendStatus(403)	20	return res.sendStatus(403)
24	}	21	}
25		22
26	// Save our new account in database	23	// Save our new account in database
		24	account = accountResult.account
27	await account.save()	25	await account.save()
28	}	26	}
29		27
30	const verified = await isSignatureVerified(account, req.body)	28	const verified = await isSignatureVerified(account, req.body)
31	if (verified === false) return res.sendStatus(403)	29	if (verified === false) return res.sendStatus(403)
32		30
33	res.locals.signature.account = account	31	res.locals.signature = {
		32	account
		33	}
34		34
35	return next()	35	return next()
36	}	36	}
37		37
38	function executeIfActivityPub (fun: any \| any[]) {	38	function executeIfActivityPub (fun: RequestHandler \| RequestHandler[]) {
39	return (req: Request, res: Response, next: NextFunction) => {	39	return (req: Request, res: Response, next: NextFunction) => {
40	if (req.header('Accept') !== 'application/ld+json; profile="https://www.w3.org/ns/activitystreams"') {	40	if (req.header('Accept') !== ACTIVITY_PUB_ACCEPT_HEADER) {
41	return next()	41	return next()
42	}	42	}
43		43
44	if (Array.isArray(fun) === true) {	44	if (Array.isArray(fun) === true) {
45	fun[0](req, res, next) // FIXME: doesn't work	45	return eachSeries(fun as RequestHandler[], (f, cb) => {
		46	f(req, res, cb)
		47	}, next)
46	}	48	}
47		49
48	return fun(req, res, next)	50	return (fun as RequestHandler)(req, res, next)
49	}	51	}
50	}	52	}
51		53


diff --git a/server/middlewares/validators/account.ts b/server/middlewares/validators/account.ts index 3ccf2ea21..58eeed3cc 100644 --- a/server/middlewares/validators/account.ts +++ b/server/middlewares/validators/account.ts
@@ -8,13 +8,13 @@ import {
8	isUserVideoQuotaValid,	8	isUserVideoQuotaValid,
9	logger	9	logger
10	} from '../../helpers'	10	} from '../../helpers'
11	import { isAccountNameWithHostValid } from '../../helpers/custom-validators/video-accounts'	11	import { isAccountNameValid } from '../../helpers/custom-validators/accounts'
12	import { database as db } from '../../initializers/database'	12	import { database as db } from '../../initializers/database'
13	import { AccountInstance } from '../../models'	13	import { AccountInstance } from '../../models'
14	import { checkErrors } from './utils'	14	import { checkErrors } from './utils'
15		15
16	const localAccountValidator = [	16	const localAccountValidator = [
17	param('nameWithHost').custom(isAccountNameWithHostValid).withMessage('Should have a valid account with domain name (myuser@domain.tld)'),	17	param('name').custom(isAccountNameValid).withMessage('Should have a valid account name'),
18		18
19	(req: express.Request, res: express.Response, next: express.NextFunction) => {	19	(req: express.Request, res: express.Response, next: express.NextFunction) => {
20	logger.debug('Checking localAccountValidator parameters', { parameters: req.params })	20	logger.debug('Checking localAccountValidator parameters', { parameters: req.params })
@@ -33,10 +33,8 @@ export {
33		33
34	// ---------------------------------------------------------------------------	34	// ---------------------------------------------------------------------------
35		35
36	function checkLocalAccountExists (nameWithHost: string, res: express.Response, callback: (err: Error, account: AccountInstance) => void) {	36	function checkLocalAccountExists (name: string, res: express.Response, callback: (err: Error, account: AccountInstance) => void) {
37	const [ name, host ] = nameWithHost.split('@')	37	db.Account.loadLocalByName(name)
38
39	db.Account.loadLocalAccountByNameAndPod(name, host)
40	.then(account => {	38	.then(account => {
41	if (!account) {	39	if (!account) {
42	return res.status(404)	40	return res.status(404)


diff --git a/server/middlewares/validators/activitypub/activity.ts b/server/middlewares/validators/activitypub/activity.ts index 78a6d1444..0de8b2d85 100644 --- a/server/middlewares/validators/activitypub/activity.ts +++ b/server/middlewares/validators/activitypub/activity.ts
@@ -1,11 +1,10 @@
1	import { body } from 'express-validator/check'
2	import * as express from 'express'	1	import * as express from 'express'
3		2	import { body } from 'express-validator/check'
4	import { logger, isRootActivityValid } from '../../../helpers'	3	import { isRootActivityValid, logger } from '../../../helpers'
5	import { checkErrors } from '../utils'	4	import { checkErrors } from '../utils'
6		5
7	const activityPubValidator = [	6	const activityPubValidator = [
8	body('data').custom(isRootActivityValid),	7	body('').custom((value, { req }) => isRootActivityValid(req.body)),
9		8
10	(req: express.Request, res: express.Response, next: express.NextFunction) => {	9	(req: express.Request, res: express.Response, next: express.NextFunction) => {
11	logger.debug('Checking activity pub parameters', { parameters: req.body })	10	logger.debug('Checking activity pub parameters', { parameters: req.body })


diff --git a/server/middlewares/validators/index.ts b/server/middlewares/validators/index.ts index 46c00d679..92a4bad28 100644 --- a/server/middlewares/validators/index.ts +++ b/server/middlewares/validators/index.ts
@@ -8,3 +8,4 @@ export * from './users'
8	export * from './videos'	8	export * from './videos'
9	export * from './video-blacklist'	9	export * from './video-blacklist'
10	export * from './video-channels'	10	export * from './video-channels'
		11	export * from './webfinger'


diff --git a/server/middlewares/validators/webfinger.ts b/server/middlewares/validators/webfinger.ts new file mode 100644 index 000000000..068e03ad7 --- /dev/null +++ b/server/middlewares/validators/webfinger.ts
@@ -0,0 +1,42 @@
		1	import { query } from 'express-validator/check'
		2	import * as express from 'express'
		3
		4	import { checkErrors } from './utils'
		5	import { logger, isWebfingerResourceValid } from '../../helpers'
		6	import { database as db } from '../../initializers'
		7
		8	const webfingerValidator = [
		9	query('resource').custom(isWebfingerResourceValid).withMessage('Should have a valid webfinger resource'),
		10
		11	(req: express.Request, res: express.Response, next: express.NextFunction) => {
		12	logger.debug('Checking webfinger parameters', { parameters: req.query })
		13
		14	checkErrors(req, res, () => {
		15	// Remove 'acct:' from the beginning of the string
		16	const nameWithHost = req.query.resource.substr(5)
		17	const [ name, ] = nameWithHost.split('@')
		18
		19	db.Account.loadLocalByName(name)
		20	.then(account => {
		21	if (!account) {
		22	return res.status(404)
		23	.send({ error: 'Account not found' })
		24	.end()
		25	}
		26
		27	res.locals.account = account
		28	return next()
		29	})
		30	.catch(err => {
		31	logger.error('Error in webfinger validator.', err)
		32	return res.sendStatus(500)
		33	})
		34	})
		35	}
		36	]
		37
		38	// ---------------------------------------------------------------------------
		39
		40	export {
		41	webfingerValidator
		42	}