diff options
Diffstat (limited to 'server')
-rw-r--r-- | server/middlewares/validators/oembed.ts | 16 | ||||
-rw-r--r-- | server/tests/api/server/services.ts | 66 |
2 files changed, 50 insertions, 32 deletions
diff --git a/server/middlewares/validators/oembed.ts b/server/middlewares/validators/oembed.ts index 5e47211b5..96c8adc99 100644 --- a/server/middlewares/validators/oembed.ts +++ b/server/middlewares/validators/oembed.ts | |||
@@ -62,12 +62,26 @@ const oembedValidator = [ | |||
62 | 62 | ||
63 | const url = req.query.url as string | 63 | const url = req.query.url as string |
64 | 64 | ||
65 | let urlPath: string | ||
66 | |||
67 | try { | ||
68 | urlPath = new URL(url).pathname | ||
69 | } catch (err) { | ||
70 | return res.fail({ | ||
71 | status: HttpStatusCode.BAD_REQUEST_400, | ||
72 | message: err.message, | ||
73 | data: { | ||
74 | url | ||
75 | } | ||
76 | }) | ||
77 | } | ||
78 | |||
65 | const isPlaylist = startPlaylistURLs.some(u => url.startsWith(u)) | 79 | const isPlaylist = startPlaylistURLs.some(u => url.startsWith(u)) |
66 | const isVideo = isPlaylist ? false : startVideoURLs.some(u => url.startsWith(u)) | 80 | const isVideo = isPlaylist ? false : startVideoURLs.some(u => url.startsWith(u)) |
67 | 81 | ||
68 | const startIsOk = isVideo || isPlaylist | 82 | const startIsOk = isVideo || isPlaylist |
69 | 83 | ||
70 | const matches = watchRegex.exec(url) | 84 | const matches = watchRegex.exec(urlPath) |
71 | 85 | ||
72 | if (startIsOk === false || matches === null) { | 86 | if (startIsOk === false || matches === null) { |
73 | return res.fail({ | 87 | return res.fail({ |
diff --git a/server/tests/api/server/services.ts b/server/tests/api/server/services.ts index 69d030dbb..3a87df981 100644 --- a/server/tests/api/server/services.ts +++ b/server/tests/api/server/services.ts | |||
@@ -52,42 +52,46 @@ describe('Test services', function () { | |||
52 | 52 | ||
53 | it('Should have a valid oEmbed video response', async function () { | 53 | it('Should have a valid oEmbed video response', async function () { |
54 | for (const basePath of [ '/videos/watch/', '/w/' ]) { | 54 | for (const basePath of [ '/videos/watch/', '/w/' ]) { |
55 | const oembedUrl = 'http://localhost:' + server.port + basePath + video.uuid | 55 | for (const suffix of [ '', '?param=1' ]) { |
56 | 56 | const oembedUrl = server.url + basePath + video.uuid + suffix | |
57 | const res = await server.services.getOEmbed({ oembedUrl }) | 57 | |
58 | const expectedHtml = '<iframe width="560" height="315" sandbox="allow-same-origin allow-scripts" ' + | 58 | const res = await server.services.getOEmbed({ oembedUrl }) |
59 | `title="${video.name}" src="http://localhost:${server.port}/videos/embed/${video.uuid}" ` + | 59 | const expectedHtml = '<iframe width="560" height="315" sandbox="allow-same-origin allow-scripts" ' + |
60 | 'frameborder="0" allowfullscreen></iframe>' | 60 | `title="${video.name}" src="http://localhost:${server.port}/videos/embed/${video.uuid}" ` + |
61 | const expectedThumbnailUrl = 'http://localhost:' + server.port + video.previewPath | 61 | 'frameborder="0" allowfullscreen></iframe>' |
62 | 62 | const expectedThumbnailUrl = 'http://localhost:' + server.port + video.previewPath | |
63 | expect(res.body.html).to.equal(expectedHtml) | 63 | |
64 | expect(res.body.title).to.equal(video.name) | 64 | expect(res.body.html).to.equal(expectedHtml) |
65 | expect(res.body.author_name).to.equal(server.store.channel.displayName) | 65 | expect(res.body.title).to.equal(video.name) |
66 | expect(res.body.width).to.equal(560) | 66 | expect(res.body.author_name).to.equal(server.store.channel.displayName) |
67 | expect(res.body.height).to.equal(315) | 67 | expect(res.body.width).to.equal(560) |
68 | expect(res.body.thumbnail_url).to.equal(expectedThumbnailUrl) | 68 | expect(res.body.height).to.equal(315) |
69 | expect(res.body.thumbnail_width).to.equal(850) | 69 | expect(res.body.thumbnail_url).to.equal(expectedThumbnailUrl) |
70 | expect(res.body.thumbnail_height).to.equal(480) | 70 | expect(res.body.thumbnail_width).to.equal(850) |
71 | expect(res.body.thumbnail_height).to.equal(480) | ||
72 | } | ||
71 | } | 73 | } |
72 | }) | 74 | }) |
73 | 75 | ||
74 | it('Should have a valid playlist oEmbed response', async function () { | 76 | it('Should have a valid playlist oEmbed response', async function () { |
75 | for (const basePath of [ '/videos/watch/playlist/', '/w/p/' ]) { | 77 | for (const basePath of [ '/videos/watch/playlist/', '/w/p/' ]) { |
76 | const oembedUrl = 'http://localhost:' + server.port + basePath + playlistUUID | 78 | for (const suffix of [ '', '?param=1' ]) { |
77 | 79 | const oembedUrl = server.url + basePath + playlistUUID + suffix | |
78 | const res = await server.services.getOEmbed({ oembedUrl }) | 80 | |
79 | const expectedHtml = '<iframe width="560" height="315" sandbox="allow-same-origin allow-scripts" ' + | 81 | const res = await server.services.getOEmbed({ oembedUrl }) |
80 | `title="${playlistDisplayName}" src="http://localhost:${server.port}/video-playlists/embed/${playlistUUID}" ` + | 82 | const expectedHtml = '<iframe width="560" height="315" sandbox="allow-same-origin allow-scripts" ' + |
81 | 'frameborder="0" allowfullscreen></iframe>' | 83 | `title="${playlistDisplayName}" src="http://localhost:${server.port}/video-playlists/embed/${playlistUUID}" ` + |
82 | 84 | 'frameborder="0" allowfullscreen></iframe>' | |
83 | expect(res.body.html).to.equal(expectedHtml) | 85 | |
84 | expect(res.body.title).to.equal('The Life and Times of Scrooge McDuck') | 86 | expect(res.body.html).to.equal(expectedHtml) |
85 | expect(res.body.author_name).to.equal(server.store.channel.displayName) | 87 | expect(res.body.title).to.equal('The Life and Times of Scrooge McDuck') |
86 | expect(res.body.width).to.equal(560) | 88 | expect(res.body.author_name).to.equal(server.store.channel.displayName) |
87 | expect(res.body.height).to.equal(315) | 89 | expect(res.body.width).to.equal(560) |
88 | expect(res.body.thumbnail_url).exist | 90 | expect(res.body.height).to.equal(315) |
89 | expect(res.body.thumbnail_width).to.equal(280) | 91 | expect(res.body.thumbnail_url).exist |
90 | expect(res.body.thumbnail_height).to.equal(157) | 92 | expect(res.body.thumbnail_width).to.equal(280) |
93 | expect(res.body.thumbnail_height).to.equal(157) | ||
94 | } | ||
91 | } | 95 | } |
92 | }) | 96 | }) |
93 | 97 | ||