4 files changed, 19 insertions, 20 deletions

diff --git a/server/helpers/custom-validators/activitypub/activity.ts b/server/helpers/custom-validators/activitypub/activity.ts
index 7e4dccefb..cabedaf20 100644
--- a/server/helpers/custom-validators/activitypub/activity.ts
+++ b/server/helpers/custom-validators/activitypub/activity.ts
@@ -11,9 +11,9 @@ import { isUndoActivityValid } from './undo'
 import { isVideoCommentCreateActivityValid, isVideoCommentDeleteActivityValid } from './video-comments'
 import {
   isVideoFlagValid,
-  isVideoTorrentCreateActivityValid,
+  sanitizeAndCheckVideoTorrentCreateActivity,
   isVideoTorrentDeleteActivityValid,
-  isVideoTorrentUpdateActivityValid
+  sanitizeAndCheckVideoTorrentUpdateActivity
 } from './videos'
 import { isViewActivityValid } from './view'
 
@@ -62,13 +62,13 @@ export {
 function checkCreateActivity (activity: any) {
   return isViewActivityValid(activity) ||
     isDislikeActivityValid(activity) ||
-    isVideoTorrentCreateActivityValid(activity) ||
+    sanitizeAndCheckVideoTorrentCreateActivity(activity) ||
     isVideoFlagValid(activity) ||
     isVideoCommentCreateActivityValid(activity)
 }
 
 function checkUpdateActivity (activity: any) {
-  return isVideoTorrentUpdateActivityValid(activity) ||
+  return sanitizeAndCheckVideoTorrentUpdateActivity(activity) ||
     isActorUpdateActivityValid(activity)
 }
 
diff --git a/server/helpers/custom-validators/activitypub/videos.ts b/server/helpers/custom-validators/activitypub/videos.ts
index 8ec7df49a..0d2e8766d 100644
--- a/server/helpers/custom-validators/activitypub/videos.ts
+++ b/server/helpers/custom-validators/activitypub/videos.ts
@@ -12,14 +12,14 @@ import {
 } from '../videos'
 import { isActivityPubUrlValid, isBaseActivityValid, setValidAttributedTo } from './misc'
 
-function isVideoTorrentCreateActivityValid (activity: any) {
+function sanitizeAndCheckVideoTorrentCreateActivity (activity: any) {
   return isBaseActivityValid(activity, 'Create') &&
-    isVideoTorrentObjectValid(activity.object)
+    sanitizeAndCheckVideoTorrentObject(activity.object)
 }
 
-function isVideoTorrentUpdateActivityValid (activity: any) {
+function sanitizeAndCheckVideoTorrentUpdateActivity (activity: any) {
   return isBaseActivityValid(activity, 'Update') &&
-    isVideoTorrentObjectValid(activity.object)
+    sanitizeAndCheckVideoTorrentObject(activity.object)
 }
 
 function isVideoTorrentDeleteActivityValid (activity: any) {
@@ -42,13 +42,17 @@ function isActivityPubVideoDurationValid (value: string) {
     isVideoDurationValid(value.replace(/[^0-9]+/g, ''))
 }
 
-function isVideoTorrentObjectValid (video: any) {
+function sanitizeAndCheckVideoTorrentObject (video: any) {
+  if (!setValidRemoteTags(video)) return false
+  if (!setValidRemoteVideoUrls(video)) return false
+  if (!setRemoteVideoTruncatedContent(video)) return false
+  if (!setValidAttributedTo(video)) return false
+
   return video.type === 'Video' &&
     isActivityPubUrlValid(video.id) &&
     isVideoNameValid(video.name) &&
     isActivityPubVideoDurationValid(video.duration) &&
     isUUIDValid(video.uuid) &&
-    setValidRemoteTags(video) &&
     (!video.category || isRemoteNumberIdentifierValid(video.category)) &&
     (!video.licence || isRemoteNumberIdentifierValid(video.licence)) &&
     (!video.language || isRemoteStringIdentifierValid(video.language)) &&
@@ -57,24 +61,21 @@ function isVideoTorrentObjectValid (video: any) {
     isBooleanValid(video.commentsEnabled) &&
     isDateValid(video.published) &&
     isDateValid(video.updated) &&
-    setRemoteVideoTruncatedContent(video) &&
     (!video.content || isRemoteVideoContentValid(video.mediaType, video.content)) &&
     isRemoteVideoIconValid(video.icon) &&
-    setValidRemoteVideoUrls(video) &&
     video.url.length !== 0 &&
-    setValidAttributedTo(video) &&
     video.attributedTo.length !== 0
 }
 
 // ---------------------------------------------------------------------------
 
 export {
-  isVideoTorrentCreateActivityValid,
-  isVideoTorrentUpdateActivityValid,
+  sanitizeAndCheckVideoTorrentCreateActivity,
+  sanitizeAndCheckVideoTorrentUpdateActivity,
   isVideoTorrentDeleteActivityValid,
   isRemoteStringIdentifierValid,
   isVideoFlagValid,
-  isVideoTorrentObjectValid
+  sanitizeAndCheckVideoTorrentObject
 }
 
 // ---------------------------------------------------------------------------
diff --git a/server/lib/activitypub/videos.ts b/server/lib/activitypub/videos.ts
index 7cb1fe240..b81acbb35 100644
--- a/server/lib/activitypub/videos.ts
+++ b/server/lib/activitypub/videos.ts
@@ -5,7 +5,7 @@ import * as request from 'request'
 import { ActivityIconObject } from '../../../shared/index'
 import { VideoTorrentObject } from '../../../shared/models/activitypub/objects'
 import { VideoPrivacy, VideoRateType } from '../../../shared/models/videos'
-import { isVideoTorrentObjectValid } from '../../helpers/custom-validators/activitypub/videos'
+import { sanitizeAndCheckVideoTorrentObject } from '../../helpers/custom-validators/activitypub/videos'
 import { isVideoFileInfoHashValid } from '../../helpers/custom-validators/videos'
 import { retryTransactionWrapper } from '../../helpers/database-utils'
 import { logger } from '../../helpers/logger'
@@ -317,7 +317,7 @@ async function fetchRemoteVideo (videoUrl: string): Promise<VideoTorrentObject>
 
   const { body } = await doRequest(options)
 
-  if (isVideoTorrentObjectValid(body) === false) {
+  if (sanitizeAndCheckVideoTorrentObject(body) === false) {
     logger.debug('Remote video JSON is not valid.', { body })
     return undefined
   }
diff --git a/server/middlewares/validators/activitypub/activity.ts b/server/middlewares/validators/activitypub/activity.ts
index 4aace4c8e..3f9057c0c 100644
--- a/server/middlewares/validators/activitypub/activity.ts
+++ b/server/middlewares/validators/activitypub/activity.ts
@@ -1,10 +1,8 @@
 import * as express from 'express'
-import { body } from 'express-validator/check'
 import { isRootActivityValid } from '../../../helpers/custom-validators/activitypub/activity'
 import { logger } from '../../../helpers/logger'
 import { getServerActor } from '../../../helpers/utils'
 import { ActorModel } from '../../../models/activitypub/actor'
-import { areValidationErrors } from '../utils'
 
 async function activityPubValidator (req: express.Request, res: express.Response, next: express.NextFunction) {
   logger.debug('Checking activity pub parameters')