From 474542d7ac60f7860daf9ea34d1c31968f43ab29 Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Wed, 9 Feb 2022 08:58:40 +0100 Subject: Add additional checks when importing a video --- server/controllers/api/videos/import.ts | 29 ++++++++++++++++++++++++++++- 1 file changed, 28 insertions(+), 1 deletion(-) (limited to 'server/controllers/api') diff --git a/server/controllers/api/videos/import.ts b/server/controllers/api/videos/import.ts index 8cbfd3286..b54fa822c 100644 --- a/server/controllers/api/videos/import.ts +++ b/server/controllers/api/videos/import.ts @@ -1,9 +1,11 @@ import express from 'express' -import { move, readFile } from 'fs-extra' +import { move, readFile, remove } from 'fs-extra' import { decode } from 'magnet-uri' import parseTorrent, { Instance } from 'parse-torrent' import { join } from 'path' +import { isVTTFileValid } from '@server/helpers/custom-validators/video-captions' import { isVideoFileExtnameValid } from '@server/helpers/custom-validators/videos' +import { isResolvingToUnicastOnly } from '@server/helpers/dns' import { Hooks } from '@server/lib/plugins/hooks' import { ServerConfigManager } from '@server/lib/server-config-manager' import { setVideoTags } from '@server/lib/video' @@ -195,6 +197,13 @@ async function addYoutubeDLImport (req: express.Request, res: express.Response) }) } + if (!await hasUnicastURLsOnly(youtubeDLInfo)) { + return res.fail({ + status: HttpStatusCode.FORBIDDEN_403, + message: 'Cannot use non unicast IP as targetUrl.' + }) + } + const video = await buildVideo(res.locals.videoChannel.id, body, youtubeDLInfo) // Process video thumbnail from request.files @@ -432,6 +441,11 @@ async function processYoutubeSubtitles (youtubeDL: YoutubeDLWrapper, targetUrl: logger.info('Will create %s subtitles from youtube import %s.', subtitles.length, targetUrl) for (const subtitle of subtitles) { + if (!await isVTTFileValid(subtitle.path)) { + await remove(subtitle.path) + continue + } + const videoCaption = new VideoCaptionModel({ videoId, language: subtitle.language, @@ -449,3 +463,16 @@ async function processYoutubeSubtitles (youtubeDL: YoutubeDLWrapper, targetUrl: logger.warn('Cannot get video subtitles.', { err }) } } + +async function hasUnicastURLsOnly (youtubeDLInfo: YoutubeDLInfo) { + const hosts = youtubeDLInfo.urls.map(u => new URL(u).hostname) + const uniqHosts = new Set(hosts) + + for (const h of uniqHosts) { + if (await isResolvingToUnicastOnly(h) !== true) { + return false + } + } + + return true +} -- cgit v1.2.3