From 8d1fa36ad22a21a9b0fb6bf51a27d09954220013 Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Fri, 16 Nov 2018 11:18:13 +0100 Subject: Do not host remote AP objects --- server/controllers/activitypub/client.ts | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) (limited to 'server/controllers') diff --git a/server/controllers/activitypub/client.ts b/server/controllers/activitypub/client.ts index ffbf1ba19..a342a48d4 100644 --- a/server/controllers/activitypub/client.ts +++ b/server/controllers/activitypub/client.ts @@ -39,6 +39,7 @@ import { import { VideoCaptionModel } from '../../models/video/video-caption' import { videoRedundancyGetValidator } from '../../middlewares/validators/redundancy' import { getServerActor } from '../../helpers/utils' +import { VideoRedundancyModel } from '../../models/redundancy/video-redundancy' const activityPubClientRouter = express.Router() @@ -164,6 +165,8 @@ function getAccountVideoRate (rateType: VideoRateType) { async function videoController (req: express.Request, res: express.Response, next: express.NextFunction) { const video: VideoModel = res.locals.video + if (video.isOwned() === false) return res.redirect(video.url) + // We need captions to render AP object video.VideoCaptions = await VideoCaptionModel.listVideoCaptions(video.id) @@ -180,6 +183,9 @@ async function videoController (req: express.Request, res: express.Response, nex async function videoAnnounceController (req: express.Request, res: express.Response, next: express.NextFunction) { const share = res.locals.videoShare as VideoShareModel + + if (share.Actor.isOwned() === false) return res.redirect(share.url) + const { activity } = await buildAnnounceWithVideoAudience(share.Actor, share, res.locals.video, undefined) return activityPubResponse(activityPubContextify(activity), res) @@ -252,6 +258,8 @@ async function videoChannelFollowingController (req: express.Request, res: expre async function videoCommentController (req: express.Request, res: express.Response, next: express.NextFunction) { const videoComment: VideoCommentModel = res.locals.videoComment + if (videoComment.isOwned() === false) return res.redirect(videoComment.url) + const threadParentComments = await VideoCommentModel.listThreadParentComments(videoComment, undefined) const isPublic = true // Comments are always public const audience = getAudience(videoComment.Account.Actor, isPublic) @@ -267,7 +275,9 @@ async function videoCommentController (req: express.Request, res: express.Respon } async function videoRedundancyController (req: express.Request, res: express.Response) { - const videoRedundancy = res.locals.videoRedundancy + const videoRedundancy: VideoRedundancyModel = res.locals.videoRedundancy + if (videoRedundancy.isOwned() === false) return res.redirect(videoRedundancy.url) + const serverActor = await getServerActor() const audience = getAudience(serverActor) -- cgit v1.2.3