From 1d6e5dfc376f3c0c2120055cc093161e76419f98 Mon Sep 17 00:00:00 2001
From: Chocobozzz <me@florianbigard.com>
Date: Wed, 9 May 2018 16:16:22 +0200
Subject: Improve video torrent AP object validator

---
 .../custom-validators/activitypub/activity.ts      |  8 +++----
 .../custom-validators/activitypub/videos.ts        | 25 +++++++++++-----------
 2 files changed, 17 insertions(+), 16 deletions(-)

(limited to 'server/helpers/custom-validators/activitypub')

diff --git a/server/helpers/custom-validators/activitypub/activity.ts b/server/helpers/custom-validators/activitypub/activity.ts
index 7e4dccefb..cabedaf20 100644
--- a/server/helpers/custom-validators/activitypub/activity.ts
+++ b/server/helpers/custom-validators/activitypub/activity.ts
@@ -11,9 +11,9 @@ import { isUndoActivityValid } from './undo'
 import { isVideoCommentCreateActivityValid, isVideoCommentDeleteActivityValid } from './video-comments'
 import {
   isVideoFlagValid,
-  isVideoTorrentCreateActivityValid,
+  sanitizeAndCheckVideoTorrentCreateActivity,
   isVideoTorrentDeleteActivityValid,
-  isVideoTorrentUpdateActivityValid
+  sanitizeAndCheckVideoTorrentUpdateActivity
 } from './videos'
 import { isViewActivityValid } from './view'
 
@@ -62,13 +62,13 @@ export {
 function checkCreateActivity (activity: any) {
   return isViewActivityValid(activity) ||
     isDislikeActivityValid(activity) ||
-    isVideoTorrentCreateActivityValid(activity) ||
+    sanitizeAndCheckVideoTorrentCreateActivity(activity) ||
     isVideoFlagValid(activity) ||
     isVideoCommentCreateActivityValid(activity)
 }
 
 function checkUpdateActivity (activity: any) {
-  return isVideoTorrentUpdateActivityValid(activity) ||
+  return sanitizeAndCheckVideoTorrentUpdateActivity(activity) ||
     isActorUpdateActivityValid(activity)
 }
 
diff --git a/server/helpers/custom-validators/activitypub/videos.ts b/server/helpers/custom-validators/activitypub/videos.ts
index 8ec7df49a..0d2e8766d 100644
--- a/server/helpers/custom-validators/activitypub/videos.ts
+++ b/server/helpers/custom-validators/activitypub/videos.ts
@@ -12,14 +12,14 @@ import {
 } from '../videos'
 import { isActivityPubUrlValid, isBaseActivityValid, setValidAttributedTo } from './misc'
 
-function isVideoTorrentCreateActivityValid (activity: any) {
+function sanitizeAndCheckVideoTorrentCreateActivity (activity: any) {
   return isBaseActivityValid(activity, 'Create') &&
-    isVideoTorrentObjectValid(activity.object)
+    sanitizeAndCheckVideoTorrentObject(activity.object)
 }
 
-function isVideoTorrentUpdateActivityValid (activity: any) {
+function sanitizeAndCheckVideoTorrentUpdateActivity (activity: any) {
   return isBaseActivityValid(activity, 'Update') &&
-    isVideoTorrentObjectValid(activity.object)
+    sanitizeAndCheckVideoTorrentObject(activity.object)
 }
 
 function isVideoTorrentDeleteActivityValid (activity: any) {
@@ -42,13 +42,17 @@ function isActivityPubVideoDurationValid (value: string) {
     isVideoDurationValid(value.replace(/[^0-9]+/g, ''))
 }
 
-function isVideoTorrentObjectValid (video: any) {
+function sanitizeAndCheckVideoTorrentObject (video: any) {
+  if (!setValidRemoteTags(video)) return false
+  if (!setValidRemoteVideoUrls(video)) return false
+  if (!setRemoteVideoTruncatedContent(video)) return false
+  if (!setValidAttributedTo(video)) return false
+
   return video.type === 'Video' &&
     isActivityPubUrlValid(video.id) &&
     isVideoNameValid(video.name) &&
     isActivityPubVideoDurationValid(video.duration) &&
     isUUIDValid(video.uuid) &&
-    setValidRemoteTags(video) &&
     (!video.category || isRemoteNumberIdentifierValid(video.category)) &&
     (!video.licence || isRemoteNumberIdentifierValid(video.licence)) &&
     (!video.language || isRemoteStringIdentifierValid(video.language)) &&
@@ -57,24 +61,21 @@ function isVideoTorrentObjectValid (video: any) {
     isBooleanValid(video.commentsEnabled) &&
     isDateValid(video.published) &&
     isDateValid(video.updated) &&
-    setRemoteVideoTruncatedContent(video) &&
     (!video.content || isRemoteVideoContentValid(video.mediaType, video.content)) &&
     isRemoteVideoIconValid(video.icon) &&
-    setValidRemoteVideoUrls(video) &&
     video.url.length !== 0 &&
-    setValidAttributedTo(video) &&
     video.attributedTo.length !== 0
 }
 
 // ---------------------------------------------------------------------------
 
 export {
-  isVideoTorrentCreateActivityValid,
-  isVideoTorrentUpdateActivityValid,
+  sanitizeAndCheckVideoTorrentCreateActivity,
+  sanitizeAndCheckVideoTorrentUpdateActivity,
   isVideoTorrentDeleteActivityValid,
   isRemoteStringIdentifierValid,
   isVideoFlagValid,
-  isVideoTorrentObjectValid
+  sanitizeAndCheckVideoTorrentObject
 }
 
 // ---------------------------------------------------------------------------
-- 
cgit v1.2.3