From d9a2a03196275065c28f4a0b7d4d7bc9992d77a1 Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Thu, 18 Feb 2021 10:15:11 +0100 Subject: Don't guess remote tracker URL --- .../custom-validators/activitypub/videos.ts | 24 ++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) (limited to 'server/helpers/custom-validators') diff --git a/server/helpers/custom-validators/activitypub/videos.ts b/server/helpers/custom-validators/activitypub/videos.ts index a01429c83..a41d37810 100644 --- a/server/helpers/custom-validators/activitypub/videos.ts +++ b/server/helpers/custom-validators/activitypub/videos.ts @@ -1,4 +1,7 @@ import validator from 'validator' +import { logger } from '@server/helpers/logger' +import { ActivityTrackerUrlObject, ActivityVideoFileMetadataUrlObject } from '@shared/models' +import { VideoState } from '../../../../shared/models/videos' import { ACTIVITY_PUB, CONSTRAINTS_FIELDS } from '../../../initializers/constants' import { peertubeTruncate } from '../../core-utils' import { exists, isArray, isBooleanValid, isDateValid, isUUIDValid } from '../misc' @@ -11,9 +14,6 @@ import { isVideoViewsValid } from '../videos' import { isActivityPubUrlValid, isBaseActivityValid, setValidAttributedTo } from './misc' -import { VideoState } from '../../../../shared/models/videos' -import { logger } from '@server/helpers/logger' -import { ActivityVideoFileMetadataObject } from '@shared/models' function sanitizeAndCheckVideoTorrentUpdateActivity (activity: any) { return isBaseActivityValid(activity, 'Update') && @@ -84,6 +84,7 @@ function sanitizeAndCheckVideoTorrentObject (video: any) { function isRemoteVideoUrlValid (url: any) { return url.type === 'Link' && + // Video file link ( ACTIVITY_PUB.URL_MIME_TYPES.VIDEO.includes(url.mediaType) && isActivityPubUrlValid(url.href) && @@ -91,31 +92,41 @@ function isRemoteVideoUrlValid (url: any) { validator.isInt(url.size + '', { min: 0 }) && (!url.fps || validator.isInt(url.fps + '', { min: -1 })) ) || + // Torrent link ( ACTIVITY_PUB.URL_MIME_TYPES.TORRENT.includes(url.mediaType) && isActivityPubUrlValid(url.href) && validator.isInt(url.height + '', { min: 0 }) ) || + // Magnet link ( ACTIVITY_PUB.URL_MIME_TYPES.MAGNET.includes(url.mediaType) && validator.isLength(url.href, { min: 5 }) && validator.isInt(url.height + '', { min: 0 }) ) || + // HLS playlist link ( (url.mediaType || url.mimeType) === 'application/x-mpegURL' && isActivityPubUrlValid(url.href) && isArray(url.tag) ) || - isAPVideoFileMetadataObject(url) + isAPVideoTrackerUrlObject(url) || + isAPVideoFileUrlMetadataObject(url) } -function isAPVideoFileMetadataObject (url: any): url is ActivityVideoFileMetadataObject { +function isAPVideoFileUrlMetadataObject (url: any): url is ActivityVideoFileMetadataUrlObject { return url && url.type === 'Link' && url.mediaType === 'application/json' && isArray(url.rel) && url.rel.includes('metadata') } +function isAPVideoTrackerUrlObject (url: any): url is ActivityTrackerUrlObject { + return isArray(url.rel) && + url.rel.includes('tracker') && + isActivityPubUrlValid(url.href) +} + // --------------------------------------------------------------------------- export { @@ -123,7 +134,8 @@ export { isRemoteStringIdentifierValid, sanitizeAndCheckVideoTorrentObject, isRemoteVideoUrlValid, - isAPVideoFileMetadataObject + isAPVideoFileUrlMetadataObject, + isAPVideoTrackerUrlObject } // --------------------------------------------------------------------------- -- cgit v1.2.3