From 51c443dbe0284c5ec54033be06f554ec37397bce Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Thu, 26 Oct 2017 10:40:37 +0200 Subject: Be tolerant with remote requests Just remove videos we don't want --- server/helpers/custom-validators/remote/videos.ts | 86 ++++++++++++----------- server/helpers/custom-validators/videos.ts | 20 +++++- server/lib/request/abstract-request-scheduler.ts | 6 +- server/middlewares/validators/remote/videos.ts | 31 +++++--- 4 files changed, 91 insertions(+), 52 deletions(-) (limited to 'server') diff --git a/server/helpers/custom-validators/remote/videos.ts b/server/helpers/custom-validators/remote/videos.ts index 057996f1c..a9ca36fe8 100644 --- a/server/helpers/custom-validators/remote/videos.ts +++ b/server/helpers/custom-validators/remote/videos.ts @@ -15,9 +15,9 @@ import { isVideoLikesValid, isVideoDislikesValid, isVideoEventCountValid, - isVideoCategoryValid, - isVideoLicenceValid, - isVideoLanguageValid, + isRemoteVideoCategoryValid, + isRemoteVideoLicenceValid, + isRemoteVideoLanguageValid, isVideoNSFWValid, isVideoDescriptionValid, isVideoDurationValid, @@ -43,58 +43,64 @@ checkers[ENDPOINT_ACTIONS.REMOVE_CHANNEL] = checkRemoveVideoChannel checkers[ENDPOINT_ACTIONS.ADD_AUTHOR] = checkAddAuthor checkers[ENDPOINT_ACTIONS.REMOVE_AUTHOR] = checkRemoveAuthor -function isEachRemoteRequestVideosValid (requests: any[]) { - return isArray(requests) && - requests.every(request => { - const video = request.data - - if (!video) return false - - const checker = checkers[request.type] - // We don't know the request type - if (checker === undefined) return false - - return checker(video) - }) +function removeBadRequestVideos (requests: any[]) { + for (let i = requests.length - 1; i >= 0 ; i--) { + const request = requests[i] + const video = request.data + + if ( + !video || + checkers[request.type] === undefined || + checkers[request.type](video) === false + ) { + requests.splice(i, 1) + } + } } -function isEachRemoteRequestVideosQaduValid (requests: any[]) { - return isArray(requests) && - requests.every(request => { - const video = request.data +function removeBadRequestVideosQadu (requests: any[]) { + for (let i = requests.length - 1; i >= 0 ; i--) { + const request = requests[i] + const video = request.data - if (!video) return false - - return ( + if ( + !video || + ( isUUIDValid(video.uuid) && (has(video, 'views') === false || isVideoViewsValid(video.views)) && (has(video, 'likes') === false || isVideoLikesValid(video.likes)) && (has(video, 'dislikes') === false || isVideoDislikesValid(video.dislikes)) - ) - }) + ) === false + ) { + requests.splice(i, 1) + } + } } -function isEachRemoteRequestVideosEventsValid (requests: any[]) { - return isArray(requests) && - requests.every(request => { - const eventData = request.data - - if (!eventData) return false +function removeBadRequestVideosEvents (requests: any[]) { + for (let i = requests.length - 1; i >= 0 ; i--) { + const request = requests[i] + const eventData = request.data - return ( + if ( + !eventData || + ( isUUIDValid(eventData.uuid) && values(REQUEST_VIDEO_EVENT_TYPES).indexOf(eventData.eventType) !== -1 && isVideoEventCountValid(eventData.count) - ) - }) + ) === false + ) { + requests.splice(i, 1) + } + } } // --------------------------------------------------------------------------- export { - isEachRemoteRequestVideosValid, - isEachRemoteRequestVideosQaduValid, - isEachRemoteRequestVideosEventsValid + removeBadRequestVideos, + removeBadRequestVideosQadu, + removeBadRequestVideosEvents } // --------------------------------------------------------------------------- @@ -102,9 +108,9 @@ export { function isCommonVideoAttributesValid (video: any) { return isDateValid(video.createdAt) && isDateValid(video.updatedAt) && - isVideoCategoryValid(video.category) && - isVideoLicenceValid(video.licence) && - isVideoLanguageValid(video.language) && + isRemoteVideoCategoryValid(video.category) && + isRemoteVideoLicenceValid(video.licence) && + isRemoteVideoLanguageValid(video.language) && isVideoNSFWValid(video.nsfw) && isVideoDescriptionValid(video.description) && isVideoDurationValid(video.duration) && diff --git a/server/helpers/custom-validators/videos.ts b/server/helpers/custom-validators/videos.ts index 4e441fe5f..11b085b78 100644 --- a/server/helpers/custom-validators/videos.ts +++ b/server/helpers/custom-validators/videos.ts @@ -27,14 +27,29 @@ function isVideoCategoryValid (value: number) { return VIDEO_CATEGORIES[value] !== undefined } +// Maybe we don't know the remote category, but that doesn't matter +function isRemoteVideoCategoryValid (value: string) { + return validator.isInt('' + value) +} + function isVideoLicenceValid (value: number) { return VIDEO_LICENCES[value] !== undefined } +// Maybe we don't know the remote licence, but that doesn't matter +function isRemoteVideoLicenceValid (value: string) { + return validator.isInt('' + value) +} + function isVideoLanguageValid (value: number) { return value === null || VIDEO_LANGUAGES[value] !== undefined } +// Maybe we don't know the remote language, but that doesn't matter +function isRemoteVideoLanguageValid (value: string) { + return validator.isInt('' + value) +} + function isVideoNSFWValid (value: any) { return typeof value === 'boolean' || (typeof value === 'string' && validator.isBoolean(value)) } @@ -176,5 +191,8 @@ export { isVideoEventCountValid, isVideoFileSizeValid, isVideoFileResolutionValid, - checkVideoExists + checkVideoExists, + isRemoteVideoCategoryValid, + isRemoteVideoLicenceValid, + isRemoteVideoLanguageValid } diff --git a/server/lib/request/abstract-request-scheduler.ts b/server/lib/request/abstract-request-scheduler.ts index 08e371a02..f838c47f2 100644 --- a/server/lib/request/abstract-request-scheduler.ts +++ b/server/lib/request/abstract-request-scheduler.ts @@ -88,8 +88,10 @@ abstract class AbstractRequestScheduler { // The function fire some useful callbacks try { const { response } = await makeSecureRequest(params) - if (response.statusCode !== 200 && response.statusCode !== 201 && response.statusCode !== 204) { - throw new Error('Status code not 20x : ' + response.statusCode) + + // 400 because if the other pod is not up to date, it may not understand our request + if ([ 200, 201, 204, 400 ].indexOf(response.statusCode) === -1) { + throw new Error('Status code not 20x or 400 : ' + response.statusCode) } } catch (err) { logger.error('Error sending secure request to %s pod.', toPod.host, err) diff --git a/server/middlewares/validators/remote/videos.ts b/server/middlewares/validators/remote/videos.ts index e4682a60b..497320cc1 100644 --- a/server/middlewares/validators/remote/videos.ts +++ b/server/middlewares/validators/remote/videos.ts @@ -3,39 +3,52 @@ import * as express from 'express' import { logger, - isEachRemoteRequestVideosValid, - isEachRemoteRequestVideosQaduValid, - isEachRemoteRequestVideosEventsValid + isArray, + removeBadRequestVideos, + removeBadRequestVideosQadu, + removeBadRequestVideosEvents } from '../../../helpers' import { checkErrors } from '../utils' const remoteVideosValidator = [ - body('data').custom(isEachRemoteRequestVideosValid), + body('data').custom(isArray), (req: express.Request, res: express.Response, next: express.NextFunction) => { logger.debug('Checking remoteVideos parameters', { parameters: req.body }) - checkErrors(req, res, next) + checkErrors(req, res, () => { + removeBadRequestVideos(req.body.data) + + return next() + }) } ] const remoteQaduVideosValidator = [ - body('data').custom(isEachRemoteRequestVideosQaduValid), + body('data').custom(isArray), (req: express.Request, res: express.Response, next: express.NextFunction) => { logger.debug('Checking remoteQaduVideos parameters', { parameters: req.body }) - checkErrors(req, res, next) + checkErrors(req, res, () => { + removeBadRequestVideosQadu(req.body.data) + + return next() + }) } ] const remoteEventsVideosValidator = [ - body('data').custom(isEachRemoteRequestVideosEventsValid), + body('data').custom(isArray), (req: express.Request, res: express.Response, next: express.NextFunction) => { logger.debug('Checking remoteEventsVideos parameters', { parameters: req.body }) - checkErrors(req, res, next) + checkErrors(req, res, () => { + removeBadRequestVideosEvents(req.body.data) + + return next() + }) } ] -- cgit v1.2.3