From d1c0a964a214e861f1106e69c62b1aec1b3d55a9 Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Thu, 22 Aug 2019 09:41:49 +0200 Subject: Relax plugin package.json validation --- server/helpers/custom-validators/plugins.ts | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'server') diff --git a/server/helpers/custom-validators/plugins.ts b/server/helpers/custom-validators/plugins.ts index b5e32abc2..63af91a44 100644 --- a/server/helpers/custom-validators/plugins.ts +++ b/server/helpers/custom-validators/plugins.ts @@ -41,7 +41,11 @@ function isPluginEngineValid (engine: any) { } function isPluginHomepage (value: string) { - return isUrlValid(value) + return exists(value) && (!value || isUrlValid(value)) +} + +function isPluginBugs (value: string) { + return exists(value) && (!value || isUrlValid(value)) } function areStaticDirectoriesValid (staticDirs: any) { @@ -85,7 +89,7 @@ function isPackageJSONValid (packageJSON: PluginPackageJson, pluginType: PluginT isPluginEngineValid(packageJSON.engine) && isPluginHomepage(packageJSON.homepage) && exists(packageJSON.author) && - isUrlValid(packageJSON.bugs) && + isPluginBugs(packageJSON.bugs) && (pluginType === PluginType.THEME || isSafePath(packageJSON.library)) && areStaticDirectoriesValid(packageJSON.staticDirs) && areCSSPathsValid(packageJSON.css) && -- cgit v1.2.3 From 7c58378a57a1540534b9fc47bf06c9f64a1ebc6b Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Thu, 22 Aug 2019 10:22:01 +0200 Subject: email object -> email subject --- server/initializers/checker-before-init.ts | 2 +- server/initializers/config.ts | 4 ++-- server/lib/emailer.ts | 34 +++++++++++++++--------------- 3 files changed, 20 insertions(+), 20 deletions(-) (limited to 'server') diff --git a/server/initializers/checker-before-init.ts b/server/initializers/checker-before-init.ts index 55bc820f5..a986c3e0e 100644 --- a/server/initializers/checker-before-init.ts +++ b/server/initializers/checker-before-init.ts @@ -11,7 +11,7 @@ function checkMissedConfig () { 'trust_proxy', 'database.hostname', 'database.port', 'database.suffix', 'database.username', 'database.password', 'database.pool.max', 'smtp.hostname', 'smtp.port', 'smtp.username', 'smtp.password', 'smtp.tls', 'smtp.from_address', - 'email.body.signature', 'email.object.prefix', + 'email.body.signature', 'email.subject.prefix', 'storage.avatars', 'storage.videos', 'storage.logs', 'storage.previews', 'storage.thumbnails', 'storage.torrents', 'storage.cache', 'storage.redundancy', 'storage.tmp', 'storage.streaming_playlists', 'storage.plugins', 'log.level', diff --git a/server/initializers/config.ts b/server/initializers/config.ts index 58241e4ea..510f7d64d 100644 --- a/server/initializers/config.ts +++ b/server/initializers/config.ts @@ -48,8 +48,8 @@ const CONFIG = { BODY: { SIGNATURE: config.get('email.body.signature') }, - OBJECT: { - PREFIX: config.get('email.object.prefix') + ' ' + SUBJECT: { + PREFIX: config.get('email.subject.prefix') + ' ' } }, STORAGE: { diff --git a/server/lib/emailer.ts b/server/lib/emailer.ts index 73c2bcb1b..10e7d0479 100644 --- a/server/lib/emailer.ts +++ b/server/lib/emailer.ts @@ -104,7 +104,7 @@ class Emailer { const emailPayload: EmailPayload = { to, - subject: CONFIG.EMAIL.OBJECT.PREFIX + channelName + ' just published a new video', + subject: CONFIG.EMAIL.SUBJECT.PREFIX + channelName + ' just published a new video', text } @@ -123,7 +123,7 @@ class Emailer { const emailPayload: EmailPayload = { to, - subject: CONFIG.EMAIL.OBJECT.PREFIX + 'New follower on your channel ' + followingName, + subject: CONFIG.EMAIL.SUBJECT.PREFIX + 'New follower on your channel ' + followingName, text } @@ -141,7 +141,7 @@ class Emailer { const emailPayload: EmailPayload = { to, - subject: CONFIG.EMAIL.OBJECT.PREFIX + 'New instance follower', + subject: CONFIG.EMAIL.SUBJECT.PREFIX + 'New instance follower', text } @@ -161,7 +161,7 @@ class Emailer { const emailPayload: EmailPayload = { to, - subject: CONFIG.EMAIL.OBJECT.PREFIX + `Your video ${video.name} is published`, + subject: CONFIG.EMAIL.SUBJECT.PREFIX + `Your video ${video.name} is published`, text } @@ -181,7 +181,7 @@ class Emailer { const emailPayload: EmailPayload = { to, - subject: CONFIG.EMAIL.OBJECT.PREFIX + `Your video import ${videoImport.getTargetIdentifier()} is finished`, + subject: CONFIG.EMAIL.SUBJECT.PREFIX + `Your video import ${videoImport.getTargetIdentifier()} is finished`, text } @@ -201,7 +201,7 @@ class Emailer { const emailPayload: EmailPayload = { to, - subject: CONFIG.EMAIL.OBJECT.PREFIX + `Your video import ${videoImport.getTargetIdentifier()} encountered an error`, + subject: CONFIG.EMAIL.SUBJECT.PREFIX + `Your video import ${videoImport.getTargetIdentifier()} encountered an error`, text } @@ -223,7 +223,7 @@ class Emailer { const emailPayload: EmailPayload = { to, - subject: CONFIG.EMAIL.OBJECT.PREFIX + 'New comment on your video ' + video.name, + subject: CONFIG.EMAIL.SUBJECT.PREFIX + 'New comment on your video ' + video.name, text } @@ -245,7 +245,7 @@ class Emailer { const emailPayload: EmailPayload = { to, - subject: CONFIG.EMAIL.OBJECT.PREFIX + 'Mention on video ' + video.name, + subject: CONFIG.EMAIL.SUBJECT.PREFIX + 'Mention on video ' + video.name, text } @@ -262,7 +262,7 @@ class Emailer { const emailPayload: EmailPayload = { to, - subject: CONFIG.EMAIL.OBJECT.PREFIX + 'Received a video abuse', + subject: CONFIG.EMAIL.SUBJECT.PREFIX + 'Received a video abuse', text } @@ -285,7 +285,7 @@ class Emailer { const emailPayload: EmailPayload = { to, - subject: CONFIG.EMAIL.OBJECT.PREFIX + 'An auto-blacklisted video is awaiting review', + subject: CONFIG.EMAIL.SUBJECT.PREFIX + 'An auto-blacklisted video is awaiting review', text } @@ -300,7 +300,7 @@ class Emailer { const emailPayload: EmailPayload = { to, - subject: CONFIG.EMAIL.OBJECT.PREFIX + 'New user registration on ' + WEBSERVER.HOST, + subject: CONFIG.EMAIL.SUBJECT.PREFIX + 'New user registration on ' + WEBSERVER.HOST, text } @@ -322,7 +322,7 @@ class Emailer { const emailPayload: EmailPayload = { to, - subject: CONFIG.EMAIL.OBJECT.PREFIX + `Video ${videoName} blacklisted`, + subject: CONFIG.EMAIL.SUBJECT.PREFIX + `Video ${videoName} blacklisted`, text } @@ -340,7 +340,7 @@ class Emailer { const emailPayload: EmailPayload = { to, - subject: CONFIG.EMAIL.OBJECT.PREFIX + `Video ${video.name} unblacklisted`, + subject: CONFIG.EMAIL.SUBJECT.PREFIX + `Video ${video.name} unblacklisted`, text } @@ -357,7 +357,7 @@ class Emailer { const emailPayload: EmailPayload = { to: [ to ], - subject: CONFIG.EMAIL.OBJECT.PREFIX + 'Reset your password', + subject: CONFIG.EMAIL.SUBJECT.PREFIX + 'Reset your password', text } @@ -374,7 +374,7 @@ class Emailer { const emailPayload: EmailPayload = { to: [ to ], - subject: CONFIG.EMAIL.OBJECT.PREFIX + 'Verify your email', + subject: CONFIG.EMAIL.SUBJECT.PREFIX + 'Verify your email', text } @@ -395,7 +395,7 @@ class Emailer { const to = user.email const emailPayload: EmailPayload = { to: [ to ], - subject: CONFIG.EMAIL.OBJECT.PREFIX + 'Account ' + blockedWord, + subject: CONFIG.EMAIL.SUBJECT.PREFIX + 'Account ' + blockedWord, text } @@ -415,7 +415,7 @@ class Emailer { fromDisplayName: fromEmail, replyTo: fromEmail, to: [ CONFIG.ADMIN.EMAIL ], - subject: CONFIG.EMAIL.OBJECT.PREFIX + subject, + subject: CONFIG.EMAIL.SUBJECT.PREFIX + subject, text } -- cgit v1.2.3 From 015d9dec91ecb7a17e4e79407d187aac8a19206d Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Thu, 22 Aug 2019 10:33:22 +0200 Subject: Fix socket notification with multiple user tabs --- server/lib/peertube-socket.ts | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) (limited to 'server') diff --git a/server/lib/peertube-socket.ts b/server/lib/peertube-socket.ts index eb84ecd4b..17748fd18 100644 --- a/server/lib/peertube-socket.ts +++ b/server/lib/peertube-socket.ts @@ -8,7 +8,7 @@ class PeerTubeSocket { private static instance: PeerTubeSocket - private userNotificationSockets: { [ userId: number ]: SocketIO.Socket } = {} + private userNotificationSockets: { [ userId: number ]: SocketIO.Socket[] } = {} private constructor () {} @@ -22,22 +22,26 @@ class PeerTubeSocket { logger.debug('User %d connected on the notification system.', userId) - this.userNotificationSockets[userId] = socket + if (!this.userNotificationSockets[userId]) this.userNotificationSockets[userId] = [] + + this.userNotificationSockets[userId].push(socket) socket.on('disconnect', () => { logger.debug('User %d disconnected from SocketIO notifications.', userId) - delete this.userNotificationSockets[userId] + this.userNotificationSockets[userId] = this.userNotificationSockets[userId].filter(s => s !== socket) }) }) } sendNotification (userId: number, notification: UserNotificationModel) { - const socket = this.userNotificationSockets[userId] + const sockets = this.userNotificationSockets[userId] - if (!socket) return + if (!sockets) return - socket.emit('new-notification', notification.toFormattedJSON()) + for (const socket of sockets) { + socket.emit('new-notification', notification.toFormattedJSON()) + } } static get Instance () { -- cgit v1.2.3 From dea16773dfcc4e38e48c2980731af6e2a17a7aa6 Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Thu, 22 Aug 2019 10:59:14 +0200 Subject: Fix user creation by moderators --- server/middlewares/validators/users.ts | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) (limited to 'server') diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts index 16d297047..8ee2ec1f5 100644 --- a/server/middlewares/validators/users.ts +++ b/server/middlewares/validators/users.ts @@ -38,7 +38,9 @@ const usersAddValidator = [ body('email').isEmail().withMessage('Should have a valid email'), body('videoQuota').custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'), body('videoQuotaDaily').custom(isUserVideoQuotaDailyValid).withMessage('Should have a valid daily user quota'), - body('role').custom(isUserRoleValid).withMessage('Should have a valid role'), + body('role') + .customSanitizer(toIntOrNull) + .custom(isUserRoleValid).withMessage('Should have a valid role'), body('adminFlags').optional().custom(isUserAdminFlagsValid).withMessage('Should have a valid admin flags'), async (req: express.Request, res: express.Response, next: express.NextFunction) => { @@ -50,7 +52,7 @@ const usersAddValidator = [ const authUser = res.locals.oauth.token.User if (authUser.role !== UserRole.ADMINISTRATOR && req.body.role !== UserRole.USER) { return res.status(403) - .json({ error: 'You can only create users (and not administrators or moderators' }) + .json({ error: 'You can only create users (and not administrators or moderators)' }) } return next() @@ -160,7 +162,10 @@ const usersUpdateValidator = [ body('emailVerified').optional().isBoolean().withMessage('Should have a valid email verified attribute'), body('videoQuota').optional().custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'), body('videoQuotaDaily').optional().custom(isUserVideoQuotaDailyValid).withMessage('Should have a valid daily user quota'), - body('role').optional().custom(isUserRoleValid).withMessage('Should have a valid role'), + body('role') + .optional() + .customSanitizer(toIntOrNull) + .custom(isUserRoleValid).withMessage('Should have a valid role'), body('adminFlags').optional().custom(isUserAdminFlagsValid).withMessage('Should have a valid admin flags'), async (req: express.Request, res: express.Response, next: express.NextFunction) => { -- cgit v1.2.3 From 217ffacfdde0972a3ee4e2db152e1710139b4ec4 Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Thu, 22 Aug 2019 11:03:50 +0200 Subject: Try to fix video duplication --- server/lib/schedulers/videos-redundancy-scheduler.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'server') diff --git a/server/lib/schedulers/videos-redundancy-scheduler.ts b/server/lib/schedulers/videos-redundancy-scheduler.ts index 04f601bfb..cd70fd851 100644 --- a/server/lib/schedulers/videos-redundancy-scheduler.ts +++ b/server/lib/schedulers/videos-redundancy-scheduler.ts @@ -185,7 +185,7 @@ export class VideosRedundancyScheduler extends AbstractScheduler { const tmpPath = await downloadWebTorrentVideo({ magnetUri }, VIDEO_IMPORT_TIMEOUT) const destPath = join(CONFIG.STORAGE.REDUNDANCY_DIR, video.getVideoFilename(file)) - await move(tmpPath, destPath) + await move(tmpPath, destPath, { overwrite: true }) const createdModel = await VideoRedundancyModel.create({ expiresOn: this.buildNewExpiration(redundancy.minLifetime), -- cgit v1.2.3 From ebe7f5872617311e33dbca1f7f0d2556932c01a0 Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Thu, 22 Aug 2019 11:14:01 +0200 Subject: Fix image and plugin CSP --- server/middlewares/csp.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'server') diff --git a/server/middlewares/csp.ts b/server/middlewares/csp.ts index d484b3021..d11d70790 100644 --- a/server/middlewares/csp.ts +++ b/server/middlewares/csp.ts @@ -7,8 +7,8 @@ const baseDirectives = Object.assign({}, connectSrc: ['*', 'data:'], mediaSrc: ["'self'", 'https:', 'blob:'], fontSrc: ["'self'", 'data:'], - imgSrc: ["'self'", 'data:'], - scriptSrc: ["'self' 'unsafe-inline' 'unsafe-eval'"], + imgSrc: ["'self'", 'data:', 'blob:'], + scriptSrc: ["'self' 'unsafe-inline' 'unsafe-eval'", 'blob:'], styleSrc: ["'self' 'unsafe-inline'"], objectSrc: ["'none'"], // only define to allow plugins, else let defaultSrc 'none' block it formAction: ["'self'"], -- cgit v1.2.3