PeerTube/server/helpers/custom-validators/activitypub/actor.ts

import validator from 'validator'
import { CONSTRAINTS_FIELDS } from '../../../initializers/constants'
import { exists, isArray } from '../misc'
import { isActivityPubUrlValid, isBaseActivityValid, setValidAttributedTo } from './misc'
import { isHostValid } from '../servers'
import { peertubeTruncate } from '@server/helpers/core-utils'

function isActorEndpointsObjectValid (endpointObject: any) {
  if (endpointObject?.sharedInbox) {
    return isActivityPubUrlValid(endpointObject.sharedInbox)
  }

  // Shared inbox is optional
  return true
}

function isActorPublicKeyObjectValid (publicKeyObject: any) {
  return isActivityPubUrlValid(publicKeyObject.id) &&
    isActivityPubUrlValid(publicKeyObject.owner) &&
    isActorPublicKeyValid(publicKeyObject.publicKeyPem)
}

function isActorTypeValid (type: string) {
  return type === 'Person' || type === 'Application' || type === 'Group' || type === 'Service' || type === 'Organization'
}

function isActorPublicKeyValid (publicKey: string) {
  return exists(publicKey) &&
    typeof publicKey === 'string' &&
    publicKey.startsWith('-----BEGIN PUBLIC KEY-----') &&
    publicKey.includes('-----END PUBLIC KEY-----') &&
    validator.isLength(publicKey, CONSTRAINTS_FIELDS.ACTORS.PUBLIC_KEY)
}

const actorNameAlphabet = '[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789\\-_.:]'
const actorNameRegExp = new RegExp(`^${actorNameAlphabet}+$`)
function isActorPreferredUsernameValid (preferredUsername: string) {
  return exists(preferredUsername) && validator.matches(preferredUsername, actorNameRegExp)
}

function isActorPrivateKeyValid (privateKey: string) {
  return exists(privateKey) &&
    typeof privateKey === 'string' &&
    privateKey.startsWith('-----BEGIN RSA PRIVATE KEY-----') &&
    // Sometimes there is a \n at the end, so just assert the string contains the end mark
    privateKey.includes('-----END RSA PRIVATE KEY-----') &&
    validator.isLength(privateKey, CONSTRAINTS_FIELDS.ACTORS.PRIVATE_KEY)
}

function isActorObjectValid (actor: any) {
  return exists(actor) &&
    isActivityPubUrlValid(actor.id) &&
    isActorTypeValid(actor.type) &&
    isActivityPubUrlValid(actor.inbox) &&
    isActorPreferredUsernameValid(actor.preferredUsername) &&
    isActivityPubUrlValid(actor.url) &&
    isActorPublicKeyObjectValid(actor.publicKey) &&
    isActorEndpointsObjectValid(actor.endpoints) &&

    (!actor.outbox || isActivityPubUrlValid(actor.outbox)) &&
    (!actor.following || isActivityPubUrlValid(actor.following)) &&
    (!actor.followers || isActivityPubUrlValid(actor.followers)) &&

    setValidAttributedTo(actor) &&
    setValidDescription(actor) &&
    // If this is a group (a channel), it should be attributed to an account
    // In PeerTube we use this to attach a video channel to a specific account
    (actor.type !== 'Group' || actor.attributedTo.length !== 0)
}

function isActorFollowingCountValid (value: string) {
  return exists(value) && validator.isInt('' + value, { min: 0 })
}

function isActorFollowersCountValid (value: string) {
  return exists(value) && validator.isInt('' + value, { min: 0 })
}

function isActorDeleteActivityValid (activity: any) {
  return isBaseActivityValid(activity, 'Delete')
}

function sanitizeAndCheckActorObject (object: any) {
  normalizeActor(object)

  return isActorObjectValid(object)
}

function normalizeActor (actor: any) {
  if (!actor) return

  if (!actor.url) {
    actor.url = actor.id
  } else if (typeof actor.url !== 'string') {
    actor.url = actor.url.href || actor.url.url
  }

  if (actor.summary && typeof actor.summary === 'string') {
    actor.summary = peertubeTruncate(actor.summary, { length: CONSTRAINTS_FIELDS.USERS.DESCRIPTION.max })

    if (actor.summary.length < CONSTRAINTS_FIELDS.USERS.DESCRIPTION.min) {
      actor.summary = null
    }
  }
}

function isValidActorHandle (handle: string) {
  if (!exists(handle)) return false

  const parts = handle.split('@')
  if (parts.length !== 2) return false

  return isHostValid(parts[1])
}

function areValidActorHandles (handles: string[]) {
  return isArray(handles) && handles.every(h => isValidActorHandle(h))
}

function setValidDescription (obj: any) {
  if (!obj.summary) obj.summary = null

  return true
}

// ---------------------------------------------------------------------------

export {
  normalizeActor,
  actorNameAlphabet,
  areValidActorHandles,
  isActorEndpointsObjectValid,
  isActorPublicKeyObjectValid,
  isActorTypeValid,
  isActorPublicKeyValid,
  isActorPreferredUsernameValid,
  isActorPrivateKeyValid,
  isActorObjectValid,
  isActorFollowingCountValid,
  isActorFollowersCountValid,
  isActorDeleteActivityValid,
  sanitizeAndCheckActorObject,
  isValidActorHandle
}
Update validator dependency 2020-01-07 14:56:07 +01:00			`import validator from 'validator'`
Don't expose constants directly in initializers/ 2019-04-11 14:26:41 +02:00			`import { CONSTRAINTS_FIELDS } from '../../../initializers/constants'`
Add ability to search video channels 2018-08-23 17:58:39 +02:00			`import { exists, isArray } from '../misc'`
Begin moving video channel to actor 2017-12-14 17:38:41 +01:00			`import { isActivityPubUrlValid, isBaseActivityValid, setValidAttributedTo } from './misc'`
Add subscriptions endpoints to REST API 2018-08-16 15:25:20 +02:00			`import { isHostValid } from '../servers'`
Fix federation issue with some actor descriptions 2019-10-21 09:48:21 +02:00			`import { peertubeTruncate } from '@server/helpers/core-utils'`
Save 2017-12-14 11:18:49 +01:00
			`function isActorEndpointsObjectValid (endpointObject: any) {`
Move to eslint 2020-01-31 16:56:52 +01:00			`if (endpointObject?.sharedInbox) {`
Fix federation with some actors That don't have a shared inbox, or a URL 2019-10-23 11:33:53 +02:00			`return isActivityPubUrlValid(endpointObject.sharedInbox)`
			`}`

			`// Shared inbox is optional`
			`return true`
Save 2017-12-14 11:18:49 +01:00			`}`

			`function isActorPublicKeyObjectValid (publicKeyObject: any) {`
			`return isActivityPubUrlValid(publicKeyObject.id) &&`
			`isActivityPubUrlValid(publicKeyObject.owner) &&`
			`isActorPublicKeyValid(publicKeyObject.publicKeyPem)`
			`}`

			`function isActorTypeValid (type: string) {`
Fix federation with some actors That don't have a shared inbox, or a URL 2019-10-23 11:33:53 +02:00			`return type === 'Person' \|\| type === 'Application' \|\| type === 'Group' \|\| type === 'Service' \|\| type === 'Organization'`
Save 2017-12-14 11:18:49 +01:00			`}`

			`function isActorPublicKeyValid (publicKey: string) {`
			`return exists(publicKey) &&`
			`typeof publicKey === 'string' &&`
			`publicKey.startsWith('-----BEGIN PUBLIC KEY-----') &&`
Update dependencies 2020-02-28 16:03:39 +01:00			`publicKey.includes('-----END PUBLIC KEY-----') &&`
Add avatar max size limit 2018-01-03 11:10:40 +01:00			`validator.isLength(publicKey, CONSTRAINTS_FIELDS.ACTORS.PUBLIC_KEY)`
Save 2017-12-14 11:18:49 +01:00			`}`

Handle reports from mastodon 2019-08-30 09:40:21 +02:00			`const actorNameAlphabet = '[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789\\-_.:]'`
Add new follow, mention and user registered notifs 2019-01-04 08:56:20 +01:00			const actorNameRegExp = new RegExp(`^${actorNameAlphabet}+$`)
Save 2017-12-14 11:18:49 +01:00			`function isActorPreferredUsernameValid (preferredUsername: string) {`
Status are sent to mastodon 2017-12-19 10:34:56 +01:00			`return exists(preferredUsername) && validator.matches(preferredUsername, actorNameRegExp)`
Begin moving video channel to actor 2017-12-14 17:38:41 +01:00			`}`

Save 2017-12-14 11:18:49 +01:00			`function isActorPrivateKeyValid (privateKey: string) {`
			`return exists(privateKey) &&`
			`typeof privateKey === 'string' &&`
			`privateKey.startsWith('-----BEGIN RSA PRIVATE KEY-----') &&`
Status are sent to mastodon 2017-12-19 10:34:56 +01:00			`// Sometimes there is a \n at the end, so just assert the string contains the end mark`
Update dependencies 2020-02-28 16:03:39 +01:00			`privateKey.includes('-----END RSA PRIVATE KEY-----') &&`
Add avatar max size limit 2018-01-03 11:10:40 +01:00			`validator.isLength(privateKey, CONSTRAINTS_FIELDS.ACTORS.PRIVATE_KEY)`
Save 2017-12-14 11:18:49 +01:00			`}`

Send account activitypub update events 2018-01-03 16:38:50 +01:00			`function isActorObjectValid (actor: any) {`
			`return exists(actor) &&`
			`isActivityPubUrlValid(actor.id) &&`
			`isActorTypeValid(actor.type) &&`
			`isActivityPubUrlValid(actor.inbox) &&`
			`isActorPreferredUsernameValid(actor.preferredUsername) &&`
			`isActivityPubUrlValid(actor.url) &&`
			`isActorPublicKeyObjectValid(actor.publicKey) &&`
			`isActorEndpointsObjectValid(actor.endpoints) &&`
Sanitize invalid actor description 2018-03-19 10:23:42 +01:00
Handle reports from mastodon 2019-08-30 09:40:21 +02:00			`(!actor.outbox \|\| isActivityPubUrlValid(actor.outbox)) &&`
			`(!actor.following \|\| isActivityPubUrlValid(actor.following)) &&`
			`(!actor.followers \|\| isActivityPubUrlValid(actor.followers)) &&`

			`setValidAttributedTo(actor) &&`
Don't reject accounts with empty description 2021-01-11 11:06:11 +01:00			`setValidDescription(actor) &&`
Handle reports from mastodon 2019-08-30 09:40:21 +02:00			`// If this is a group (a channel), it should be attributed to an account`
Begin moving video channel to actor 2017-12-14 17:38:41 +01:00			`// In PeerTube we use this to attach a video channel to a specific account`
Handle reports from mastodon 2019-08-30 09:40:21 +02:00			`(actor.type !== 'Group' \|\| actor.attributedTo.length !== 0)`
Save 2017-12-14 11:18:49 +01:00			`}`

			`function isActorFollowingCountValid (value: string) {`
			`return exists(value) && validator.isInt('' + value, { min: 0 })`
			`}`

			`function isActorFollowersCountValid (value: string) {`
			`return exists(value) && validator.isInt('' + value, { min: 0 })`
			`}`

			`function isActorDeleteActivityValid (activity: any) {`
			`return isBaseActivityValid(activity, 'Delete')`
			`}`

Prepare Dislike/Flag/View fixes For now we Create these activities, but we should just send them directly. This fix handles correctly direct Dislikes/Flags/Views, we'll implement the sending correctly these activities in the next peertube version 2019-01-15 11:14:12 +01:00			`function sanitizeAndCheckActorObject (object: any) {`
			`normalizeActor(object)`
Sanitize invalid actor description 2018-03-19 10:23:42 +01:00
Prepare Dislike/Flag/View fixes For now we Create these activities, but we should just send them directly. This fix handles correctly direct Dislikes/Flags/Views, we'll implement the sending correctly these activities in the next peertube version 2019-01-15 11:14:12 +01:00			`return isActorObjectValid(object)`
Send account activitypub update events 2018-01-03 16:38:50 +01:00			`}`

Move normalize functions in helpers 2018-05-11 15:55:39 +02:00			`function normalizeActor (actor: any) {`
Fix federation with some actors That don't have a shared inbox, or a URL 2019-10-23 11:33:53 +02:00			`if (!actor) return`
Move normalize functions in helpers 2018-05-11 15:55:39 +02:00
Fix federation with some actors That don't have a shared inbox, or a URL 2019-10-23 11:33:53 +02:00			`if (!actor.url) {`
			`actor.url = actor.id`
			`} else if (typeof actor.url !== 'string') {`
Move normalize functions in helpers 2018-05-11 15:55:39 +02:00			`actor.url = actor.url.href \|\| actor.url.url`
			`}`

			`if (actor.summary && typeof actor.summary === 'string') {`
Fix federation issue with some actor descriptions 2019-10-21 09:48:21 +02:00			`actor.summary = peertubeTruncate(actor.summary, { length: CONSTRAINTS_FIELDS.USERS.DESCRIPTION.max })`
Move normalize functions in helpers 2018-05-11 15:55:39 +02:00
			`if (actor.summary.length < CONSTRAINTS_FIELDS.USERS.DESCRIPTION.min) {`
			`actor.summary = null`
			`}`
			`}`
			`}`

Add subscriptions endpoints to REST API 2018-08-16 15:25:20 +02:00			`function isValidActorHandle (handle: string) {`
			`if (!exists(handle)) return false`

			`const parts = handle.split('@')`
			`if (parts.length !== 2) return false`

			`return isHostValid(parts[1])`
			`}`

Add ability to search video channels 2018-08-23 17:58:39 +02:00			`function areValidActorHandles (handles: string[]) {`
			`return isArray(handles) && handles.every(h => isValidActorHandle(h))`
			`}`

Don't reject accounts with empty description 2021-01-11 11:06:11 +01:00			`function setValidDescription (obj: any) {`
			`if (!obj.summary) obj.summary = null`

			`return true`
			`}`

Save 2017-12-14 11:18:49 +01:00			`// ---------------------------------------------------------------------------`

			`export {`
Move normalize functions in helpers 2018-05-11 15:55:39 +02:00			`normalizeActor,`
Add new follow, mention and user registered notifs 2019-01-04 08:56:20 +01:00			`actorNameAlphabet,`
Add ability to search video channels 2018-08-23 17:58:39 +02:00			`areValidActorHandles,`
Save 2017-12-14 11:18:49 +01:00			`isActorEndpointsObjectValid,`
			`isActorPublicKeyObjectValid,`
			`isActorTypeValid,`
			`isActorPublicKeyValid,`
			`isActorPreferredUsernameValid,`
			`isActorPrivateKeyValid,`
Send account activitypub update events 2018-01-03 16:38:50 +01:00			`isActorObjectValid,`
Save 2017-12-14 11:18:49 +01:00			`isActorFollowingCountValid,`
			`isActorFollowersCountValid,`
Begin moving video channel to actor 2017-12-14 17:38:41 +01:00			`isActorDeleteActivityValid,`
Prepare Dislike/Flag/View fixes For now we Create these activities, but we should just send them directly. This fix handles correctly direct Dislikes/Flags/Views, we'll implement the sending correctly these activities in the next peertube version 2019-01-15 11:14:12 +01:00			`sanitizeAndCheckActorObject,`
Add subscriptions endpoints to REST API 2018-08-16 15:25:20 +02:00			`isValidActorHandle`
Save 2017-12-14 11:18:49 +01:00			`}`