OpenCloud
/
PeerTube
mirror of https://github.com/Chocobozzz/PeerTube
1
0
Fork 0
Code Issues Releases Wiki Activity

Improve video torrent AP object validator

pull/559/head
Chocobozzz 2018-05-09 16:16:22 +02:00
parent a077482fb7
commit 1d6e5dfc37
No known key found for this signature in database
GPG Key ID: 583A612D890159BE
4 changed files with 19 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
server/helpers/custom-validators/activitypub/activity.ts
View File

@ -11,9 +11,9 @@ import { isUndoActivityValid } from './undo'
import { isVideoCommentCreateActivityValid, isVideoCommentDeleteActivityValid } from './video-comments'
import {
isVideoFlagValid,
isVideoTorrentCreateActivityValid,
sanitizeAndCheckVideoTorrentCreateActivity,
isVideoTorrentDeleteActivityValid,
isVideoTorrentUpdateActivityValid
sanitizeAndCheckVideoTorrentUpdateActivity
} from './videos'
import { isViewActivityValid } from './view'
@ -62,13 +62,13 @@ export {
function checkCreateActivity (activity: any) {
return isViewActivityValid(activity) ||
isDislikeActivityValid(activity) ||
isVideoTorrentCreateActivityValid(activity) ||
sanitizeAndCheckVideoTorrentCreateActivity(activity) ||
isVideoFlagValid(activity) ||
isVideoCommentCreateActivityValid(activity)
}
function checkUpdateActivity (activity: any) {
return isVideoTorrentUpdateActivityValid(activity) ||
return sanitizeAndCheckVideoTorrentUpdateActivity(activity) ||
isActorUpdateActivityValid(activity)
}

25
server/helpers/custom-validators/activitypub/videos.ts
View File

@ -12,14 +12,14 @@ import {
} from '../videos'
import { isActivityPubUrlValid, isBaseActivityValid, setValidAttributedTo } from './misc'
function isVideoTorrentCreateActivityValid (activity: any) {
function sanitizeAndCheckVideoTorrentCreateActivity (activity: any) {
return isBaseActivityValid(activity, 'Create') &&
isVideoTorrentObjectValid(activity.object)
sanitizeAndCheckVideoTorrentObject(activity.object)
}
function isVideoTorrentUpdateActivityValid (activity: any) {
function sanitizeAndCheckVideoTorrentUpdateActivity (activity: any) {
return isBaseActivityValid(activity, 'Update') &&
isVideoTorrentObjectValid(activity.object)
sanitizeAndCheckVideoTorrentObject(activity.object)
}
function isVideoTorrentDeleteActivityValid (activity: any) {
@ -42,13 +42,17 @@ function isActivityPubVideoDurationValid (value: string) {
isVideoDurationValid(value.replace(/[^0-9]+/g, ''))
}
function isVideoTorrentObjectValid (video: any) {
function sanitizeAndCheckVideoTorrentObject (video: any) {
if (!setValidRemoteTags(video)) return false
if (!setValidRemoteVideoUrls(video)) return false
if (!setRemoteVideoTruncatedContent(video)) return false
if (!setValidAttributedTo(video)) return false
return video.type === 'Video' &&
isActivityPubUrlValid(video.id) &&
isVideoNameValid(video.name) &&
isActivityPubVideoDurationValid(video.duration) &&
isUUIDValid(video.uuid) &&
setValidRemoteTags(video) &&
(!video.category || isRemoteNumberIdentifierValid(video.category)) &&
(!video.licence || isRemoteNumberIdentifierValid(video.licence)) &&
(!video.language || isRemoteStringIdentifierValid(video.language)) &&
@ -57,24 +61,21 @@ function isVideoTorrentObjectValid (video: any) {
isBooleanValid(video.commentsEnabled) &&
isDateValid(video.published) &&
isDateValid(video.updated) &&
setRemoteVideoTruncatedContent(video) &&
(!video.content || isRemoteVideoContentValid(video.mediaType, video.content)) &&
isRemoteVideoIconValid(video.icon) &&
setValidRemoteVideoUrls(video) &&
video.url.length !== 0 &&
setValidAttributedTo(video) &&
video.attributedTo.length !== 0
}
// ---------------------------------------------------------------------------
export {
isVideoTorrentCreateActivityValid,
isVideoTorrentUpdateActivityValid,
sanitizeAndCheckVideoTorrentCreateActivity,
sanitizeAndCheckVideoTorrentUpdateActivity,
isVideoTorrentDeleteActivityValid,
isRemoteStringIdentifierValid,
isVideoFlagValid,
isVideoTorrentObjectValid
sanitizeAndCheckVideoTorrentObject
}
// ---------------------------------------------------------------------------

4
server/lib/activitypub/videos.ts
View File

@ -5,7 +5,7 @@ import * as request from 'request'
import { ActivityIconObject } from '../../../shared/index'
import { VideoTorrentObject } from '../../../shared/models/activitypub/objects'
import { VideoPrivacy, VideoRateType } from '../../../shared/models/videos'
import { isVideoTorrentObjectValid } from '../../helpers/custom-validators/activitypub/videos'
import { sanitizeAndCheckVideoTorrentObject } from '../../helpers/custom-validators/activitypub/videos'
import { isVideoFileInfoHashValid } from '../../helpers/custom-validators/videos'
import { retryTransactionWrapper } from '../../helpers/database-utils'
import { logger } from '../../helpers/logger'
@ -317,7 +317,7 @@ async function fetchRemoteVideo (videoUrl: string): Promise<VideoTorrentObject>
const { body } = await doRequest(options)
if (isVideoTorrentObjectValid(body) === false) {
if (sanitizeAndCheckVideoTorrentObject(body) === false) {
logger.debug('Remote video JSON is not valid.', { body })
return undefined
}

2
server/middlewares/validators/activitypub/activity.ts
View File

@ -1,10 +1,8 @@
import * as express from 'express'
import { body } from 'express-validator/check'
import { isRootActivityValid } from '../../../helpers/custom-validators/activitypub/activity'
import { logger } from '../../../helpers/logger'
import { getServerActor } from '../../../helpers/utils'
import { ActorModel } from '../../../models/activitypub/actor'
import { areValidationErrors } from '../utils'
async function activityPubValidator (req: express.Request, res: express.Response, next: express.NextFunction) {
logger.debug('Checking activity pub parameters')