Improve AP validation for Notes

server/helpers/custom-validators/activitypub/video-comments.ts

@@ -1,16 +1,19 @@
 import * as validator from 'validator'
-import { ACTIVITY_PUB } from '../../../initializers'
+import { ACTIVITY_PUB, CONSTRAINTS_FIELDS } from '../../../initializers'
 import { exists, isArray, isDateValid } from '../misc'
 import { isActivityPubUrlValid, isBaseActivityValid } from './misc'
 
 function isVideoCommentCreateActivityValid (activity: any) {
   return isBaseActivityValid(activity, 'Create') &&
-    isVideoCommentObjectValid(activity.object)
+    sanitizeAndCheckVideoCommentObject(activity.object)
 }
 
-function isVideoCommentObjectValid (comment: any) {
-  return comment.type === 'Note' &&
-    isActivityPubUrlValid(comment.id) &&
+function sanitizeAndCheckVideoCommentObject (comment: any) {
+  if (comment.type !== 'Note') return false
+
+  normalizeComment(comment)
+
+  return isActivityPubUrlValid(comment.id) &&
     isCommentContentValid(comment.content) &&
     isActivityPubUrlValid(comment.inReplyTo) &&
     isDateValid(comment.published) &&
@@ -31,7 +34,7 @@ function isVideoCommentDeleteActivityValid (activity: any) {
 export {
   isVideoCommentCreateActivityValid,
   isVideoCommentDeleteActivityValid,
-  isVideoCommentObjectValid
+  sanitizeAndCheckVideoCommentObject
 }
 
 // ---------------------------------------------------------------------------
@@ -39,3 +42,13 @@ export {
 function isCommentContentValid (content: any) {
   return exists(content) && validator.isLength('' + content, { min: 1 })
 }
+
+function normalizeComment (comment: any) {
+  if (!comment) return
+
+  if (!comment.url || typeof comment.url !== 'string') {
+    comment.url = comment.url.href || comment.url.url
+  }
+
+  return
+}

server/helpers/custom-validators/activitypub/videos.ts

@@ -43,13 +43,14 @@ function isActivityPubVideoDurationValid (value: string) {
 }
 
 function sanitizeAndCheckVideoTorrentObject (video: any) {
+  if (video.type !== 'Video') return false
+
   if (!setValidRemoteTags(video)) return false
   if (!setValidRemoteVideoUrls(video)) return false
   if (!setRemoteVideoTruncatedContent(video)) return false
   if (!setValidAttributedTo(video)) return false
 
-  return video.type === 'Video' &&
-    isActivityPubUrlValid(video.id) &&
+  return isActivityPubUrlValid(video.id) &&
     isVideoNameValid(video.name) &&
     isActivityPubVideoDurationValid(video.duration) &&
     isUUIDValid(video.uuid) &&

server/lib/activitypub/video-comments.ts

@@ -1,5 +1,5 @@
 import { VideoCommentObject } from '../../../shared/models/activitypub/objects/video-comment-object'
-import { isVideoCommentObjectValid } from '../../helpers/custom-validators/activitypub/video-comments'
+import { sanitizeAndCheckVideoCommentObject } from '../../helpers/custom-validators/activitypub/video-comments'
 import { logger } from '../../helpers/logger'
 import { doRequest } from '../../helpers/requests'
 import { ACTIVITY_PUB } from '../../initializers'
@@ -52,7 +52,7 @@ async function addVideoComment (videoInstance: VideoModel, commentUrl: string) {
     activityPub: true
   })
 
-  if (isVideoCommentObjectValid(body) === false) {
+  if (sanitizeAndCheckVideoCommentObject(body) === false) {
     logger.debug('Remote video comment JSON is not valid.', { body })
     return undefined
   }
@@ -123,7 +123,7 @@ async function resolveThread (url: string, comments: VideoCommentModel[] = []) {
       activityPub: true
     })
 
-    if (isVideoCommentObjectValid(body) === false) {
+    if (sanitizeAndCheckVideoCommentObject(body) === false) {
       throw new Error('Remote video comment JSON is not valid :' + JSON.stringify(body))
     }