Do not host remote AP objects

pull/1345/head
Chocobozzz 2018-11-16 11:18:13 +01:00
parent 7373507fa8
commit 8d1fa36ad2
No known key found for this signature in database
GPG Key ID: 583A612D890159BE
4 changed files with 28 additions and 3 deletions

View File

@ -39,6 +39,7 @@ import {
import { VideoCaptionModel } from '../../models/video/video-caption'
import { videoRedundancyGetValidator } from '../../middlewares/validators/redundancy'
import { getServerActor } from '../../helpers/utils'
import { VideoRedundancyModel } from '../../models/redundancy/video-redundancy'
const activityPubClientRouter = express.Router()
@ -164,6 +165,8 @@ function getAccountVideoRate (rateType: VideoRateType) {
async function videoController (req: express.Request, res: express.Response, next: express.NextFunction) {
const video: VideoModel = res.locals.video
if (video.isOwned() === false) return res.redirect(video.url)
// We need captions to render AP object
video.VideoCaptions = await VideoCaptionModel.listVideoCaptions(video.id)
@ -180,6 +183,9 @@ async function videoController (req: express.Request, res: express.Response, nex
async function videoAnnounceController (req: express.Request, res: express.Response, next: express.NextFunction) {
const share = res.locals.videoShare as VideoShareModel
if (share.Actor.isOwned() === false) return res.redirect(share.url)
const { activity } = await buildAnnounceWithVideoAudience(share.Actor, share, res.locals.video, undefined)
return activityPubResponse(activityPubContextify(activity), res)
@ -252,6 +258,8 @@ async function videoChannelFollowingController (req: express.Request, res: expre
async function videoCommentController (req: express.Request, res: express.Response, next: express.NextFunction) {
const videoComment: VideoCommentModel = res.locals.videoComment
if (videoComment.isOwned() === false) return res.redirect(videoComment.url)
const threadParentComments = await VideoCommentModel.listThreadParentComments(videoComment, undefined)
const isPublic = true // Comments are always public
const audience = getAudience(videoComment.Account.Actor, isPublic)
@ -267,7 +275,9 @@ async function videoCommentController (req: express.Request, res: express.Respon
}
async function videoRedundancyController (req: express.Request, res: express.Response) {
const videoRedundancy = res.locals.videoRedundancy
const videoRedundancy: VideoRedundancyModel = res.locals.videoRedundancy
if (videoRedundancy.isOwned() === false) return res.redirect(videoRedundancy.url)
const serverActor = await getServerActor()
const audience = getAudience(serverActor)

View File

@ -19,6 +19,7 @@ function cacheRoute (lifetimeArg: string | number) {
logger.debug('No cached results for route %s.', req.originalUrl)
const sendSave = res.send.bind(res)
const redirectSave = res.redirect.bind(res)
res.send = (body) => {
if (res.statusCode >= 200 && res.statusCode < 400) {
@ -38,6 +39,12 @@ function cacheRoute (lifetimeArg: string | number) {
return sendSave(body)
}
res.redirect = url => {
done()
return redirectSave(url)
}
return next()
}

View File

@ -117,8 +117,7 @@ export class VideoRedundancyModel extends Model<VideoRedundancyModel> {
@BeforeDestroy
static async removeFile (instance: VideoRedundancyModel) {
// Not us
if (!instance.strategy) return
if (!instance.isOwned()) return
const videoFile = await VideoFileModel.loadWithVideo(instance.videoFileId)
@ -404,6 +403,10 @@ export class VideoRedundancyModel extends Model<VideoRedundancyModel> {
}))
}
isOwned () {
return !!this.strategy
}
toActivityPubObject (): CacheFileObject {
return {
id: this.url,

View File

@ -15,6 +15,7 @@ import {
userLogin
} from '../../utils'
import { checkBadCountPagination, checkBadSortPagination, checkBadStartPagination } from '../../utils/requests/check-api-params'
import { waitJobs } from '../../utils/server/jobs'
describe('Test user subscriptions API validators', function () {
const path = '/api/v1/users/me/subscriptions'
@ -141,6 +142,8 @@ describe('Test user subscriptions API validators', function () {
})
it('Should succeed with the correct parameters', async function () {
this.timeout(20000)
await makePostBodyRequest({
url: server.url,
path,
@ -148,6 +151,8 @@ describe('Test user subscriptions API validators', function () {
fields: { uri: 'user1_channel@localhost:9001' },
statusCodeExpected: 204
})
await waitJobs([ server ])
})
})