Improve video torrent AP object validator

author Chocobozzz <me@florianbigard.com>

Wed, 9 May 2018 14:16:22 +0000 (16:16 +0200)

committer Chocobozzz <me@florianbigard.com>

Fri, 11 May 2018 06:48:20 +0000 (08:48 +0200)
author Chocobozzz <me@florianbigard.com>
Wed, 9 May 2018 14:16:22 +0000 (16:16 +0200)
committer Chocobozzz <me@florianbigard.com>
Fri, 11 May 2018 06:48:20 +0000 (08:48 +0200)
diff --git a/server/helpers/custom-validators/activitypub/activity.ts b/server/helpers/custom-validators/activitypub/activity.ts

index 7e4dccefbceca5d2ee4dc10af9ffd9175b65db3a..cabedaf201592bb6a8e7fdbe0af802e4e6f21e07 100644 (file)
--- a/server/helpers/custom-validators/activitypub/activity.ts
+++ b/server/helpers/custom-validators/activitypub/activity.ts
@@ -11,9 +11,9 @@ import { isUndoActivityValid } from './undo'
  import { isVideoCommentCreateActivityValid, isVideoCommentDeleteActivityValid } from './video-comments'
  import {
    isVideoFlagValid,
-  isVideoTorrentCreateActivityValid,
+  sanitizeAndCheckVideoTorrentCreateActivity,
    isVideoTorrentDeleteActivityValid,
-  isVideoTorrentUpdateActivityValid
+  sanitizeAndCheckVideoTorrentUpdateActivity
  } from './videos'
  import { isViewActivityValid } from './view'
  
@@ -62,13 +62,13 @@ export {
  function checkCreateActivity (activity: any) {
    return isViewActivityValid(activity) ||
      isDislikeActivityValid(activity) ||
-    isVideoTorrentCreateActivityValid(activity) ||
+    sanitizeAndCheckVideoTorrentCreateActivity(activity) ||
      isVideoFlagValid(activity) ||
      isVideoCommentCreateActivityValid(activity)
  }
  
  function checkUpdateActivity (activity: any) {
-  return isVideoTorrentUpdateActivityValid(activity) ||
+  return sanitizeAndCheckVideoTorrentUpdateActivity(activity) ||
      isActorUpdateActivityValid(activity)
  }
  
diff --git a/server/helpers/custom-validators/activitypub/videos.ts b/server/helpers/custom-validators/activitypub/videos.ts

index 8ec7df49a4610273a6b68fd5e72f8aec77d78501..0d2e8766d6d98bb7599cce95a3692678ddd647c6 100644 (file)
--- a/server/helpers/custom-validators/activitypub/videos.ts
+++ b/server/helpers/custom-validators/activitypub/videos.ts
@@ -12,14 +12,14 @@ import {
  } from '../videos'
  import { isActivityPubUrlValid, isBaseActivityValid, setValidAttributedTo } from './misc'
  
-function isVideoTorrentCreateActivityValid (activity: any) {
+function sanitizeAndCheckVideoTorrentCreateActivity (activity: any) {
    return isBaseActivityValid(activity, 'Create') &&
-    isVideoTorrentObjectValid(activity.object)
+    sanitizeAndCheckVideoTorrentObject(activity.object)
  }
  
-function isVideoTorrentUpdateActivityValid (activity: any) {
+function sanitizeAndCheckVideoTorrentUpdateActivity (activity: any) {
    return isBaseActivityValid(activity, 'Update') &&
-    isVideoTorrentObjectValid(activity.object)
+    sanitizeAndCheckVideoTorrentObject(activity.object)
  }
  
  function isVideoTorrentDeleteActivityValid (activity: any) {
@@ -42,13 +42,17 @@ function isActivityPubVideoDurationValid (value: string) {
      isVideoDurationValid(value.replace(/[^0-9]+/g, ''))
  }
  
-function isVideoTorrentObjectValid (video: any) {
+function sanitizeAndCheckVideoTorrentObject (video: any) {
+  if (!setValidRemoteTags(video)) return false
+  if (!setValidRemoteVideoUrls(video)) return false
+  if (!setRemoteVideoTruncatedContent(video)) return false
+  if (!setValidAttributedTo(video)) return false
+
    return video.type === 'Video' &&
      isActivityPubUrlValid(video.id) &&
      isVideoNameValid(video.name) &&
      isActivityPubVideoDurationValid(video.duration) &&
      isUUIDValid(video.uuid) &&
-    setValidRemoteTags(video) &&
      (!video.category || isRemoteNumberIdentifierValid(video.category)) &&
      (!video.licence || isRemoteNumberIdentifierValid(video.licence)) &&
      (!video.language || isRemoteStringIdentifierValid(video.language)) &&
@@ -57,24 +61,21 @@ function isVideoTorrentObjectValid (video: any) {
      isBooleanValid(video.commentsEnabled) &&
      isDateValid(video.published) &&
      isDateValid(video.updated) &&
-    setRemoteVideoTruncatedContent(video) &&
      (!video.content || isRemoteVideoContentValid(video.mediaType, video.content)) &&
      isRemoteVideoIconValid(video.icon) &&
-    setValidRemoteVideoUrls(video) &&
      video.url.length !== 0 &&
-    setValidAttributedTo(video) &&
      video.attributedTo.length !== 0
  }
  
  // ---------------------------------------------------------------------------
  
  export {
-  isVideoTorrentCreateActivityValid,
-  isVideoTorrentUpdateActivityValid,
+  sanitizeAndCheckVideoTorrentCreateActivity,
+  sanitizeAndCheckVideoTorrentUpdateActivity,
    isVideoTorrentDeleteActivityValid,
    isRemoteStringIdentifierValid,
    isVideoFlagValid,
-  isVideoTorrentObjectValid
+  sanitizeAndCheckVideoTorrentObject
  }
  
  // ---------------------------------------------------------------------------
diff --git a/server/lib/activitypub/videos.ts b/server/lib/activitypub/videos.ts

index 7cb1fe24028f09543ed492baa29c795d88bb2385..b81acbb35b102baf27f976a6c0f44a245f49be39 100644 (file)
--- a/server/lib/activitypub/videos.ts
+++ b/server/lib/activitypub/videos.ts
@@ -5,7 +5,7 @@ import * as request from 'request'
  import { ActivityIconObject } from '../../../shared/index'
  import { VideoTorrentObject } from '../../../shared/models/activitypub/objects'
  import { VideoPrivacy, VideoRateType } from '../../../shared/models/videos'
-import { isVideoTorrentObjectValid } from '../../helpers/custom-validators/activitypub/videos'
+import { sanitizeAndCheckVideoTorrentObject } from '../../helpers/custom-validators/activitypub/videos'
  import { isVideoFileInfoHashValid } from '../../helpers/custom-validators/videos'
  import { retryTransactionWrapper } from '../../helpers/database-utils'
  import { logger } from '../../helpers/logger'
@@ -317,7 +317,7 @@ async function fetchRemoteVideo (videoUrl: string): Promise<VideoTorrentObject>
  
    const { body } = await doRequest(options)
  
-  if (isVideoTorrentObjectValid(body) === false) {
+  if (sanitizeAndCheckVideoTorrentObject(body) === false) {
      logger.debug('Remote video JSON is not valid.', { body })
      return undefined
    }
diff --git a/server/middlewares/validators/activitypub/activity.ts b/server/middlewares/validators/activitypub/activity.ts

index 4aace4c8e6f7bc60b93c4145e78aed10989955a7..3f9057c0c395288ac838e03681524ee0281a9c0f 100644 (file)
--- a/server/middlewares/validators/activitypub/activity.ts
+++ b/server/middlewares/validators/activitypub/activity.ts
@@ -1,10 +1,8 @@
  import * as express from 'express'
-import { body } from 'express-validator/check'
  import { isRootActivityValid } from '../../../helpers/custom-validators/activitypub/activity'
  import { logger } from '../../../helpers/logger'
  import { getServerActor } from '../../../helpers/utils'
  import { ActorModel } from '../../../models/activitypub/actor'
-import { areValidationErrors } from '../utils'
  
  async function activityPubValidator (req: express.Request, res: express.Response, next: express.NextFunction) {
    logger.debug('Checking activity pub parameters')
author	Chocobozzz <me@florianbigard.com>
	Wed, 9 May 2018 14:16:22 +0000 (16:16 +0200)
committer	Chocobozzz <me@florianbigard.com>
	Fri, 11 May 2018 06:48:20 +0000 (08:48 +0200)
server/helpers/custom-validators/activitypub/activity.ts		patch \| blob \| history
server/helpers/custom-validators/activitypub/videos.ts		patch \| blob \| history
server/lib/activitypub/videos.ts		patch \| blob \| history
server/middlewares/validators/activitypub/activity.ts		patch \| blob \| history