Improve AP validation for Notes

author Chocobozzz <me@florianbigard.com>

Fri, 11 May 2018 13:41:54 +0000 (15:41 +0200)

committer Chocobozzz <me@florianbigard.com>

Fri, 11 May 2018 13:41:54 +0000 (15:41 +0200)
author Chocobozzz <me@florianbigard.com>
Fri, 11 May 2018 13:41:54 +0000 (15:41 +0200)
committer Chocobozzz <me@florianbigard.com>
Fri, 11 May 2018 13:41:54 +0000 (15:41 +0200)
diff --git a/server/helpers/custom-validators/activitypub/video-comments.ts b/server/helpers/custom-validators/activitypub/video-comments.ts

index 7e8cfece27776bc45efd82dbd310786e138bd8b8..151d13075a8ced9bd3d43149010d39df29f25675 100644 (file)
--- a/server/helpers/custom-validators/activitypub/video-comments.ts
+++ b/server/helpers/custom-validators/activitypub/video-comments.ts
@@ -1,16 +1,19 @@
  import * as validator from 'validator'
-import { ACTIVITY_PUB } from '../../../initializers'
+import { ACTIVITY_PUB, CONSTRAINTS_FIELDS } from '../../../initializers'
  import { exists, isArray, isDateValid } from '../misc'
  import { isActivityPubUrlValid, isBaseActivityValid } from './misc'
  
  function isVideoCommentCreateActivityValid (activity: any) {
    return isBaseActivityValid(activity, 'Create') &&
-    isVideoCommentObjectValid(activity.object)
+    sanitizeAndCheckVideoCommentObject(activity.object)
  }
  
-function isVideoCommentObjectValid (comment: any) {
-  return comment.type === 'Note' &&
-    isActivityPubUrlValid(comment.id) &&
+function sanitizeAndCheckVideoCommentObject (comment: any) {
+  if (comment.type !== 'Note') return false
+
+  normalizeComment(comment)
+
+  return isActivityPubUrlValid(comment.id) &&
      isCommentContentValid(comment.content) &&
      isActivityPubUrlValid(comment.inReplyTo) &&
      isDateValid(comment.published) &&
@@ -31,7 +34,7 @@ function isVideoCommentDeleteActivityValid (activity: any) {
  export {
    isVideoCommentCreateActivityValid,
    isVideoCommentDeleteActivityValid,
-  isVideoCommentObjectValid
+  sanitizeAndCheckVideoCommentObject
  }
  
  // ---------------------------------------------------------------------------
@@ -39,3 +42,13 @@ export {
  function isCommentContentValid (content: any) {
    return exists(content) && validator.isLength('' + content, { min: 1 })
  }
+
+function normalizeComment (comment: any) {
+  if (!comment) return
+
+  if (!comment.url || typeof comment.url !== 'string') {
+    comment.url = comment.url.href || comment.url.url
+  }
+
+  return
+}
diff --git a/server/helpers/custom-validators/activitypub/videos.ts b/server/helpers/custom-validators/activitypub/videos.ts

index 0d2e8766d6d98bb7599cce95a3692678ddd647c6..7e1d57c347e40c21ecdddc7b362221ac3fb7dcd6 100644 (file)
--- a/server/helpers/custom-validators/activitypub/videos.ts
+++ b/server/helpers/custom-validators/activitypub/videos.ts
@@ -43,13 +43,14 @@ function isActivityPubVideoDurationValid (value: string) {
  }
  
  function sanitizeAndCheckVideoTorrentObject (video: any) {
+  if (video.type !== 'Video') return false
+
    if (!setValidRemoteTags(video)) return false
    if (!setValidRemoteVideoUrls(video)) return false
    if (!setRemoteVideoTruncatedContent(video)) return false
    if (!setValidAttributedTo(video)) return false
  
-  return video.type === 'Video' &&
-    isActivityPubUrlValid(video.id) &&
+  return isActivityPubUrlValid(video.id) &&
      isVideoNameValid(video.name) &&
      isActivityPubVideoDurationValid(video.duration) &&
      isUUIDValid(video.uuid) &&
diff --git a/server/lib/activitypub/video-comments.ts b/server/lib/activitypub/video-comments.ts

index 8ab0cdba4211de4615350eb76e9d0ba11ffe2fc4..60c9179a655c8108f3fe99284810c80504729a53 100644 (file)
--- a/server/lib/activitypub/video-comments.ts
+++ b/server/lib/activitypub/video-comments.ts
@@ -1,5 +1,5 @@
  import { VideoCommentObject } from '../../../shared/models/activitypub/objects/video-comment-object'
-import { isVideoCommentObjectValid } from '../../helpers/custom-validators/activitypub/video-comments'
+import { sanitizeAndCheckVideoCommentObject } from '../../helpers/custom-validators/activitypub/video-comments'
  import { logger } from '../../helpers/logger'
  import { doRequest } from '../../helpers/requests'
  import { ACTIVITY_PUB } from '../../initializers'
@@ -52,7 +52,7 @@ async function addVideoComment (videoInstance: VideoModel, commentUrl: string) {
      activityPub: true
    })
  
-  if (isVideoCommentObjectValid(body) === false) {
+  if (sanitizeAndCheckVideoCommentObject(body) === false) {
      logger.debug('Remote video comment JSON is not valid.', { body })
      return undefined
    }
@@ -123,7 +123,7 @@ async function resolveThread (url: string, comments: VideoCommentModel[] = []) {
        activityPub: true
      })
  
-    if (isVideoCommentObjectValid(body) === false) {
+    if (sanitizeAndCheckVideoCommentObject(body) === false) {
        throw new Error('Remote video comment JSON is not valid :' + JSON.stringify(body))
      }
author	Chocobozzz <me@florianbigard.com>
	Fri, 11 May 2018 13:41:54 +0000 (15:41 +0200)
committer	Chocobozzz <me@florianbigard.com>
	Fri, 11 May 2018 13:41:54 +0000 (15:41 +0200)
server/helpers/custom-validators/activitypub/video-comments.ts		patch \| blob \| history
server/helpers/custom-validators/activitypub/videos.ts		patch \| blob \| history
server/lib/activitypub/video-comments.ts		patch \| blob \| history