Improve video torrent AP object validator

This commit is contained in:
Chocobozzz 2018-05-09 16:16:22 +02:00
parent a077482fb7
commit 1d6e5dfc37
No known key found for this signature in database
GPG Key ID: 583A612D890159BE
4 changed files with 19 additions and 20 deletions

View File

@ -11,9 +11,9 @@ import { isUndoActivityValid } from './undo'
import { isVideoCommentCreateActivityValid, isVideoCommentDeleteActivityValid } from './video-comments' import { isVideoCommentCreateActivityValid, isVideoCommentDeleteActivityValid } from './video-comments'
import { import {
isVideoFlagValid, isVideoFlagValid,
isVideoTorrentCreateActivityValid, sanitizeAndCheckVideoTorrentCreateActivity,
isVideoTorrentDeleteActivityValid, isVideoTorrentDeleteActivityValid,
isVideoTorrentUpdateActivityValid sanitizeAndCheckVideoTorrentUpdateActivity
} from './videos' } from './videos'
import { isViewActivityValid } from './view' import { isViewActivityValid } from './view'
@ -62,13 +62,13 @@ export {
function checkCreateActivity (activity: any) { function checkCreateActivity (activity: any) {
return isViewActivityValid(activity) || return isViewActivityValid(activity) ||
isDislikeActivityValid(activity) || isDislikeActivityValid(activity) ||
isVideoTorrentCreateActivityValid(activity) || sanitizeAndCheckVideoTorrentCreateActivity(activity) ||
isVideoFlagValid(activity) || isVideoFlagValid(activity) ||
isVideoCommentCreateActivityValid(activity) isVideoCommentCreateActivityValid(activity)
} }
function checkUpdateActivity (activity: any) { function checkUpdateActivity (activity: any) {
return isVideoTorrentUpdateActivityValid(activity) || return sanitizeAndCheckVideoTorrentUpdateActivity(activity) ||
isActorUpdateActivityValid(activity) isActorUpdateActivityValid(activity)
} }

View File

@ -12,14 +12,14 @@ import {
} from '../videos' } from '../videos'
import { isActivityPubUrlValid, isBaseActivityValid, setValidAttributedTo } from './misc' import { isActivityPubUrlValid, isBaseActivityValid, setValidAttributedTo } from './misc'
function isVideoTorrentCreateActivityValid (activity: any) { function sanitizeAndCheckVideoTorrentCreateActivity (activity: any) {
return isBaseActivityValid(activity, 'Create') && return isBaseActivityValid(activity, 'Create') &&
isVideoTorrentObjectValid(activity.object) sanitizeAndCheckVideoTorrentObject(activity.object)
} }
function isVideoTorrentUpdateActivityValid (activity: any) { function sanitizeAndCheckVideoTorrentUpdateActivity (activity: any) {
return isBaseActivityValid(activity, 'Update') && return isBaseActivityValid(activity, 'Update') &&
isVideoTorrentObjectValid(activity.object) sanitizeAndCheckVideoTorrentObject(activity.object)
} }
function isVideoTorrentDeleteActivityValid (activity: any) { function isVideoTorrentDeleteActivityValid (activity: any) {
@ -42,13 +42,17 @@ function isActivityPubVideoDurationValid (value: string) {
isVideoDurationValid(value.replace(/[^0-9]+/g, '')) isVideoDurationValid(value.replace(/[^0-9]+/g, ''))
} }
function isVideoTorrentObjectValid (video: any) { function sanitizeAndCheckVideoTorrentObject (video: any) {
if (!setValidRemoteTags(video)) return false
if (!setValidRemoteVideoUrls(video)) return false
if (!setRemoteVideoTruncatedContent(video)) return false
if (!setValidAttributedTo(video)) return false
return video.type === 'Video' && return video.type === 'Video' &&
isActivityPubUrlValid(video.id) && isActivityPubUrlValid(video.id) &&
isVideoNameValid(video.name) && isVideoNameValid(video.name) &&
isActivityPubVideoDurationValid(video.duration) && isActivityPubVideoDurationValid(video.duration) &&
isUUIDValid(video.uuid) && isUUIDValid(video.uuid) &&
setValidRemoteTags(video) &&
(!video.category || isRemoteNumberIdentifierValid(video.category)) && (!video.category || isRemoteNumberIdentifierValid(video.category)) &&
(!video.licence || isRemoteNumberIdentifierValid(video.licence)) && (!video.licence || isRemoteNumberIdentifierValid(video.licence)) &&
(!video.language || isRemoteStringIdentifierValid(video.language)) && (!video.language || isRemoteStringIdentifierValid(video.language)) &&
@ -57,24 +61,21 @@ function isVideoTorrentObjectValid (video: any) {
isBooleanValid(video.commentsEnabled) && isBooleanValid(video.commentsEnabled) &&
isDateValid(video.published) && isDateValid(video.published) &&
isDateValid(video.updated) && isDateValid(video.updated) &&
setRemoteVideoTruncatedContent(video) &&
(!video.content || isRemoteVideoContentValid(video.mediaType, video.content)) && (!video.content || isRemoteVideoContentValid(video.mediaType, video.content)) &&
isRemoteVideoIconValid(video.icon) && isRemoteVideoIconValid(video.icon) &&
setValidRemoteVideoUrls(video) &&
video.url.length !== 0 && video.url.length !== 0 &&
setValidAttributedTo(video) &&
video.attributedTo.length !== 0 video.attributedTo.length !== 0
} }
// --------------------------------------------------------------------------- // ---------------------------------------------------------------------------
export { export {
isVideoTorrentCreateActivityValid, sanitizeAndCheckVideoTorrentCreateActivity,
isVideoTorrentUpdateActivityValid, sanitizeAndCheckVideoTorrentUpdateActivity,
isVideoTorrentDeleteActivityValid, isVideoTorrentDeleteActivityValid,
isRemoteStringIdentifierValid, isRemoteStringIdentifierValid,
isVideoFlagValid, isVideoFlagValid,
isVideoTorrentObjectValid sanitizeAndCheckVideoTorrentObject
} }
// --------------------------------------------------------------------------- // ---------------------------------------------------------------------------

View File

@ -5,7 +5,7 @@ import * as request from 'request'
import { ActivityIconObject } from '../../../shared/index' import { ActivityIconObject } from '../../../shared/index'
import { VideoTorrentObject } from '../../../shared/models/activitypub/objects' import { VideoTorrentObject } from '../../../shared/models/activitypub/objects'
import { VideoPrivacy, VideoRateType } from '../../../shared/models/videos' import { VideoPrivacy, VideoRateType } from '../../../shared/models/videos'
import { isVideoTorrentObjectValid } from '../../helpers/custom-validators/activitypub/videos' import { sanitizeAndCheckVideoTorrentObject } from '../../helpers/custom-validators/activitypub/videos'
import { isVideoFileInfoHashValid } from '../../helpers/custom-validators/videos' import { isVideoFileInfoHashValid } from '../../helpers/custom-validators/videos'
import { retryTransactionWrapper } from '../../helpers/database-utils' import { retryTransactionWrapper } from '../../helpers/database-utils'
import { logger } from '../../helpers/logger' import { logger } from '../../helpers/logger'
@ -317,7 +317,7 @@ async function fetchRemoteVideo (videoUrl: string): Promise<VideoTorrentObject>
const { body } = await doRequest(options) const { body } = await doRequest(options)
if (isVideoTorrentObjectValid(body) === false) { if (sanitizeAndCheckVideoTorrentObject(body) === false) {
logger.debug('Remote video JSON is not valid.', { body }) logger.debug('Remote video JSON is not valid.', { body })
return undefined return undefined
} }

View File

@ -1,10 +1,8 @@
import * as express from 'express' import * as express from 'express'
import { body } from 'express-validator/check'
import { isRootActivityValid } from '../../../helpers/custom-validators/activitypub/activity' import { isRootActivityValid } from '../../../helpers/custom-validators/activitypub/activity'
import { logger } from '../../../helpers/logger' import { logger } from '../../../helpers/logger'
import { getServerActor } from '../../../helpers/utils' import { getServerActor } from '../../../helpers/utils'
import { ActorModel } from '../../../models/activitypub/actor' import { ActorModel } from '../../../models/activitypub/actor'
import { areValidationErrors } from '../utils'
async function activityPubValidator (req: express.Request, res: express.Response, next: express.NextFunction) { async function activityPubValidator (req: express.Request, res: express.Response, next: express.NextFunction) {
logger.debug('Checking activity pub parameters') logger.debug('Checking activity pub parameters')