Home Explore Help
Sign In
OWEALs
/
PeerTube
mirror of https://github.com/Chocobozzz/PeerTube.git
2
1
Fork 0
Files Issues 2 Wiki
Tree: 166311358d
Branches Tags
PeerTube
/
server
/
middlewares
/
validators
/
oembed.ts

oembed.ts 4.0 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158 
  1. import express from 'express'
    2. 

  2. import { query } from 'express-validator'
    3. 

  3. import { join } from 'path'
    4. 

  4. import { loadVideo } from '@server/lib/model-loaders'
    5. 

  5. import { VideoPlaylistModel } from '@server/models/video/video-playlist'
    6. 

  6. import { VideoPlaylistPrivacy, VideoPrivacy } from '@shared/models'
    7. 

  7. import { HttpStatusCode } from '../../../shared/models/http/http-error-codes'
    8. 

  8. import { isTestOrDevInstance } from '../../helpers/core-utils'
    9. 

  9. import { isIdOrUUIDValid, isUUIDValid, toCompleteUUID } from '../../helpers/custom-validators/misc'
    10. 

  10. import { WEBSERVER } from '../../initializers/constants'
    11. 

  11. import { areValidationErrors } from './shared'
    12. 

  12. 

  13. const playlistPaths = [
    14. 

  14.   join('videos', 'watch', 'playlist'),
    15. 

  15.   join('w', 'p')
    16. 

  16. ]
    17. 

  17. 

  18. const videoPaths = [
    19. 

  19.   join('videos', 'watch'),
    20. 

  20.   'w'
    21. 

  21. ]
    22. 

  22. 

  23. function buildUrls (paths: string[]) {
    24. 

  24.   return paths.map(p => WEBSERVER.SCHEME + '://' + join(WEBSERVER.HOST, p) + '/')
    25. 

  25. }
    26. 

  26. 

  27. const startPlaylistURLs = buildUrls(playlistPaths)
    28. 

  28. const startVideoURLs = buildUrls(videoPaths)
    29. 

  29. 

  30. const isURLOptions = {
    31. 

  31.   require_host: true,
    32. 

  32.   require_tld: true
    33. 

  33. }
    34. 

  34. 

  35. // We validate 'localhost', so we don't have the top level domain
    36. 

  36. if (isTestOrDevInstance()) {
    37. 

  37.   isURLOptions.require_tld = false
    38. 

  38. }
    39. 

  39. 

  40. const oembedValidator = [
    41. 

  41.   query('url')
    42. 

  42.     .isURL(isURLOptions),
    43. 

  43.   query('maxwidth')
    44. 

  44.     .optional()
    45. 

  45.     .isInt(),
    46. 

  46.   query('maxheight')
    47. 

  47.     .optional()
    48. 

  48.     .isInt(),
    49. 

  49.   query('format')
    50. 

  50.     .optional()
    51. 

  51.     .isIn([ 'xml', 'json' ]),
    52. 

  52. 

  53.   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    54. 

  54.     if (areValidationErrors(req, res)) return
    55. 

  55. 

  56.     if (req.query.format !== undefined && req.query.format !== 'json') {
    57. 

  57.       return res.fail({
    58. 

  58.         status: HttpStatusCode.NOT_IMPLEMENTED_501,
    59. 

  59.         message: 'Requested format is not implemented on server.',
    60. 

  60.         data: {
    61. 

  61.           format: req.query.format
    62. 

  62.         }
    63. 

  63.       })
    64. 

  64.     }
    65. 

  65. 

  66.     const url = req.query.url as string
    67. 

  67. 

  68.     let urlPath: string
    69. 

  69. 

  70.     try {
    71. 

  71.       urlPath = new URL(url).pathname
    72. 

  72.     } catch (err) {
    73. 

  73.       return res.fail({
    74. 

  74.         status: HttpStatusCode.BAD_REQUEST_400,
    75. 

  75.         message: err.message,
    76. 

  76.         data: {
    77. 

  77.           url
    78. 

  78.         }
    79. 

  79.       })
    80. 

  80.     }
    81. 

  81. 

  82.     const isPlaylist = startPlaylistURLs.some(u => url.startsWith(u))
    83. 

  83.     const isVideo = isPlaylist ? false : startVideoURLs.some(u => url.startsWith(u))
    84. 

  84. 

  85.     const startIsOk = isVideo || isPlaylist
    86. 

  86. 

  87.     const parts = urlPath.split('/')
    88. 

  88. 

  89.     if (startIsOk === false || parts.length === 0) {
    90. 

  90.       return res.fail({
    91. 

  91.         status: HttpStatusCode.BAD_REQUEST_400,
    92. 

  92.         message: 'Invalid url.',
    93. 

  93.         data: {
    94. 

  94.           url
    95. 

  95.         }
    96. 

  96.       })
    97. 

  97.     }
    98. 

  98. 

  99.     const elementId = toCompleteUUID(parts.pop())
    100. 

  100.     if (isIdOrUUIDValid(elementId) === false) {
    101. 

  101.       return res.fail({ message: 'Invalid video or playlist id.' })
    102. 

  102.     }
    103. 

  103. 

  104.     if (isVideo) {
    105. 

  105.       const video = await loadVideo(elementId, 'all')
    106. 

  106. 

  107.       if (!video) {
    108. 

  108.         return res.fail({
    109. 

  109.           status: HttpStatusCode.NOT_FOUND_404,
    110. 

  110.           message: 'Video not found'
    111. 

  111.         })
    112. 

  112.       }
    113. 

  113. 

  114.       if (
    115. 

  115.         video.privacy === VideoPrivacy.PUBLIC ||
    116. 

  116.         (video.privacy === VideoPrivacy.UNLISTED && isUUIDValid(elementId) === true)
    117. 

  117.       ) {
    118. 

  118.         res.locals.videoAll = video
    119. 

  119.         return next()
    120. 

  120.       }
    121. 

  121. 

  122.       return res.fail({
    123. 

  123.         status: HttpStatusCode.FORBIDDEN_403,
    124. 

  124.         message: 'Video is not publicly available'
    125. 

  125.       })
    126. 

  126.     }
    127. 

  127. 

  128.     // Is playlist
    129. 

  129. 

  130.     const videoPlaylist = await VideoPlaylistModel.loadWithAccountAndChannelSummary(elementId, undefined)
    131. 

  131.     if (!videoPlaylist) {
    132. 

  132.       return res.fail({
    133. 

  133.         status: HttpStatusCode.NOT_FOUND_404,
    134. 

  134.         message: 'Video playlist not found'
    135. 

  135.       })
    136. 

  136.     }
    137. 

  137. 

  138.     if (
    139. 

  139.       videoPlaylist.privacy === VideoPlaylistPrivacy.PUBLIC ||
    140. 

  140.       (videoPlaylist.privacy === VideoPlaylistPrivacy.UNLISTED && isUUIDValid(elementId))
    141. 

  141.     ) {
    142. 

  142.       res.locals.videoPlaylistSummary = videoPlaylist
    143. 

  143.       return next()
    144. 

  144.     }
    145. 

  145. 

  146.     return res.fail({
    147. 

  147.       status: HttpStatusCode.FORBIDDEN_403,
    148. 

  148.       message: 'Playlist is not public'
    149. 

  149.     })
    150. 

  150.   }
    151. 

  151. 

  152. ]
    153. 

  153. 

  154. // ---------------------------------------------------------------------------
    155. 

  155. 

  156. export {
    157. 

  157.   oembedValidator
    158. 

  158. }
    159.