hippofish/packages/backend/src/misc/process-masto-notes.ts

145 lines
3.7 KiB
TypeScript
Raw Normal View History

2023-07-16 05:02:00 +02:00
import * as fs from "node:fs";
import Logger from "@/services/logger.js";
import { createTemp, createTempDir } from "./create-temp.js";
import { downloadUrl } from "./download-url.js";
import { addFile } from "@/services/drive/add-file.js";
import { Users } from "@/models/index.js";
import * as tar from "tar-stream";
import gunzip from "gunzip-maybe";
import decompress from "decompress";
import * as Path from "node:path";
import { inspect } from "node:util";
2023-07-16 05:02:00 +02:00
const logger = new Logger("process-masto-notes");
2023-07-16 05:02:00 +02:00
export async function processMastoNotes(
2023-07-16 12:24:37 +02:00
fn: string,
2023-07-16 05:02:00 +02:00
url: string,
uid: string,
): Promise<any> {
// Create temp file
const [path, cleanup] = await createTemp();
const [unzipPath, unzipCleanup] = await createTempDir();
logger.info(`Temp file is ${path}`);
try {
// write content at URL to temp file
await downloadUrl(url, path);
2023-07-16 12:24:37 +02:00
return await processMastoFile(fn, path, unzipPath, uid);
2023-07-16 05:02:00 +02:00
} finally {
cleanup();
2023-07-16 12:24:37 +02:00
//unzipCleanup();
2023-07-16 05:02:00 +02:00
}
}
2023-07-16 12:24:37 +02:00
function processMastoFile(fn: string, path: string, dir: string, uid: string) {
2023-07-16 05:02:00 +02:00
return new Promise(async (resolve, reject) => {
const user = await Users.findOneBy({ id: uid });
2023-07-16 07:47:06 +02:00
try {
2023-07-16 12:24:37 +02:00
logger.info(`Start unzip ${path}`);
fn.endsWith("tar.gz")
? await unzipTarGz(path, dir)
: await unzipZip(path, dir);
logger.info(`Unzip to ${dir}`);
const outbox = JSON.parse(fs.readFileSync(`${dir}/outbox.json`));
for (const note of outbox.orderedItems) {
// Skip if attachment is undefined or not iterable
if (
note.object.attachment == null ||
!note.object.attachment[Symbol.iterator]
) {
continue;
}
for (const attachment of note.object.attachment) {
2023-07-16 12:24:37 +02:00
const url = attachment.url.replaceAll("..", "");
2023-07-18 02:38:27 +02:00
if (url.indexOf("\0") !== -1) {
2023-07-16 12:24:37 +02:00
logger.error(`Found Poison Null Bytes Attack: ${url}`);
reject();
return;
}
try {
2023-07-16 12:24:37 +02:00
const fpath = Path.resolve(`${dir}${url}`);
if (!fpath.startsWith(dir)) {
logger.error(`Found Path Attack: ${url}`);
reject();
return;
}
logger.info(fpath);
const driveFile = await addFile({ user: user, path: fpath });
attachment.driveFile = driveFile;
} catch (e) {
logger.error(`Skipped adding file to drive: ${url}`);
2023-07-16 05:02:00 +02:00
}
}
}
resolve(outbox);
2023-07-16 07:47:06 +02:00
} catch (e) {
logger.error(`Error on extract masto note package: ${fn}`);
reject(e);
}
2023-07-16 05:02:00 +02:00
});
}
2023-07-16 07:47:06 +02:00
function createFileDir(fn: string) {
if (!fs.existsSync(fn)) {
fs.mkdirSync(fn, { recursive: true });
fs.rmdirSync(fn);
}
}
2023-07-16 12:24:37 +02:00
function unzipZip(fn: string, dir: string) {
return new Promise(async (resolve, reject) => {
try {
decompress(fn, dir).then((files: any) => {
resolve(files);
});
} catch (e) {
reject();
}
});
}
2023-07-16 07:47:06 +02:00
function unzipTarGz(fn: string, dir: string) {
return new Promise(async (resolve, reject) => {
const onErr = (err: any) => {
logger.error(`pipe broken:\n${inspect(err)}`);
reject();
2023-07-16 07:47:06 +02:00
};
try {
const extract = tar.extract().on("error", onErr);
dir = dir.endsWith("/") ? dir : dir + "/";
const ls: string[] = [];
2023-07-16 07:47:06 +02:00
extract.on("entry", function (header: any, stream: any, next: any) {
try {
ls.push(dir + header.name);
createFileDir(dir + header.name);
2023-07-16 07:47:06 +02:00
stream
.on("error", onErr)
.pipe(fs.createWriteStream(dir + header.name))
.on("error", onErr);
next();
2023-07-16 07:47:06 +02:00
} catch (e) {
logger.error(`create dir error:\n${inspect(e)}`);
reject();
}
});
2023-07-16 07:47:06 +02:00
extract.on("finish", function () {
resolve(ls);
});
2023-07-16 07:47:06 +02:00
fs.createReadStream(fn)
.on("error", onErr)
.pipe(gunzip())
.on("error", onErr)
.pipe(extract)
.on("error", onErr);
} catch (e) {
logger.error(`unzipTarGz error:\n${inspect(e)}`);
reject();
}
});
2023-07-16 07:47:06 +02:00
}