X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=server.ts;h=6dff16f46214eb33eec2b4b485ea68ff1d942c92;hb=80bfd33c0bf910e2cfdd3270b14ba9eddd90e2e8;hp=8bc5e5f320d53781584d0e1e18edd29bf3ce61a9;hpb=c48e82b5e0478434de30626d14594a97f2402e7c;p=github%2FChocobozzz%2FPeerTube.git

diff --git a/server.ts b/server.ts
index 8bc5e5f32..6dff16f46 100644
--- a/server.ts
+++ b/server.ts
@@ -1,6 +1,4 @@
 // FIXME: https://github.com/nodejs/node/pull/16853
-import { VideosCaptionCache } from './server/lib/cache/videos-caption-cache'
-
 require('tls').DEFAULT_ECDH_CURVE = 'auto'
 
 import { isTestInstance } from './server/helpers/core-utils'
@@ -17,7 +15,8 @@ import * as cors from 'cors'
 import * as cookieParser from 'cookie-parser'
 import * as helmet from 'helmet'
 import * as useragent from 'useragent'
-import * as anonymise from 'ip-anonymize'
+import * as anonymize from 'ip-anonymize'
+import * as cli from 'commander'
 
 process.title = 'peertube'
 
@@ -25,11 +24,11 @@ process.title = 'peertube'
 const app = express()
 
 // ----------- Core checker -----------
-import { checkMissedConfig, checkFFmpeg, checkConfig, checkActivityPubUrls } from './server/initializers/checker'
+import { checkMissedConfig, checkFFmpeg } from './server/initializers/checker-before-init'
 
 // Do not use barrels because we don't want to load all modules here (we need to initialize database first)
 import { logger } from './server/helpers/logger'
-import { API_VERSION, CONFIG, CACHE } from './server/initializers/constants'
+import { API_VERSION, CONFIG, CACHE, HTTP_SIGNATURE } from './server/initializers/constants'
 
 const missed = checkMissedConfig()
 if (missed.length !== 0) {
@@ -43,6 +42,8 @@ checkFFmpeg(CONFIG)
     process.exit(-1)
   })
 
+import { checkConfig, checkActivityPubUrls } from './server/initializers/checker-after-init'
+
 const errorMessage = checkConfig()
 if (errorMessage !== null) {
   throw new Error(errorMessage)
@@ -52,6 +53,9 @@ if (errorMessage !== null) {
 app.set('trust proxy', CONFIG.TRUST_PROXY)
 
 // Security middleware
+import { baseCSP } from './server/middlewares'
+
+app.use(baseCSP)
 app.use(helmet({
   frameguard: {
     action: 'deny' // we only allow it for /videos/embed, see server/controllers/client.ts
@@ -76,7 +80,7 @@ migrate()
 import { installApplication } from './server/initializers'
 import { Emailer } from './server/lib/emailer'
 import { JobQueue } from './server/lib/job-queue'
-import { VideosPreviewCache } from './server/lib/cache'
+import { VideosPreviewCache, VideosCaptionCache } from './server/lib/cache'
 import {
   activityPubRouter,
   apiRouter,
@@ -86,7 +90,7 @@ import {
   servicesRouter,
   webfingerRouter,
   trackerRouter,
-  createWebsocketServer
+  createWebsocketServer, botsRouter
 } from './server/controllers'
 import { advertiseDoNotTrack } from './server/middlewares/dnt'
 import { Redis } from './server/lib/redis'
@@ -95,9 +99,14 @@ import { RemoveOldJobsScheduler } from './server/lib/schedulers/remove-old-jobs-
 import { UpdateVideosScheduler } from './server/lib/schedulers/update-videos-scheduler'
 import { YoutubeDlUpdateScheduler } from './server/lib/schedulers/youtube-dl-update-scheduler'
 import { VideosRedundancyScheduler } from './server/lib/schedulers/videos-redundancy-scheduler'
+import { isHTTPSignatureDigestValid } from './server/helpers/peertube-crypto'
 
 // ----------- Command line -----------
 
+cli
+  .option('--no-client', 'Start PeerTube without client interface')
+  .parse(process.argv)
+
 // ----------- App -----------
 
 // Enable CORS for develop
@@ -111,7 +120,7 @@ if (isTestInstance()) {
 // For the logger
 morgan.token('remote-addr', req => {
   return (req.get('DNT') === '1') ?
-    anonymise(req.ip || (req.connection && req.connection.remoteAddress) || undefined,
+    anonymize(req.ip || (req.connection && req.connection.remoteAddress) || undefined,
     16, // bitmask for IPv4
     16  // bitmask for IPv6
     ) :
@@ -126,7 +135,11 @@ app.use(morgan('combined', {
 app.use(bodyParser.urlencoded({ extended: false }))
 app.use(bodyParser.json({
   type: [ 'application/json', 'application/*+json' ],
-  limit: '500kb'
+  limit: '500kb',
+  verify: (req: express.Request, _, buf: Buffer, encoding: string) => {
+    const valid = isHTTPSignatureDigestValid(buf, req)
+    if (valid !== true) throw new Error('Invalid digest')
+  }
 }))
 // Cookies
 app.use(cookieParser())
@@ -146,12 +159,13 @@ app.use('/', activityPubRouter)
 app.use('/', feedsRouter)
 app.use('/', webfingerRouter)
 app.use('/', trackerRouter)
+app.use('/', botsRouter)
 
 // Static files
 app.use('/', staticRouter)
 
 // Client files, last valid routes!
-app.use('/', clientsRouter)
+if (cli.client) app.use('/', clientsRouter)
 
 // ----------- Errors -----------
 
@@ -194,9 +208,11 @@ async function startApplication () {
 
   // Email initialization
   Emailer.Instance.init()
-  await Emailer.Instance.checkConnectionOrDie()
 
-  await JobQueue.Instance.init()
+  await Promise.all([
+    Emailer.Instance.checkConnectionOrDie(),
+    JobQueue.Instance.init()
+  ])
 
   // Caches initializations
   VideosPreviewCache.Instance.init(CONFIG.CACHE.PREVIEWS.SIZE, CACHE.PREVIEWS.MAX_AGE)