diff options
author | Chocobozzz <florian.bigard@gmail.com> | 2016-11-16 20:22:17 +0100 |
---|---|---|
committer | Chocobozzz <florian.bigard@gmail.com> | 2016-11-16 20:29:26 +0100 |
commit | 441b66f80923d1f574a74582f1fb9306b99fc12a (patch) | |
tree | ed8a853b9df3666772ec4c027a03c7e05651423c | |
parent | 9c89a45cb2a7bb46e68fb084723a2046b12c7617 (diff) | |
download | PeerTube-441b66f80923d1f574a74582f1fb9306b99fc12a.tar.gz PeerTube-441b66f80923d1f574a74582f1fb9306b99fc12a.tar.zst PeerTube-441b66f80923d1f574a74582f1fb9306b99fc12a.zip |
Server: forbid to make friends with a non https server
-rw-r--r-- | server/helpers/utils.js | 7 | ||||
-rw-r--r-- | server/initializers/constants.js | 3 | ||||
-rw-r--r-- | server/middlewares/validators/pods.js | 7 |
3 files changed, 15 insertions, 2 deletions
diff --git a/server/helpers/utils.js b/server/helpers/utils.js index 9c2d402e3..9f27671b6 100644 --- a/server/helpers/utils.js +++ b/server/helpers/utils.js | |||
@@ -6,7 +6,8 @@ const logger = require('./logger') | |||
6 | 6 | ||
7 | const utils = { | 7 | const utils = { |
8 | cleanForExit, | 8 | cleanForExit, |
9 | generateRandomString | 9 | generateRandomString, |
10 | isTestInstance | ||
10 | } | 11 | } |
11 | 12 | ||
12 | function generateRandomString (size, callback) { | 13 | function generateRandomString (size, callback) { |
@@ -22,6 +23,10 @@ function cleanForExit (webtorrentProcess) { | |||
22 | process.kill(-webtorrentProcess.pid) | 23 | process.kill(-webtorrentProcess.pid) |
23 | } | 24 | } |
24 | 25 | ||
26 | function isTestInstance () { | ||
27 | return (process.env.NODE_ENV === 'test') | ||
28 | } | ||
29 | |||
25 | // --------------------------------------------------------------------------- | 30 | // --------------------------------------------------------------------------- |
26 | 31 | ||
27 | module.exports = utils | 32 | module.exports = utils |
diff --git a/server/initializers/constants.js b/server/initializers/constants.js index 40e1c5381..3ddf87454 100644 --- a/server/initializers/constants.js +++ b/server/initializers/constants.js | |||
@@ -152,7 +152,7 @@ const REQUEST_ENDPOINTS = { | |||
152 | 152 | ||
153 | const REMOTE_SCHEME = { | 153 | const REMOTE_SCHEME = { |
154 | HTTP: 'https', | 154 | HTTP: 'https', |
155 | WS: 'WS' | 155 | WS: 'wss' |
156 | } | 156 | } |
157 | 157 | ||
158 | // Password encryption | 158 | // Password encryption |
@@ -220,6 +220,7 @@ module.exports = { | |||
220 | 220 | ||
221 | // --------------------------------------------------------------------------- | 221 | // --------------------------------------------------------------------------- |
222 | 222 | ||
223 | // This method exists in utils module but we want to let the constants module independent | ||
223 | function isTestInstance () { | 224 | function isTestInstance () { |
224 | return (process.env.NODE_ENV === 'test') | 225 | return (process.env.NODE_ENV === 'test') |
225 | } | 226 | } |
diff --git a/server/middlewares/validators/pods.js b/server/middlewares/validators/pods.js index 4f8bad2f9..0723871b2 100644 --- a/server/middlewares/validators/pods.js +++ b/server/middlewares/validators/pods.js | |||
@@ -1,8 +1,10 @@ | |||
1 | 'use strict' | 1 | 'use strict' |
2 | 2 | ||
3 | const checkErrors = require('./utils').checkErrors | 3 | const checkErrors = require('./utils').checkErrors |
4 | const constants = require('../../initializers/constants') | ||
4 | const friends = require('../../lib/friends') | 5 | const friends = require('../../lib/friends') |
5 | const logger = require('../../helpers/logger') | 6 | const logger = require('../../helpers/logger') |
7 | const utils = require('../../helpers/utils') | ||
6 | 8 | ||
7 | const validatorsPod = { | 9 | const validatorsPod = { |
8 | makeFriends, | 10 | makeFriends, |
@@ -10,6 +12,11 @@ const validatorsPod = { | |||
10 | } | 12 | } |
11 | 13 | ||
12 | function makeFriends (req, res, next) { | 14 | function makeFriends (req, res, next) { |
15 | // Force https if the administrator wants to make friends | ||
16 | if (utils.isTestInstance() === false && constants.CONFIG.WEBSERVER.SCHEME === 'http') { | ||
17 | return res.status(400).send('Cannot make friends with a non HTTPS webserver.') | ||
18 | } | ||
19 | |||
13 | req.checkBody('hosts', 'Should have an array of unique hosts').isEachUniqueHostValid() | 20 | req.checkBody('hosts', 'Should have an array of unique hosts').isEachUniqueHostValid() |
14 | 21 | ||
15 | logger.debug('Checking makeFriends parameters', { parameters: req.body }) | 22 | logger.debug('Checking makeFriends parameters', { parameters: req.body }) |