diff options
author | Austin Heap <me@austinheap.com> | 2018-09-06 05:23:46 -0700 |
---|---|---|
committer | Rigel Kent <par@rigelk.eu> | 2018-09-06 14:23:46 +0200 |
commit | 5447516b9a87725a6f8c55ec7e4ea1c1be839ee6 (patch) | |
tree | bb73829e0b2c179e717ff491c75d074ed38bb0e5 | |
parent | 35c29307767ac773eaab5054071c7df0555effcb (diff) | |
download | PeerTube-5447516b9a87725a6f8c55ec7e4ea1c1be839ee6.tar.gz PeerTube-5447516b9a87725a6f8c55ec7e4ea1c1be839ee6.tar.zst PeerTube-5447516b9a87725a6f8c55ec7e4ea1c1be839ee6.zip |
draft "security.txt" spec integration (#1020)
-rw-r--r-- | config/default.yaml | 3 | ||||
-rw-r--r-- | config/production.yaml.example | 3 | ||||
-rw-r--r-- | server/controllers/static.ts | 15 | ||||
-rw-r--r-- | server/initializers/checker.ts | 2 | ||||
-rw-r--r-- | server/initializers/constants.ts | 5 |
5 files changed, 26 insertions, 2 deletions
diff --git a/config/default.yaml b/config/default.yaml index 254fa0c99..e95fa3ec7 100644 --- a/config/default.yaml +++ b/config/default.yaml | |||
@@ -127,6 +127,9 @@ instance: | |||
127 | robots: | | 127 | robots: | |
128 | User-agent: * | 128 | User-agent: * |
129 | Disallow: '' | 129 | Disallow: '' |
130 | # Security.txt rules. To discourage researchers from testing your instance and disable security.txt integration, set this to an empty string. | ||
131 | securitytxt: | ||
132 | "# If you would like to report a security issue\n# you may report it to:\nContact: https://github.com/Chocobozzz/PeerTube\nContact: mailto:" | ||
130 | 133 | ||
131 | services: | 134 | services: |
132 | # Cards configuration to format video in Twitter | 135 | # Cards configuration to format video in Twitter |
diff --git a/config/production.yaml.example b/config/production.yaml.example index e33427fae..edc774e6b 100644 --- a/config/production.yaml.example +++ b/config/production.yaml.example | |||
@@ -141,6 +141,9 @@ instance: | |||
141 | robots: | | 141 | robots: | |
142 | User-agent: * | 142 | User-agent: * |
143 | Disallow: '' | 143 | Disallow: '' |
144 | # Security.txt rules. To discourage researchers from testing your instance and disable security.txt integration, set this to an empty string. | ||
145 | securitytxt: | ||
146 | "# If you would like to report a security issue\n# you may report it to:\nContact: https://github.com/Chocobozzz/PeerTube\nContact: mailto:" | ||
144 | 147 | ||
145 | services: | 148 | services: |
146 | # Cards configuration to format video in Twitter | 149 | # Cards configuration to format video in Twitter |
diff --git a/server/controllers/static.ts b/server/controllers/static.ts index df31c3134..63f78b3b3 100644 --- a/server/controllers/static.ts +++ b/server/controllers/static.ts | |||
@@ -79,6 +79,21 @@ staticRouter.get('/robots.txt', | |||
79 | } | 79 | } |
80 | ) | 80 | ) |
81 | 81 | ||
82 | // security.txt service | ||
83 | staticRouter.get('/security.txt', | ||
84 | (_, res: express.Response) => { | ||
85 | return res.redirect(301, '/.well-known/security.txt') | ||
86 | } | ||
87 | ) | ||
88 | |||
89 | staticRouter.get('/.well-known/security.txt', | ||
90 | asyncMiddleware(cacheRoute(ROUTE_CACHE_LIFETIME.SECURITYTXT)), | ||
91 | (_, res: express.Response) => { | ||
92 | res.type('text/plain') | ||
93 | return res.send(CONFIG.INSTANCE.SECURITYTXT + CONFIG.INSTANCE.SECURITYTXT_CONTACT) | ||
94 | } | ||
95 | ) | ||
96 | |||
82 | // nodeinfo service | 97 | // nodeinfo service |
83 | staticRouter.use('/.well-known/nodeinfo', | 98 | staticRouter.use('/.well-known/nodeinfo', |
84 | asyncMiddleware(cacheRoute(ROUTE_CACHE_LIFETIME.NODEINFO)), | 99 | asyncMiddleware(cacheRoute(ROUTE_CACHE_LIFETIME.NODEINFO)), |
diff --git a/server/initializers/checker.ts b/server/initializers/checker.ts index 3cc6268cf..9dd104035 100644 --- a/server/initializers/checker.ts +++ b/server/initializers/checker.ts | |||
@@ -55,7 +55,7 @@ function checkMissedConfig () { | |||
55 | 'import.videos.http.enabled', 'import.videos.torrent.enabled', | 55 | 'import.videos.http.enabled', 'import.videos.torrent.enabled', |
56 | 'trending.videos.interval_days', | 56 | 'trending.videos.interval_days', |
57 | 'instance.name', 'instance.short_description', 'instance.description', 'instance.terms', 'instance.default_client_route', | 57 | 'instance.name', 'instance.short_description', 'instance.description', 'instance.terms', 'instance.default_client_route', |
58 | 'instance.default_nsfw_policy', 'instance.robots', | 58 | 'instance.default_nsfw_policy', 'instance.robots', 'instance.securitytxt', |
59 | 'services.twitter.username', 'services.twitter.whitelisted' | 59 | 'services.twitter.username', 'services.twitter.whitelisted' |
60 | ] | 60 | ] |
61 | const requiredAlternatives = [ | 61 | const requiredAlternatives = [ |
diff --git a/server/initializers/constants.ts b/server/initializers/constants.ts index ba8b9b6ed..5b7ea5d6c 100644 --- a/server/initializers/constants.ts +++ b/server/initializers/constants.ts | |||
@@ -57,6 +57,7 @@ const OAUTH_LIFETIME = { | |||
57 | const ROUTE_CACHE_LIFETIME = { | 57 | const ROUTE_CACHE_LIFETIME = { |
58 | FEEDS: '15 minutes', | 58 | FEEDS: '15 minutes', |
59 | ROBOTS: '2 hours', | 59 | ROBOTS: '2 hours', |
60 | SECURITYTXT: '2 hours', | ||
60 | NODEINFO: '10 minutes', | 61 | NODEINFO: '10 minutes', |
61 | DNT_POLICY: '1 week', | 62 | DNT_POLICY: '1 week', |
62 | OVERVIEWS: { | 63 | OVERVIEWS: { |
@@ -265,7 +266,9 @@ const CONFIG = { | |||
265 | get JAVASCRIPT () { return config.get<string>('instance.customizations.javascript') }, | 266 | get JAVASCRIPT () { return config.get<string>('instance.customizations.javascript') }, |
266 | get CSS () { return config.get<string>('instance.customizations.css') } | 267 | get CSS () { return config.get<string>('instance.customizations.css') } |
267 | }, | 268 | }, |
268 | get ROBOTS () { return config.get<string>('instance.robots') } | 269 | get ROBOTS () { return config.get<string>('instance.robots') }, |
270 | get SECURITYTXT () { return config.get<string>('instance.securitytxt') }, | ||
271 | get SECURITYTXT_CONTACT () { return config.get<string>('admin.email') } | ||
269 | }, | 272 | }, |
270 | SERVICES: { | 273 | SERVICES: { |
271 | TWITTER: { | 274 | TWITTER: { |