diff options
author | Chocobozzz <florian.bigard@gmail.com> | 2016-10-01 09:09:07 +0200 |
---|---|---|
committer | Chocobozzz <florian.bigard@gmail.com> | 2016-10-01 09:09:07 +0200 |
commit | 0eb78d530376c43d228e3e071e032fe9849149ed (patch) | |
tree | e4a81e9de1267e8e316cfe27de65f4cb450ae8b7 /server/controllers/api | |
parent | c60f2212fd326c323dc2d145ba64080612b655d3 (diff) | |
download | PeerTube-0eb78d530376c43d228e3e071e032fe9849149ed.tar.gz PeerTube-0eb78d530376c43d228e3e071e032fe9849149ed.tar.zst PeerTube-0eb78d530376c43d228e3e071e032fe9849149ed.zip |
Server: do not forget to check the signature when another pod wants to
quit us
Diffstat (limited to 'server/controllers/api')
-rw-r--r-- | server/controllers/api/v1/pods.js | 7 | ||||
-rw-r--r-- | server/controllers/api/v1/remote.js | 1 |
2 files changed, 7 insertions, 1 deletions
diff --git a/server/controllers/api/v1/pods.js b/server/controllers/api/v1/pods.js index 2bdfe0c92..d509db964 100644 --- a/server/controllers/api/v1/pods.js +++ b/server/controllers/api/v1/pods.js | |||
@@ -10,6 +10,7 @@ const friends = require('../../../lib/friends') | |||
10 | const middlewares = require('../../../middlewares') | 10 | const middlewares = require('../../../middlewares') |
11 | const admin = middlewares.admin | 11 | const admin = middlewares.admin |
12 | const oAuth = middlewares.oauth | 12 | const oAuth = middlewares.oauth |
13 | const checkSignature = middlewares.secure.checkSignature | ||
13 | const validators = middlewares.validators.pods | 14 | const validators = middlewares.validators.pods |
14 | const signatureValidator = middlewares.validators.remote.signature | 15 | const signatureValidator = middlewares.validators.remote.signature |
15 | 16 | ||
@@ -31,7 +32,11 @@ router.get('/quitfriends', | |||
31 | quitFriends | 32 | quitFriends |
32 | ) | 33 | ) |
33 | // Post because this is a secured request | 34 | // Post because this is a secured request |
34 | router.post('/remove', signatureValidator, removePods) | 35 | router.post('/remove', |
36 | signatureValidator, | ||
37 | checkSignature, | ||
38 | removePods | ||
39 | ) | ||
35 | 40 | ||
36 | // --------------------------------------------------------------------------- | 41 | // --------------------------------------------------------------------------- |
37 | 42 | ||
diff --git a/server/controllers/api/v1/remote.js b/server/controllers/api/v1/remote.js index f452986b8..a22c5d151 100644 --- a/server/controllers/api/v1/remote.js +++ b/server/controllers/api/v1/remote.js | |||
@@ -16,6 +16,7 @@ const Video = mongoose.model('Video') | |||
16 | router.post('/videos', | 16 | router.post('/videos', |
17 | validators.signature, | 17 | validators.signature, |
18 | validators.dataToDecrypt, | 18 | validators.dataToDecrypt, |
19 | secureMiddleware.checkSignature, | ||
19 | secureMiddleware.decryptBody, | 20 | secureMiddleware.decryptBody, |
20 | validators.remoteVideos, | 21 | validators.remoteVideos, |
21 | remoteVideos | 22 | remoteVideos |