diff options
author | Rigel Kent <sendmemail@rigelk.eu> | 2018-05-22 19:43:13 +0200 |
---|---|---|
committer | Rigel Kent <par@rigelk.eu> | 2018-05-22 19:44:34 +0200 |
commit | ff2c1fe8133f9556f6aaa52058cd8b83c40085e6 (patch) | |
tree | bc92cde25bf5a1d74b1413d7145179ef7abfd670 /server/middlewares/validators | |
parent | e2f1dad83607aa610ee33b234a81b07664f4304c (diff) | |
download | PeerTube-ff2c1fe8133f9556f6aaa52058cd8b83c40085e6.tar.gz PeerTube-ff2c1fe8133f9556f6aaa52058cd8b83c40085e6.tar.zst PeerTube-ff2c1fe8133f9556f6aaa52058cd8b83c40085e6.zip |
feature: IP filtering on signup page
disable registration form on IP not in range
checking the CIDR list before filtering with it
placing the cidr filters as an attribute object in the config
Diffstat (limited to 'server/middlewares/validators')
-rw-r--r-- | server/middlewares/validators/users.ts | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts index 247b704c4..4ad0e33da 100644 --- a/server/middlewares/validators/users.ts +++ b/server/middlewares/validators/users.ts | |||
@@ -16,8 +16,8 @@ import { | |||
16 | } from '../../helpers/custom-validators/users' | 16 | } from '../../helpers/custom-validators/users' |
17 | import { isVideoExist } from '../../helpers/custom-validators/videos' | 17 | import { isVideoExist } from '../../helpers/custom-validators/videos' |
18 | import { logger } from '../../helpers/logger' | 18 | import { logger } from '../../helpers/logger' |
19 | import { isSignupAllowed } from '../../helpers/utils' | 19 | import { isSignupAllowed, isSignupAllowedForCurrentIP } from '../../helpers/utils' |
20 | import { CONSTRAINTS_FIELDS } from '../../initializers' | 20 | import { CONFIG, CONSTRAINTS_FIELDS } from '../../initializers' |
21 | import { Redis } from '../../lib/redis' | 21 | import { Redis } from '../../lib/redis' |
22 | import { UserModel } from '../../models/account/user' | 22 | import { UserModel } from '../../models/account/user' |
23 | import { areValidationErrors } from './utils' | 23 | import { areValidationErrors } from './utils' |
@@ -177,6 +177,20 @@ const ensureUserRegistrationAllowed = [ | |||
177 | } | 177 | } |
178 | ] | 178 | ] |
179 | 179 | ||
180 | const ensureUserRegistrationAllowedForIP = [ | ||
181 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | ||
182 | const allowed = isSignupAllowedForCurrentIP(req.ip) | ||
183 | |||
184 | if (allowed === false) { | ||
185 | return res.status(403) | ||
186 | .send({ error: 'You are not on a network authorized for registration.' }) | ||
187 | .end() | ||
188 | } | ||
189 | |||
190 | return next() | ||
191 | } | ||
192 | ] | ||
193 | |||
180 | const usersAskResetPasswordValidator = [ | 194 | const usersAskResetPasswordValidator = [ |
181 | body('email').isEmail().not().isEmpty().withMessage('Should have a valid email'), | 195 | body('email').isEmail().not().isEmpty().withMessage('Should have a valid email'), |
182 | 196 | ||
@@ -230,6 +244,7 @@ export { | |||
230 | usersUpdateMeValidator, | 244 | usersUpdateMeValidator, |
231 | usersVideoRatingValidator, | 245 | usersVideoRatingValidator, |
232 | ensureUserRegistrationAllowed, | 246 | ensureUserRegistrationAllowed, |
247 | ensureUserRegistrationAllowedForIP, | ||
233 | usersGetValidator, | 248 | usersGetValidator, |
234 | usersUpdateMyAvatarValidator, | 249 | usersUpdateMyAvatarValidator, |
235 | usersAskResetPasswordValidator, | 250 | usersAskResetPasswordValidator, |