Prepare folders structure for angular app

8 files changed, 283 insertions, 0 deletions

diff --git a/server/middlewares/cache.js b/server/middlewares/cache.js
new file mode 100644
index 000000000..0d3da0075
--- /dev/null
+++ b/server/middlewares/cache.js
@@ -0,0 +1,23 @@
+'use strict'
+
+var cacheMiddleware = {
+  cache: cache
+}
+
+function cache (cache) {
+  return function (req, res, next) {
+    // If we want explicitly a cache
+    // Or if we don't specify if we want a cache or no and we are in production
+    if (cache === true || (cache !== false && process.env.NODE_ENV === 'production')) {
+      res.setHeader('Cache-Control', 'public')
+    } else {
+      res.setHeader('Cache-Control', 'no-cache, no-store, max-age=0, must-revalidate')
+    }
+
+    next()
+  }
+}
+
+// ---------------------------------------------------------------------------
+
+module.exports = cacheMiddleware
diff --git a/server/middlewares/index.js b/server/middlewares/index.js
new file mode 100644
index 000000000..c85899b0c
--- /dev/null
+++ b/server/middlewares/index.js
@@ -0,0 +1,15 @@
+'use strict'
+
+var cacheMiddleware = require('./cache')
+var reqValidatorsMiddleware = require('./reqValidators')
+var secureMiddleware = require('./secure')
+
+var middlewares = {
+  cache: cacheMiddleware,
+  reqValidators: reqValidatorsMiddleware,
+  secure: secureMiddleware
+}
+
+// ---------------------------------------------------------------------------
+
+module.exports = middlewares
diff --git a/server/middlewares/reqValidators/index.js b/server/middlewares/reqValidators/index.js
new file mode 100644
index 000000000..345dbd0e2
--- /dev/null
+++ b/server/middlewares/reqValidators/index.js
@@ -0,0 +1,15 @@
+'use strict'
+
+var podsReqValidators = require('./pods')
+var remoteReqValidators = require('./remote')
+var videosReqValidators = require('./videos')
+
+var reqValidators = {
+  pods: podsReqValidators,
+  remote: remoteReqValidators,
+  videos: videosReqValidators
+}
+
+// ---------------------------------------------------------------------------
+
+module.exports = reqValidators
diff --git a/server/middlewares/reqValidators/pods.js b/server/middlewares/reqValidators/pods.js
new file mode 100644
index 000000000..ef09d51cf
--- /dev/null
+++ b/server/middlewares/reqValidators/pods.js
@@ -0,0 +1,39 @@
+'use strict'
+
+var checkErrors = require('./utils').checkErrors
+var friends = require('../../lib/friends')
+var logger = require('../../helpers/logger')
+
+var reqValidatorsPod = {
+  makeFriends: makeFriends,
+  podsAdd: podsAdd
+}
+
+function makeFriends (req, res, next) {
+  friends.hasFriends(function (err, has_friends) {
+    if (err) {
+      logger.error('Cannot know if we have friends.', { error: err })
+      res.sendStatus(500)
+    }
+
+    if (has_friends === true) {
+      // We need to quit our friends before make new ones
+      res.sendStatus(409)
+    } else {
+      return next()
+    }
+  })
+}
+
+function podsAdd (req, res, next) {
+  req.checkBody('data.url', 'Should have an url').notEmpty().isURL({ require_protocol: true })
+  req.checkBody('data.publicKey', 'Should have a public key').notEmpty()
+
+  logger.debug('Checking podsAdd parameters', { parameters: req.body })
+
+  checkErrors(req, res, next)
+}
+
+// ---------------------------------------------------------------------------
+
+module.exports = reqValidatorsPod
diff --git a/server/middlewares/reqValidators/remote.js b/server/middlewares/reqValidators/remote.js
new file mode 100644
index 000000000..88de16b49
--- /dev/null
+++ b/server/middlewares/reqValidators/remote.js
@@ -0,0 +1,43 @@
+'use strict'
+
+var checkErrors = require('./utils').checkErrors
+var logger = require('../../helpers/logger')
+
+var reqValidatorsRemote = {
+  remoteVideosAdd: remoteVideosAdd,
+  remoteVideosRemove: remoteVideosRemove,
+  secureRequest: secureRequest
+}
+
+function remoteVideosAdd (req, res, next) {
+  req.checkBody('data').isArray()
+  req.checkBody('data').eachIsRemoteVideosAddValid()
+
+  logger.debug('Checking remoteVideosAdd parameters', { parameters: req.body })
+
+  checkErrors(req, res, next)
+}
+
+function remoteVideosRemove (req, res, next) {
+  req.checkBody('data').isArray()
+  req.checkBody('data').eachIsRemoteVideosRemoveValid()
+
+  logger.debug('Checking remoteVideosRemove parameters', { parameters: req.body })
+
+  checkErrors(req, res, next)
+}
+
+function secureRequest (req, res, next) {
+  req.checkBody('signature.url', 'Should have a signature url').isURL()
+  req.checkBody('signature.signature', 'Should have a signature').notEmpty()
+  req.checkBody('key', 'Should have a key').notEmpty()
+  req.checkBody('data', 'Should have data').notEmpty()
+
+  logger.debug('Checking secureRequest parameters', { parameters: { data: req.body.data, keyLength: req.body.key.length } })
+
+  checkErrors(req, res, next)
+}
+
+// ---------------------------------------------------------------------------
+
+module.exports = reqValidatorsRemote
diff --git a/server/middlewares/reqValidators/utils.js b/server/middlewares/reqValidators/utils.js
new file mode 100644
index 000000000..46c982571
--- /dev/null
+++ b/server/middlewares/reqValidators/utils.js
@@ -0,0 +1,25 @@
+'use strict'
+
+var util = require('util')
+
+var logger = require('../../helpers/logger')
+
+var reqValidatorsUtils = {
+  checkErrors: checkErrors
+}
+
+function checkErrors (req, res, next, status_code) {
+  if (status_code === undefined) status_code = 400
+  var errors = req.validationErrors()
+
+  if (errors) {
+    logger.warn('Incorrect request parameters', { path: req.originalUrl, err: errors })
+    return res.status(status_code).send('There have been validation errors: ' + util.inspect(errors))
+  }
+
+  return next()
+}
+
+// ---------------------------------------------------------------------------
+
+module.exports = reqValidatorsUtils
diff --git a/server/middlewares/reqValidators/videos.js b/server/middlewares/reqValidators/videos.js
new file mode 100644
index 000000000..4e5f4391f
--- /dev/null
+++ b/server/middlewares/reqValidators/videos.js
@@ -0,0 +1,74 @@
+'use strict'
+
+var checkErrors = require('./utils').checkErrors
+var logger = require('../../helpers/logger')
+var Videos = require('../../models/videos')
+
+var reqValidatorsVideos = {
+  videosAdd: videosAdd,
+  videosGet: videosGet,
+  videosRemove: videosRemove,
+  videosSearch: videosSearch
+}
+
+function videosAdd (req, res, next) {
+  req.checkFiles('input_video[0].originalname', 'Should have an input video').notEmpty()
+  req.checkFiles('input_video[0].mimetype', 'Should have a correct mime type').matches(/video\/(webm)|(mp4)|(ogg)/i)
+  req.checkBody('name', 'Should have a name').isLength(1, 50)
+  req.checkBody('description', 'Should have a description').isLength(1, 250)
+
+  logger.debug('Checking videosAdd parameters', { parameters: req.body, files: req.files })
+
+  checkErrors(req, res, next)
+}
+
+function videosGet (req, res, next) {
+  req.checkParams('id', 'Should have a valid id').notEmpty().isMongoId()
+
+  logger.debug('Checking videosGet parameters', { parameters: req.params })
+
+  checkErrors(req, res, function () {
+    Videos.getVideoState(req.params.id, function (err, state) {
+      if (err) {
+        logger.error('Error in videosGet request validator.', { error: err })
+        res.sendStatus(500)
+      }
+
+      if (state.exist === false) return res.status(404).send('Video not found')
+
+      next()
+    })
+  })
+}
+
+function videosRemove (req, res, next) {
+  req.checkParams('id', 'Should have a valid id').notEmpty().isMongoId()
+
+  logger.debug('Checking videosRemove parameters', { parameters: req.params })
+
+  checkErrors(req, res, function () {
+    Videos.getVideoState(req.params.id, function (err, state) {
+      if (err) {
+        logger.error('Error in videosRemove request validator.', { error: err })
+        res.sendStatus(500)
+      }
+
+      if (state.exist === false) return res.status(404).send('Video not found')
+      else if (state.owned === false) return res.status(403).send('Cannot remove video of another pod')
+
+      next()
+    })
+  })
+}
+
+function videosSearch (req, res, next) {
+  req.checkParams('name', 'Should have a name').notEmpty()
+
+  logger.debug('Checking videosSearch parameters', { parameters: req.params })
+
+  checkErrors(req, res, next)
+}
+
+// ---------------------------------------------------------------------------
+
+module.exports = reqValidatorsVideos
diff --git a/server/middlewares/secure.js b/server/middlewares/secure.js
new file mode 100644
index 000000000..bfd28316a
--- /dev/null
+++ b/server/middlewares/secure.js
@@ -0,0 +1,49 @@
+'use strict'
+
+var logger = require('../helpers/logger')
+var peertubeCrypto = require('../helpers/peertubeCrypto')
+var Pods = require('../models/pods')
+
+var secureMiddleware = {
+  decryptBody: decryptBody
+}
+
+function decryptBody (req, res, next) {
+  var url = req.body.signature.url
+  Pods.findByUrl(url, function (err, pod) {
+    if (err) {
+      logger.error('Cannot get signed url in decryptBody.', { error: err })
+      return res.sendStatus(500)
+    }
+
+    if (pod === null) {
+      logger.error('Unknown pod %s.', url)
+      return res.sendStatus(403)
+    }
+
+    logger.debug('Decrypting body from %s.', url)
+
+    var signature_ok = peertubeCrypto.checkSignature(pod.publicKey, url, req.body.signature.signature)
+
+    if (signature_ok === true) {
+      peertubeCrypto.decrypt(req.body.key, req.body.data, function (err, decrypted) {
+        if (err) {
+          logger.error('Cannot decrypt data.', { error: err })
+          return res.sendStatus(500)
+        }
+
+        req.body.data = JSON.parse(decrypted)
+        delete req.body.key
+
+        next()
+      })
+    } else {
+      logger.error('Signature is not okay in decryptBody for %s.', req.body.signature.url)
+      return res.sendStatus(403)
+    }
+  })
+}
+
+// ---------------------------------------------------------------------------
+
+module.exports = secureMiddleware