diff options
author | Chocobozzz <florian.bigard@gmail.com> | 2016-11-14 20:03:04 +0100 |
---|---|---|
committer | Chocobozzz <florian.bigard@gmail.com> | 2016-11-16 20:29:26 +0100 |
commit | 49abbbbedca83b9031d3e2eb3ae9ad9b6a7d96ed (patch) | |
tree | 68c59d67637a297d513e07ea96ba236a7f0cd43b /server/middlewares | |
parent | 41b5da1d8cb41f5c49f0e0a01a54106c9a5925dd (diff) | |
download | PeerTube-49abbbbedca83b9031d3e2eb3ae9ad9b6a7d96ed.tar.gz PeerTube-49abbbbedca83b9031d3e2eb3ae9ad9b6a7d96ed.tar.zst PeerTube-49abbbbedca83b9031d3e2eb3ae9ad9b6a7d96ed.zip |
Pod URL -> pod host. HTTPS is required to make friends.
Reason: in a network with mix http/https pods, https pods won't be able
to play videos from http pod (insecure requests).
Diffstat (limited to 'server/middlewares')
-rw-r--r-- | server/middlewares/pods.js | 50 | ||||
-rw-r--r-- | server/middlewares/secure.js | 14 | ||||
-rw-r--r-- | server/middlewares/validators/pods.js | 4 | ||||
-rw-r--r-- | server/middlewares/validators/remote.js | 4 |
4 files changed, 33 insertions, 39 deletions
diff --git a/server/middlewares/pods.js b/server/middlewares/pods.js index 6e0874a76..487ea1259 100644 --- a/server/middlewares/pods.js +++ b/server/middlewares/pods.js | |||
@@ -1,38 +1,36 @@ | |||
1 | 'use strict' | 1 | 'use strict' |
2 | 2 | ||
3 | const urlModule = require('url') | 3 | const constants = require('../initializers/constants') |
4 | |||
5 | const logger = require('../helpers/logger') | ||
6 | 4 | ||
7 | const podsMiddleware = { | 5 | const podsMiddleware = { |
8 | setBodyUrlsPort, | 6 | setBodyHostsPort, |
9 | setBodyUrlPort | 7 | setBodyHostPort |
10 | } | 8 | } |
11 | 9 | ||
12 | function setBodyUrlsPort (req, res, next) { | 10 | function setBodyHostsPort (req, res, next) { |
13 | for (let i = 0; i < req.body.urls.length; i++) { | 11 | for (let i = 0; i < req.body.hosts.length; i++) { |
14 | const urlWithPort = getUrlWithPort(req.body.urls[i]) | 12 | const hostWithPort = getHostWithPort(req.body.hosts[i]) |
15 | 13 | ||
16 | // Problem with the url parsing? | 14 | // Problem with the url parsing? |
17 | if (urlWithPort === null) { | 15 | if (hostWithPort === null) { |
18 | return res.sendStatus(500) | 16 | return res.sendStatus(500) |
19 | } | 17 | } |
20 | 18 | ||
21 | req.body.urls[i] = urlWithPort | 19 | req.body.hosts[i] = hostWithPort |
22 | } | 20 | } |
23 | 21 | ||
24 | return next() | 22 | return next() |
25 | } | 23 | } |
26 | 24 | ||
27 | function setBodyUrlPort (req, res, next) { | 25 | function setBodyHostPort (req, res, next) { |
28 | const urlWithPort = getUrlWithPort(req.body.url) | 26 | const hostWithPort = getHostWithPort(req.body.host) |
29 | 27 | ||
30 | // Problem with the url parsing? | 28 | // Problem with the url parsing? |
31 | if (urlWithPort === null) { | 29 | if (hostWithPort === null) { |
32 | return res.sendStatus(500) | 30 | return res.sendStatus(500) |
33 | } | 31 | } |
34 | 32 | ||
35 | req.body.url = urlWithPort | 33 | req.body.host = hostWithPort |
36 | 34 | ||
37 | return next() | 35 | return next() |
38 | } | 36 | } |
@@ -43,20 +41,16 @@ module.exports = podsMiddleware | |||
43 | 41 | ||
44 | // --------------------------------------------------------------------------- | 42 | // --------------------------------------------------------------------------- |
45 | 43 | ||
46 | function getUrlWithPort (url) { | 44 | function getHostWithPort (host) { |
47 | const urlObj = urlModule.parse(url) | 45 | const splitted = host.split(':') |
48 | 46 | ||
49 | // Add the port if it is not specified | 47 | console.log(splitted) |
50 | if (urlObj.port === null) { | 48 | // The port was not specified |
51 | if (urlObj.protocol === 'http:') { | 49 | if (splitted.length === 1) { |
52 | return url + ':80' | 50 | if (constants.REMOTE_SCHEME.HTTP === 'https') return host + ':443' |
53 | } else if (urlObj.protocol === 'https:') { | 51 | |
54 | return url + ':443' | 52 | return host + ':80' |
55 | } else { | ||
56 | logger.error('Unknown url protocol: ' + urlObj.protocol) | ||
57 | return null | ||
58 | } | ||
59 | } | 53 | } |
60 | 54 | ||
61 | return url | 55 | return host |
62 | } | 56 | } |
diff --git a/server/middlewares/secure.js b/server/middlewares/secure.js index 58f824d14..fd5bc51d6 100644 --- a/server/middlewares/secure.js +++ b/server/middlewares/secure.js | |||
@@ -12,27 +12,27 @@ const secureMiddleware = { | |||
12 | } | 12 | } |
13 | 13 | ||
14 | function checkSignature (req, res, next) { | 14 | function checkSignature (req, res, next) { |
15 | const url = req.body.signature.url | 15 | const host = req.body.signature.host |
16 | Pod.loadByUrl(url, function (err, pod) { | 16 | Pod.loadByHost(host, function (err, pod) { |
17 | if (err) { | 17 | if (err) { |
18 | logger.error('Cannot get signed url in decryptBody.', { error: err }) | 18 | logger.error('Cannot get signed host in decryptBody.', { error: err }) |
19 | return res.sendStatus(500) | 19 | return res.sendStatus(500) |
20 | } | 20 | } |
21 | 21 | ||
22 | if (pod === null) { | 22 | if (pod === null) { |
23 | logger.error('Unknown pod %s.', url) | 23 | logger.error('Unknown pod %s.', host) |
24 | return res.sendStatus(403) | 24 | return res.sendStatus(403) |
25 | } | 25 | } |
26 | 26 | ||
27 | logger.debug('Decrypting body from %s.', url) | 27 | logger.debug('Decrypting body from %s.', host) |
28 | 28 | ||
29 | const signatureOk = peertubeCrypto.checkSignature(pod.publicKey, url, req.body.signature.signature) | 29 | const signatureOk = peertubeCrypto.checkSignature(pod.publicKey, host, req.body.signature.signature) |
30 | 30 | ||
31 | if (signatureOk === true) { | 31 | if (signatureOk === true) { |
32 | return next() | 32 | return next() |
33 | } | 33 | } |
34 | 34 | ||
35 | logger.error('Signature is not okay in decryptBody for %s.', req.body.signature.url) | 35 | logger.error('Signature is not okay in decryptBody for %s.', req.body.signature.host) |
36 | return res.sendStatus(403) | 36 | return res.sendStatus(403) |
37 | }) | 37 | }) |
38 | } | 38 | } |
diff --git a/server/middlewares/validators/pods.js b/server/middlewares/validators/pods.js index fd3d1e2f2..4f8bad2f9 100644 --- a/server/middlewares/validators/pods.js +++ b/server/middlewares/validators/pods.js | |||
@@ -10,7 +10,7 @@ const validatorsPod = { | |||
10 | } | 10 | } |
11 | 11 | ||
12 | function makeFriends (req, res, next) { | 12 | function makeFriends (req, res, next) { |
13 | req.checkBody('urls', 'Should have an array of unique urls').isEachUniqueUrlValid() | 13 | req.checkBody('hosts', 'Should have an array of unique hosts').isEachUniqueHostValid() |
14 | 14 | ||
15 | logger.debug('Checking makeFriends parameters', { parameters: req.body }) | 15 | logger.debug('Checking makeFriends parameters', { parameters: req.body }) |
16 | 16 | ||
@@ -32,7 +32,7 @@ function makeFriends (req, res, next) { | |||
32 | } | 32 | } |
33 | 33 | ||
34 | function podsAdd (req, res, next) { | 34 | function podsAdd (req, res, next) { |
35 | req.checkBody('url', 'Should have an url').notEmpty().isURL({ require_protocol: true }) | 35 | req.checkBody('host', 'Should have an host').notEmpty().isURL() |
36 | req.checkBody('publicKey', 'Should have a public key').notEmpty() | 36 | req.checkBody('publicKey', 'Should have a public key').notEmpty() |
37 | 37 | ||
38 | // TODO: check we don't have it already | 38 | // TODO: check we don't have it already |
diff --git a/server/middlewares/validators/remote.js b/server/middlewares/validators/remote.js index 8c29ef8ca..c6455e678 100644 --- a/server/middlewares/validators/remote.js +++ b/server/middlewares/validators/remote.js | |||
@@ -27,10 +27,10 @@ function remoteVideos (req, res, next) { | |||
27 | } | 27 | } |
28 | 28 | ||
29 | function signature (req, res, next) { | 29 | function signature (req, res, next) { |
30 | req.checkBody('signature.url', 'Should have a signature url').isURL() | 30 | req.checkBody('signature.host', 'Should have a signature host').isURL() |
31 | req.checkBody('signature.signature', 'Should have a signature').notEmpty() | 31 | req.checkBody('signature.signature', 'Should have a signature').notEmpty() |
32 | 32 | ||
33 | logger.debug('Checking signature parameters', { parameters: { signatureUrl: req.body.signature.url } }) | 33 | logger.debug('Checking signature parameters', { parameters: { signatureHost: req.body.signature.host } }) |
34 | 34 | ||
35 | checkErrors(req, res, next) | 35 | checkErrors(req, res, next) |
36 | } | 36 | } |