aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/middlewares
diff options
context:
space:
mode:
authorChocobozzz <florian.bigard@gmail.com>2016-11-14 20:03:04 +0100
committerChocobozzz <florian.bigard@gmail.com>2016-11-16 20:29:26 +0100
commit49abbbbedca83b9031d3e2eb3ae9ad9b6a7d96ed (patch)
tree68c59d67637a297d513e07ea96ba236a7f0cd43b /server/middlewares
parent41b5da1d8cb41f5c49f0e0a01a54106c9a5925dd (diff)
downloadPeerTube-49abbbbedca83b9031d3e2eb3ae9ad9b6a7d96ed.tar.gz
PeerTube-49abbbbedca83b9031d3e2eb3ae9ad9b6a7d96ed.tar.zst
PeerTube-49abbbbedca83b9031d3e2eb3ae9ad9b6a7d96ed.zip
Pod URL -> pod host. HTTPS is required to make friends.
Reason: in a network with mix http/https pods, https pods won't be able to play videos from http pod (insecure requests).
Diffstat (limited to 'server/middlewares')
-rw-r--r--server/middlewares/pods.js50
-rw-r--r--server/middlewares/secure.js14
-rw-r--r--server/middlewares/validators/pods.js4
-rw-r--r--server/middlewares/validators/remote.js4
4 files changed, 33 insertions, 39 deletions
diff --git a/server/middlewares/pods.js b/server/middlewares/pods.js
index 6e0874a76..487ea1259 100644
--- a/server/middlewares/pods.js
+++ b/server/middlewares/pods.js
@@ -1,38 +1,36 @@
1'use strict' 1'use strict'
2 2
3const urlModule = require('url') 3const constants = require('../initializers/constants')
4
5const logger = require('../helpers/logger')
6 4
7const podsMiddleware = { 5const podsMiddleware = {
8 setBodyUrlsPort, 6 setBodyHostsPort,
9 setBodyUrlPort 7 setBodyHostPort
10} 8}
11 9
12function setBodyUrlsPort (req, res, next) { 10function setBodyHostsPort (req, res, next) {
13 for (let i = 0; i < req.body.urls.length; i++) { 11 for (let i = 0; i < req.body.hosts.length; i++) {
14 const urlWithPort = getUrlWithPort(req.body.urls[i]) 12 const hostWithPort = getHostWithPort(req.body.hosts[i])
15 13
16 // Problem with the url parsing? 14 // Problem with the url parsing?
17 if (urlWithPort === null) { 15 if (hostWithPort === null) {
18 return res.sendStatus(500) 16 return res.sendStatus(500)
19 } 17 }
20 18
21 req.body.urls[i] = urlWithPort 19 req.body.hosts[i] = hostWithPort
22 } 20 }
23 21
24 return next() 22 return next()
25} 23}
26 24
27function setBodyUrlPort (req, res, next) { 25function setBodyHostPort (req, res, next) {
28 const urlWithPort = getUrlWithPort(req.body.url) 26 const hostWithPort = getHostWithPort(req.body.host)
29 27
30 // Problem with the url parsing? 28 // Problem with the url parsing?
31 if (urlWithPort === null) { 29 if (hostWithPort === null) {
32 return res.sendStatus(500) 30 return res.sendStatus(500)
33 } 31 }
34 32
35 req.body.url = urlWithPort 33 req.body.host = hostWithPort
36 34
37 return next() 35 return next()
38} 36}
@@ -43,20 +41,16 @@ module.exports = podsMiddleware
43 41
44// --------------------------------------------------------------------------- 42// ---------------------------------------------------------------------------
45 43
46function getUrlWithPort (url) { 44function getHostWithPort (host) {
47 const urlObj = urlModule.parse(url) 45 const splitted = host.split(':')
48 46
49 // Add the port if it is not specified 47 console.log(splitted)
50 if (urlObj.port === null) { 48 // The port was not specified
51 if (urlObj.protocol === 'http:') { 49 if (splitted.length === 1) {
52 return url + ':80' 50 if (constants.REMOTE_SCHEME.HTTP === 'https') return host + ':443'
53 } else if (urlObj.protocol === 'https:') { 51
54 return url + ':443' 52 return host + ':80'
55 } else {
56 logger.error('Unknown url protocol: ' + urlObj.protocol)
57 return null
58 }
59 } 53 }
60 54
61 return url 55 return host
62} 56}
diff --git a/server/middlewares/secure.js b/server/middlewares/secure.js
index 58f824d14..fd5bc51d6 100644
--- a/server/middlewares/secure.js
+++ b/server/middlewares/secure.js
@@ -12,27 +12,27 @@ const secureMiddleware = {
12} 12}
13 13
14function checkSignature (req, res, next) { 14function checkSignature (req, res, next) {
15 const url = req.body.signature.url 15 const host = req.body.signature.host
16 Pod.loadByUrl(url, function (err, pod) { 16 Pod.loadByHost(host, function (err, pod) {
17 if (err) { 17 if (err) {
18 logger.error('Cannot get signed url in decryptBody.', { error: err }) 18 logger.error('Cannot get signed host in decryptBody.', { error: err })
19 return res.sendStatus(500) 19 return res.sendStatus(500)
20 } 20 }
21 21
22 if (pod === null) { 22 if (pod === null) {
23 logger.error('Unknown pod %s.', url) 23 logger.error('Unknown pod %s.', host)
24 return res.sendStatus(403) 24 return res.sendStatus(403)
25 } 25 }
26 26
27 logger.debug('Decrypting body from %s.', url) 27 logger.debug('Decrypting body from %s.', host)
28 28
29 const signatureOk = peertubeCrypto.checkSignature(pod.publicKey, url, req.body.signature.signature) 29 const signatureOk = peertubeCrypto.checkSignature(pod.publicKey, host, req.body.signature.signature)
30 30
31 if (signatureOk === true) { 31 if (signatureOk === true) {
32 return next() 32 return next()
33 } 33 }
34 34
35 logger.error('Signature is not okay in decryptBody for %s.', req.body.signature.url) 35 logger.error('Signature is not okay in decryptBody for %s.', req.body.signature.host)
36 return res.sendStatus(403) 36 return res.sendStatus(403)
37 }) 37 })
38} 38}
diff --git a/server/middlewares/validators/pods.js b/server/middlewares/validators/pods.js
index fd3d1e2f2..4f8bad2f9 100644
--- a/server/middlewares/validators/pods.js
+++ b/server/middlewares/validators/pods.js
@@ -10,7 +10,7 @@ const validatorsPod = {
10} 10}
11 11
12function makeFriends (req, res, next) { 12function makeFriends (req, res, next) {
13 req.checkBody('urls', 'Should have an array of unique urls').isEachUniqueUrlValid() 13 req.checkBody('hosts', 'Should have an array of unique hosts').isEachUniqueHostValid()
14 14
15 logger.debug('Checking makeFriends parameters', { parameters: req.body }) 15 logger.debug('Checking makeFriends parameters', { parameters: req.body })
16 16
@@ -32,7 +32,7 @@ function makeFriends (req, res, next) {
32} 32}
33 33
34function podsAdd (req, res, next) { 34function podsAdd (req, res, next) {
35 req.checkBody('url', 'Should have an url').notEmpty().isURL({ require_protocol: true }) 35 req.checkBody('host', 'Should have an host').notEmpty().isURL()
36 req.checkBody('publicKey', 'Should have a public key').notEmpty() 36 req.checkBody('publicKey', 'Should have a public key').notEmpty()
37 37
38 // TODO: check we don't have it already 38 // TODO: check we don't have it already
diff --git a/server/middlewares/validators/remote.js b/server/middlewares/validators/remote.js
index 8c29ef8ca..c6455e678 100644
--- a/server/middlewares/validators/remote.js
+++ b/server/middlewares/validators/remote.js
@@ -27,10 +27,10 @@ function remoteVideos (req, res, next) {
27} 27}
28 28
29function signature (req, res, next) { 29function signature (req, res, next) {
30 req.checkBody('signature.url', 'Should have a signature url').isURL() 30 req.checkBody('signature.host', 'Should have a signature host').isURL()
31 req.checkBody('signature.signature', 'Should have a signature').notEmpty() 31 req.checkBody('signature.signature', 'Should have a signature').notEmpty()
32 32
33 logger.debug('Checking signature parameters', { parameters: { signatureUrl: req.body.signature.url } }) 33 logger.debug('Checking signature parameters', { parameters: { signatureHost: req.body.signature.host } })
34 34
35 checkErrors(req, res, next) 35 checkErrors(req, res, next)
36} 36}