Server: forbid to make friends with a non https server

author: Chocobozzz <florian.bigard@gmail.com> 2016-11-16 20:22:17 +0100
committer: Chocobozzz <florian.bigard@gmail.com> 2016-11-16 20:29:26 +0100
commit: 441b66f80923d1f574a74582f1fb9306b99fc12a (patch)
tree: ed8a853b9df3666772ec4c027a03c7e05651423c /server
parent: 9c89a45cb2a7bb46e68fb084723a2046b12c7617 (diff)
download: PeerTube-441b66f80923d1f574a74582f1fb9306b99fc12a.tar.gz
PeerTube-441b66f80923d1f574a74582f1fb9306b99fc12a.tar.zst
PeerTube-441b66f80923d1f574a74582f1fb9306b99fc12a.zip
3 files changed, 15 insertions, 2 deletions
diff --git a/server/helpers/utils.js b/server/helpers/utils.js
index 9c2d402e3..9f27671b6 100644
--- a/server/helpers/utils.js
+++ b/server/helpers/utils.js
@@ -6,7 +6,8 @@ const logger = require('./logger')
 const utils = {
  cleanForExit,
-  generateRandomString
+  generateRandomString,
+  isTestInstance
 }
 function generateRandomString (size, callback) {
@@ -22,6 +23,10 @@ function cleanForExit (webtorrentProcess) {
  process.kill(-webtorrentProcess.pid)
 }
+function isTestInstance () {
+  return (process.env.NODE_ENV === 'test')
+}
 // ---------------------------------------------------------------------------
 module.exports = utils
diff --git a/server/initializers/constants.js b/server/initializers/constants.js
index 40e1c5381..3ddf87454 100644
--- a/server/initializers/constants.js
+++ b/server/initializers/constants.js
@@ -152,7 +152,7 @@ const REQUEST_ENDPOINTS = {
 const REMOTE_SCHEME = {
  HTTP: 'https',
-  WS: 'WS'
+  WS: 'wss'
 }
 // Password encryption
@@ -220,6 +220,7 @@ module.exports = {
 // ---------------------------------------------------------------------------
+// This method exists in utils module but we want to let the constants module independent
 function isTestInstance () {
  return (process.env.NODE_ENV === 'test')
 }
diff --git a/server/middlewares/validators/pods.js b/server/middlewares/validators/pods.js
index 4f8bad2f9..0723871b2 100644
--- a/server/middlewares/validators/pods.js
+++ b/server/middlewares/validators/pods.js
@@ -1,8 +1,10 @@
 'use strict'
 const checkErrors = require('./utils').checkErrors
+const constants = require('../../initializers/constants')
 const friends = require('../../lib/friends')
 const logger = require('../../helpers/logger')
+const utils = require('../../helpers/utils')
 const validatorsPod = {
  makeFriends,
@@ -10,6 +12,11 @@ const validatorsPod = {
 }
 function makeFriends (req, res, next) {
+  // Force https if the administrator wants to make friends
+  if (utils.isTestInstance() === false && constants.CONFIG.WEBSERVER.SCHEME === 'http') {
+    return res.status(400).send('Cannot make friends with a non HTTPS webserver.')
+  }
  req.checkBody('hosts', 'Should have an array of unique hosts').isEachUniqueHostValid()
  logger.debug('Checking makeFriends parameters', { parameters: req.body })
author	Chocobozzz <florian.bigard@gmail.com>	2016-11-16 20:22:17 +0100
committer	Chocobozzz <florian.bigard@gmail.com>	2016-11-16 20:29:26 +0100
commit	441b66f80923d1f574a74582f1fb9306b99fc12a (patch)
tree	ed8a853b9df3666772ec4c027a03c7e05651423c /server
parent	9c89a45cb2a7bb46e68fb084723a2046b12c7617 (diff)
download	PeerTube-441b66f80923d1f574a74582f1fb9306b99fc12a.tar.gz PeerTube-441b66f80923d1f574a74582f1fb9306b99fc12a.tar.zst PeerTube-441b66f80923d1f574a74582f1fb9306b99fc12a.zip