aboutsummaryrefslogtreecommitdiffhomepage
path: root/middlewares
diff options
context:
space:
mode:
Diffstat (limited to 'middlewares')
-rw-r--r--middlewares/index.js10
-rw-r--r--middlewares/misc.js19
-rw-r--r--middlewares/reqValidators/index.js6
-rw-r--r--middlewares/reqValidators/pods.js10
-rw-r--r--middlewares/reqValidators/remote.js34
-rw-r--r--middlewares/reqValidators/utils.js11
-rw-r--r--middlewares/reqValidators/videos.js51
7 files changed, 87 insertions, 54 deletions
diff --git a/middlewares/index.js b/middlewares/index.js
index e727202ba..311dfb6d2 100644
--- a/middlewares/index.js
+++ b/middlewares/index.js
@@ -1,10 +1,12 @@
1;(function () { 1;(function () {
2 'use strict' 2 'use strict'
3 3
4 var middleware = { 4 var middlewares = {
5 reqValidators: require('./reqValidators'), 5 misc: require('./misc'),
6 misc: require('./misc') 6 reqValidators: require('./reqValidators')
7 } 7 }
8 8
9 module.exports = middleware 9 // ---------------------------------------------------------------------------
10
11 module.exports = middlewares
10})() 12})()
diff --git a/middlewares/misc.js b/middlewares/misc.js
index f814acd9f..dbb604db3 100644
--- a/middlewares/misc.js
+++ b/middlewares/misc.js
@@ -1,16 +1,19 @@
1;(function () { 1;(function () {
2 'use strict' 2 'use strict'
3 3
4 var ursa = require('ursa')
5 var fs = require('fs') 4 var fs = require('fs')
5 var ursa = require('ursa')
6 6
7 var logger = require('../helpers/logger') 7 var logger = require('../helpers/logger')
8 var utils = require('../helpers/utils')
9 var PodsDB = require('../initializers/database').PodsDB 8 var PodsDB = require('../initializers/database').PodsDB
9 var utils = require('../helpers/utils')
10 10
11 var misc = {} 11 var miscMiddleware = {
12 cache: cache,
13 decryptBody: decryptBody
14 }
12 15
13 misc.cache = function (cache) { 16 function cache (cache) {
14 return function (req, res, next) { 17 return function (req, res, next) {
15 // If we want explicitly a cache 18 // If we want explicitly a cache
16 // Or if we don't specify if we want a cache or no and we are in production 19 // Or if we don't specify if we want a cache or no and we are in production
@@ -24,7 +27,7 @@
24 } 27 }
25 } 28 }
26 29
27 misc.decryptBody = function (req, res, next) { 30 function decryptBody (req, res, next) {
28 PodsDB.findOne({ url: req.body.signature.url }, function (err, pod) { 31 PodsDB.findOne({ url: req.body.signature.url }, function (err, pod) {
29 if (err) { 32 if (err) {
30 logger.error('Cannot get signed url in decryptBody.', { error: err }) 33 logger.error('Cannot get signed url in decryptBody.', { error: err })
@@ -42,7 +45,7 @@
42 var signature_ok = crt.hashAndVerify('sha256', new Buffer(req.body.signature.url).toString('hex'), req.body.signature.signature, 'hex') 45 var signature_ok = crt.hashAndVerify('sha256', new Buffer(req.body.signature.url).toString('hex'), req.body.signature.signature, 'hex')
43 46
44 if (signature_ok === true) { 47 if (signature_ok === true) {
45 var myKey = ursa.createPrivateKey(fs.readFileSync(utils.certDir + 'peertube.key.pem')) 48 var myKey = ursa.createPrivateKey(fs.readFileSync(utils.getCertDir() + 'peertube.key.pem'))
46 var decryptedKey = myKey.decrypt(req.body.key, 'hex', 'utf8') 49 var decryptedKey = myKey.decrypt(req.body.key, 'hex', 'utf8')
47 req.body.data = JSON.parse(utils.symetricDecrypt(req.body.data, decryptedKey)) 50 req.body.data = JSON.parse(utils.symetricDecrypt(req.body.data, decryptedKey))
48 delete req.body.key 51 delete req.body.key
@@ -55,5 +58,7 @@
55 }) 58 })
56 } 59 }
57 60
58 module.exports = misc 61 // ---------------------------------------------------------------------------
62
63 module.exports = miscMiddleware
59})() 64})()
diff --git a/middlewares/reqValidators/index.js b/middlewares/reqValidators/index.js
index 1ea611031..34d34013c 100644
--- a/middlewares/reqValidators/index.js
+++ b/middlewares/reqValidators/index.js
@@ -1,11 +1,13 @@
1;(function () { 1;(function () {
2 'use strict' 2 'use strict'
3 3
4 var reqValidator = { 4 var reqValidators = {
5 videos: require('./videos'), 5 videos: require('./videos'),
6 pods: require('./pods'), 6 pods: require('./pods'),
7 remote: require('./remote') 7 remote: require('./remote')
8 } 8 }
9 9
10 module.exports = reqValidator 10 // ---------------------------------------------------------------------------
11
12 module.exports = reqValidators
11})() 13})()
diff --git a/middlewares/reqValidators/pods.js b/middlewares/reqValidators/pods.js
index 0d023842d..6ccfd7361 100644
--- a/middlewares/reqValidators/pods.js
+++ b/middlewares/reqValidators/pods.js
@@ -4,9 +4,11 @@
4 var checkErrors = require('./utils').checkErrors 4 var checkErrors = require('./utils').checkErrors
5 var logger = require('../../helpers/logger') 5 var logger = require('../../helpers/logger')
6 6
7 var pods = {} 7 var reqValidatorsPod = {
8 podsAdd: podsAdd
9 }
8 10
9 pods.podsAdd = function (req, res, next) { 11 function podsAdd (req, res, next) {
10 req.checkBody('data.url', 'Should have an url').notEmpty().isURL({ require_protocol: true }) 12 req.checkBody('data.url', 'Should have an url').notEmpty().isURL({ require_protocol: true })
11 req.checkBody('data.publicKey', 'Should have a public key').notEmpty() 13 req.checkBody('data.publicKey', 'Should have a public key').notEmpty()
12 14
@@ -15,5 +17,7 @@
15 checkErrors(req, res, next) 17 checkErrors(req, res, next)
16 } 18 }
17 19
18 module.exports = pods 20 // ---------------------------------------------------------------------------
21
22 module.exports = reqValidatorsPod
19})() 23})()
diff --git a/middlewares/reqValidators/remote.js b/middlewares/reqValidators/remote.js
index 4b161e292..9b61481ad 100644
--- a/middlewares/reqValidators/remote.js
+++ b/middlewares/reqValidators/remote.js
@@ -4,20 +4,13 @@
4 var checkErrors = require('./utils').checkErrors 4 var checkErrors = require('./utils').checkErrors
5 var logger = require('../../helpers/logger') 5 var logger = require('../../helpers/logger')
6 6
7 var remote = {} 7 var reqValidatorsRemote = {
8 8 remoteVideosAdd: remoteVideosAdd,
9 remote.secureRequest = function (req, res, next) { 9 remoteVideosRemove: remoteVideosRemove,
10 req.checkBody('signature.url', 'Should have a signature url').isURL() 10 secureRequest: secureRequest
11 req.checkBody('signature.signature', 'Should have a signature').notEmpty()
12 req.checkBody('key', 'Should have a key').notEmpty()
13 req.checkBody('data', 'Should have data').notEmpty()
14
15 logger.debug('Checking secureRequest parameters', { parameters: { data: req.body.data, keyLength: req.body.key.length } })
16
17 checkErrors(req, res, next)
18 } 11 }
19 12
20 remote.remoteVideosAdd = function (req, res, next) { 13 function remoteVideosAdd (req, res, next) {
21 req.checkBody('data').isArray() 14 req.checkBody('data').isArray()
22 req.checkBody('data').eachIsRemoteVideosAddValid() 15 req.checkBody('data').eachIsRemoteVideosAddValid()
23 16
@@ -26,7 +19,7 @@
26 checkErrors(req, res, next) 19 checkErrors(req, res, next)
27 } 20 }
28 21
29 remote.remoteVideosRemove = function (req, res, next) { 22 function remoteVideosRemove (req, res, next) {
30 req.checkBody('data').isArray() 23 req.checkBody('data').isArray()
31 req.checkBody('data').eachIsRemoteVideosRemoveValid() 24 req.checkBody('data').eachIsRemoteVideosRemoveValid()
32 25
@@ -35,5 +28,18 @@
35 checkErrors(req, res, next) 28 checkErrors(req, res, next)
36 } 29 }
37 30
38 module.exports = remote 31 function secureRequest (req, res, next) {
32 req.checkBody('signature.url', 'Should have a signature url').isURL()
33 req.checkBody('signature.signature', 'Should have a signature').notEmpty()
34 req.checkBody('key', 'Should have a key').notEmpty()
35 req.checkBody('data', 'Should have data').notEmpty()
36
37 logger.debug('Checking secureRequest parameters', { parameters: { data: req.body.data, keyLength: req.body.key.length } })
38
39 checkErrors(req, res, next)
40 }
41
42 // ---------------------------------------------------------------------------
43
44 module.exports = reqValidatorsRemote
39})() 45})()
diff --git a/middlewares/reqValidators/utils.js b/middlewares/reqValidators/utils.js
index 5bc9f4f0b..c88f6df2e 100644
--- a/middlewares/reqValidators/utils.js
+++ b/middlewares/reqValidators/utils.js
@@ -2,11 +2,14 @@
2 'use strict' 2 'use strict'
3 3
4 var util = require('util') 4 var util = require('util')
5
5 var logger = require('../../helpers/logger') 6 var logger = require('../../helpers/logger')
6 7
7 var utils = {} 8 var reqValidatorsUtils = {
9 checkErrors: checkErrors
10 }
8 11
9 utils.checkErrors = function (req, res, next, status_code) { 12 function checkErrors (req, res, next, status_code) {
10 if (status_code === undefined) status_code = 400 13 if (status_code === undefined) status_code = 400
11 var errors = req.validationErrors() 14 var errors = req.validationErrors()
12 15
@@ -18,5 +21,7 @@
18 return next() 21 return next()
19 } 22 }
20 23
21 module.exports = utils 24 // ---------------------------------------------------------------------------
25
26 module.exports = reqValidatorsUtils
22})() 27})()
diff --git a/middlewares/reqValidators/videos.js b/middlewares/reqValidators/videos.js
index a34445f7a..3479c47c3 100644
--- a/middlewares/reqValidators/videos.js
+++ b/middlewares/reqValidators/videos.js
@@ -2,28 +2,17 @@
2 'use strict' 2 'use strict'
3 3
4 var checkErrors = require('./utils').checkErrors 4 var checkErrors = require('./utils').checkErrors
5 var VideosDB = require('../../initializers/database').VideosDB
6 var logger = require('../../helpers/logger') 5 var logger = require('../../helpers/logger')
6 var VideosDB = require('../../initializers/database').VideosDB
7 7
8 var videos = {} 8 var reqValidatorsVideos = {
9 9 videosAdd: videosAdd,
10 function findVideoById (id, callback) { 10 videosGet: videosGet,
11 VideosDB.findById(id, { _id: 1, namePath: 1 }).limit(1).exec(function (err, video) { 11 videosRemove: videosRemove,
12 if (err) throw err 12 videosSearch: videosSearch
13
14 callback(video)
15 })
16 }
17
18 videos.videosSearch = function (req, res, next) {
19 req.checkParams('name', 'Should have a name').notEmpty()
20
21 logger.debug('Checking videosSearch parameters', { parameters: req.params })
22
23 checkErrors(req, res, next)
24 } 13 }
25 14
26 videos.videosAdd = function (req, res, next) { 15 function videosAdd (req, res, next) {
27 req.checkFiles('input_video[0].originalname', 'Should have an input video').notEmpty() 16 req.checkFiles('input_video[0].originalname', 'Should have an input video').notEmpty()
28 req.checkFiles('input_video[0].mimetype', 'Should have a correct mime type').matches(/video\/(webm)|(mp4)|(ogg)/i) 17 req.checkFiles('input_video[0].mimetype', 'Should have a correct mime type').matches(/video\/(webm)|(mp4)|(ogg)/i)
29 req.checkBody('name', 'Should have a name').isLength(1, 50) 18 req.checkBody('name', 'Should have a name').isLength(1, 50)
@@ -34,7 +23,7 @@
34 checkErrors(req, res, next) 23 checkErrors(req, res, next)
35 } 24 }
36 25
37 videos.videosGet = function (req, res, next) { 26 function videosGet (req, res, next) {
38 req.checkParams('id', 'Should have a valid id').notEmpty().isMongoId() 27 req.checkParams('id', 'Should have a valid id').notEmpty().isMongoId()
39 28
40 logger.debug('Checking videosGet parameters', { parameters: req.params }) 29 logger.debug('Checking videosGet parameters', { parameters: req.params })
@@ -48,7 +37,7 @@
48 }) 37 })
49 } 38 }
50 39
51 videos.videosRemove = function (req, res, next) { 40 function videosRemove (req, res, next) {
52 req.checkParams('id', 'Should have a valid id').notEmpty().isMongoId() 41 req.checkParams('id', 'Should have a valid id').notEmpty().isMongoId()
53 42
54 logger.debug('Checking videosRemove parameters', { parameters: req.params }) 43 logger.debug('Checking videosRemove parameters', { parameters: req.params })
@@ -63,5 +52,25 @@
63 }) 52 })
64 } 53 }
65 54
66 module.exports = videos 55 function videosSearch (req, res, next) {
56 req.checkParams('name', 'Should have a name').notEmpty()
57
58 logger.debug('Checking videosSearch parameters', { parameters: req.params })
59
60 checkErrors(req, res, next)
61 }
62
63 // ---------------------------------------------------------------------------
64
65 module.exports = reqValidatorsVideos
66
67 // ---------------------------------------------------------------------------
68
69 function findVideoById (id, callback) {
70 VideosDB.findById(id, { _id: 1, namePath: 1 }).limit(1).exec(function (err, video) {
71 if (err) throw err
72
73 callback(video)
74 })
75 }
67})() 76})()