diff options
Diffstat (limited to 'server.ts')
-rw-r--r-- | server.ts | 9 |
1 files changed, 7 insertions, 2 deletions
@@ -28,7 +28,7 @@ import { checkMissedConfig, checkFFmpeg } from './server/initializers/checker-be | |||
28 | 28 | ||
29 | // Do not use barrels because we don't want to load all modules here (we need to initialize database first) | 29 | // Do not use barrels because we don't want to load all modules here (we need to initialize database first) |
30 | import { logger } from './server/helpers/logger' | 30 | import { logger } from './server/helpers/logger' |
31 | import { API_VERSION, CONFIG, CACHE } from './server/initializers/constants' | 31 | import { API_VERSION, CONFIG, CACHE, HTTP_SIGNATURE } from './server/initializers/constants' |
32 | 32 | ||
33 | const missed = checkMissedConfig() | 33 | const missed = checkMissedConfig() |
34 | if (missed.length !== 0) { | 34 | if (missed.length !== 0) { |
@@ -96,6 +96,7 @@ import { RemoveOldJobsScheduler } from './server/lib/schedulers/remove-old-jobs- | |||
96 | import { UpdateVideosScheduler } from './server/lib/schedulers/update-videos-scheduler' | 96 | import { UpdateVideosScheduler } from './server/lib/schedulers/update-videos-scheduler' |
97 | import { YoutubeDlUpdateScheduler } from './server/lib/schedulers/youtube-dl-update-scheduler' | 97 | import { YoutubeDlUpdateScheduler } from './server/lib/schedulers/youtube-dl-update-scheduler' |
98 | import { VideosRedundancyScheduler } from './server/lib/schedulers/videos-redundancy-scheduler' | 98 | import { VideosRedundancyScheduler } from './server/lib/schedulers/videos-redundancy-scheduler' |
99 | import { isHTTPSignatureDigestValid } from './server/helpers/peertube-crypto' | ||
99 | 100 | ||
100 | // ----------- Command line ----------- | 101 | // ----------- Command line ----------- |
101 | 102 | ||
@@ -131,7 +132,11 @@ app.use(morgan('combined', { | |||
131 | app.use(bodyParser.urlencoded({ extended: false })) | 132 | app.use(bodyParser.urlencoded({ extended: false })) |
132 | app.use(bodyParser.json({ | 133 | app.use(bodyParser.json({ |
133 | type: [ 'application/json', 'application/*+json' ], | 134 | type: [ 'application/json', 'application/*+json' ], |
134 | limit: '500kb' | 135 | limit: '500kb', |
136 | verify: (req: express.Request, _, buf: Buffer, encoding: string) => { | ||
137 | const valid = isHTTPSignatureDigestValid(buf, req) | ||
138 | if (valid !== true) throw new Error('Invalid digest') | ||
139 | } | ||
135 | })) | 140 | })) |
136 | // Cookies | 141 | // Cookies |
137 | app.use(cookieParser()) | 142 | app.use(cookieParser()) |