diff options
Diffstat (limited to 'server/initializers')
| -rw-r--r-- | server/initializers/checker-after-init.ts | 7 | ||||
| -rw-r--r-- | server/initializers/checker-before-init.ts | 3 | ||||
| -rw-r--r-- | server/initializers/config.ts | 6 | ||||
| -rw-r--r-- | server/initializers/constants.ts | 23 | ||||
| -rw-r--r-- | server/initializers/migrations/0745-user-otp.ts | 29 |
5 files changed, 63 insertions, 5 deletions
diff --git a/server/initializers/checker-after-init.ts b/server/initializers/checker-after-init.ts index 42839d1c9..c83fef425 100644 --- a/server/initializers/checker-after-init.ts +++ b/server/initializers/checker-after-init.ts | |||
| @@ -42,6 +42,7 @@ function checkConfig () { | |||
| 42 | logger.warn('services.csp-logger configuration has been renamed to csp.report_uri. Please update your configuration file.') | 42 | logger.warn('services.csp-logger configuration has been renamed to csp.report_uri. Please update your configuration file.') |
| 43 | } | 43 | } |
| 44 | 44 | ||
| 45 | checkSecretsConfig() | ||
| 45 | checkEmailConfig() | 46 | checkEmailConfig() |
| 46 | checkNSFWPolicyConfig() | 47 | checkNSFWPolicyConfig() |
| 47 | checkLocalRedundancyConfig() | 48 | checkLocalRedundancyConfig() |
| @@ -103,6 +104,12 @@ export { | |||
| 103 | 104 | ||
| 104 | // --------------------------------------------------------------------------- | 105 | // --------------------------------------------------------------------------- |
| 105 | 106 | ||
| 107 | function checkSecretsConfig () { | ||
| 108 | if (!CONFIG.SECRETS.PEERTUBE) { | ||
| 109 | throw new Error('secrets.peertube is missing in config. Generate one using `openssl rand -hex 32`') | ||
| 110 | } | ||
| 111 | } | ||
| 112 | |||
| 106 | function checkEmailConfig () { | 113 | function checkEmailConfig () { |
| 107 | if (!isEmailEnabled()) { | 114 | if (!isEmailEnabled()) { |
| 108 | if (CONFIG.SIGNUP.ENABLED && CONFIG.SIGNUP.REQUIRES_EMAIL_VERIFICATION) { | 115 | if (CONFIG.SIGNUP.ENABLED && CONFIG.SIGNUP.REQUIRES_EMAIL_VERIFICATION) { |
diff --git a/server/initializers/checker-before-init.ts b/server/initializers/checker-before-init.ts index 3188903be..c9268b156 100644 --- a/server/initializers/checker-before-init.ts +++ b/server/initializers/checker-before-init.ts | |||
| @@ -11,12 +11,13 @@ const config: IConfig = require('config') | |||
| 11 | function checkMissedConfig () { | 11 | function checkMissedConfig () { |
| 12 | const required = [ 'listen.port', 'listen.hostname', | 12 | const required = [ 'listen.port', 'listen.hostname', |
| 13 | 'webserver.https', 'webserver.hostname', 'webserver.port', | 13 | 'webserver.https', 'webserver.hostname', 'webserver.port', |
| 14 | 'secrets.peertube', | ||
| 14 | 'trust_proxy', | 15 | 'trust_proxy', |
| 15 | 'database.hostname', 'database.port', 'database.username', 'database.password', 'database.pool.max', | 16 | 'database.hostname', 'database.port', 'database.username', 'database.password', 'database.pool.max', |
| 16 | 'smtp.hostname', 'smtp.port', 'smtp.username', 'smtp.password', 'smtp.tls', 'smtp.from_address', | 17 | 'smtp.hostname', 'smtp.port', 'smtp.username', 'smtp.password', 'smtp.tls', 'smtp.from_address', |
| 17 | 'email.body.signature', 'email.subject.prefix', | 18 | 'email.body.signature', 'email.subject.prefix', |
| 18 | 'storage.avatars', 'storage.videos', 'storage.logs', 'storage.previews', 'storage.thumbnails', 'storage.torrents', 'storage.cache', | 19 | 'storage.avatars', 'storage.videos', 'storage.logs', 'storage.previews', 'storage.thumbnails', 'storage.torrents', 'storage.cache', |
| 19 | 'storage.redundancy', 'storage.tmp', 'storage.streaming_playlists', 'storage.plugins', | 20 | 'storage.redundancy', 'storage.tmp', 'storage.streaming_playlists', 'storage.plugins', 'storage.well_known', |
| 20 | 'log.level', | 21 | 'log.level', |
| 21 | 'user.video_quota', 'user.video_quota_daily', | 22 | 'user.video_quota', 'user.video_quota_daily', |
| 22 | 'video_channels.max_per_user', | 23 | 'video_channels.max_per_user', |
diff --git a/server/initializers/config.ts b/server/initializers/config.ts index 2c92bea22..a5a0d4e46 100644 --- a/server/initializers/config.ts +++ b/server/initializers/config.ts | |||
| @@ -20,6 +20,9 @@ const CONFIG = { | |||
| 20 | PORT: config.get<number>('listen.port'), | 20 | PORT: config.get<number>('listen.port'), |
| 21 | HOSTNAME: config.get<string>('listen.hostname') | 21 | HOSTNAME: config.get<string>('listen.hostname') |
| 22 | }, | 22 | }, |
| 23 | SECRETS: { | ||
| 24 | PEERTUBE: config.get<string>('secrets.peertube') | ||
| 25 | }, | ||
| 23 | DATABASE: { | 26 | DATABASE: { |
| 24 | DBNAME: config.has('database.name') ? config.get<string>('database.name') : 'peertube' + config.get<string>('database.suffix'), | 27 | DBNAME: config.has('database.name') ? config.get<string>('database.name') : 'peertube' + config.get<string>('database.suffix'), |
| 25 | HOSTNAME: config.get<string>('database.hostname'), | 28 | HOSTNAME: config.get<string>('database.hostname'), |
| @@ -107,7 +110,8 @@ const CONFIG = { | |||
| 107 | TORRENTS_DIR: buildPath(config.get<string>('storage.torrents')), | 110 | TORRENTS_DIR: buildPath(config.get<string>('storage.torrents')), |
| 108 | CACHE_DIR: buildPath(config.get<string>('storage.cache')), | 111 | CACHE_DIR: buildPath(config.get<string>('storage.cache')), |
| 109 | PLUGINS_DIR: buildPath(config.get<string>('storage.plugins')), | 112 | PLUGINS_DIR: buildPath(config.get<string>('storage.plugins')), |
| 110 | CLIENT_OVERRIDES_DIR: buildPath(config.get<string>('storage.client_overrides')) | 113 | CLIENT_OVERRIDES_DIR: buildPath(config.get<string>('storage.client_overrides')), |
| 114 | WELL_KNOWN_DIR: buildPath(config.get<string>('storage.well_known')) | ||
| 111 | }, | 115 | }, |
| 112 | OBJECT_STORAGE: { | 116 | OBJECT_STORAGE: { |
| 113 | ENABLED: config.get<boolean>('object_storage.enabled'), | 117 | ENABLED: config.get<boolean>('object_storage.enabled'), |
diff --git a/server/initializers/constants.ts b/server/initializers/constants.ts index 7039ab457..cab61948a 100644 --- a/server/initializers/constants.ts +++ b/server/initializers/constants.ts | |||
| @@ -1,5 +1,5 @@ | |||
| 1 | import { RepeatOptions } from 'bullmq' | 1 | import { RepeatOptions } from 'bullmq' |
| 2 | import { randomBytes } from 'crypto' | 2 | import { Encoding, randomBytes } from 'crypto' |
| 3 | import { invert } from 'lodash' | 3 | import { invert } from 'lodash' |
| 4 | import { join } from 'path' | 4 | import { join } from 'path' |
| 5 | import { randomInt, root } from '@shared/core-utils' | 5 | import { randomInt, root } from '@shared/core-utils' |
| @@ -25,7 +25,7 @@ import { CONFIG, registerConfigChangedHandler } from './config' | |||
| 25 | 25 | ||
| 26 | // --------------------------------------------------------------------------- | 26 | // --------------------------------------------------------------------------- |
| 27 | 27 | ||
| 28 | const LAST_MIGRATION_VERSION = 740 | 28 | const LAST_MIGRATION_VERSION = 745 |
| 29 | 29 | ||
| 30 | // --------------------------------------------------------------------------- | 30 | // --------------------------------------------------------------------------- |
| 31 | 31 | ||
| @@ -116,7 +116,8 @@ const ROUTE_CACHE_LIFETIME = { | |||
| 116 | ACTIVITY_PUB: { | 116 | ACTIVITY_PUB: { |
| 117 | VIDEOS: '1 second' // 1 second, cache concurrent requests after a broadcast for example | 117 | VIDEOS: '1 second' // 1 second, cache concurrent requests after a broadcast for example |
| 118 | }, | 118 | }, |
| 119 | STATS: '4 hours' | 119 | STATS: '4 hours', |
| 120 | WELL_KNOWN: '1 day' | ||
| 120 | } | 121 | } |
| 121 | 122 | ||
| 122 | // --------------------------------------------------------------------------- | 123 | // --------------------------------------------------------------------------- |
| @@ -636,9 +637,18 @@ let PRIVATE_RSA_KEY_SIZE = 2048 | |||
| 636 | // Password encryption | 637 | // Password encryption |
| 637 | const BCRYPT_SALT_SIZE = 10 | 638 | const BCRYPT_SALT_SIZE = 10 |
| 638 | 639 | ||
| 640 | const ENCRYPTION = { | ||
| 641 | ALGORITHM: 'aes-256-cbc', | ||
| 642 | IV: 16, | ||
| 643 | SALT: 'peertube', | ||
| 644 | ENCODING: 'hex' as Encoding | ||
| 645 | } | ||
| 646 | |||
| 639 | const USER_PASSWORD_RESET_LIFETIME = 60000 * 60 // 60 minutes | 647 | const USER_PASSWORD_RESET_LIFETIME = 60000 * 60 // 60 minutes |
| 640 | const USER_PASSWORD_CREATE_LIFETIME = 60000 * 60 * 24 * 7 // 7 days | 648 | const USER_PASSWORD_CREATE_LIFETIME = 60000 * 60 * 24 * 7 // 7 days |
| 641 | 649 | ||
| 650 | const TWO_FACTOR_AUTH_REQUEST_TOKEN_LIFETIME = 60000 * 10 // 10 minutes | ||
| 651 | |||
| 642 | const USER_EMAIL_VERIFY_LIFETIME = 60000 * 60 // 60 minutes | 652 | const USER_EMAIL_VERIFY_LIFETIME = 60000 * 60 // 60 minutes |
| 643 | 653 | ||
| 644 | const NSFW_POLICY_TYPES: { [ id: string ]: NSFWPolicyType } = { | 654 | const NSFW_POLICY_TYPES: { [ id: string ]: NSFWPolicyType } = { |
| @@ -804,6 +814,10 @@ const REDUNDANCY = { | |||
| 804 | } | 814 | } |
| 805 | 815 | ||
| 806 | const ACCEPT_HEADERS = [ 'html', 'application/json' ].concat(ACTIVITY_PUB.POTENTIAL_ACCEPT_HEADERS) | 816 | const ACCEPT_HEADERS = [ 'html', 'application/json' ].concat(ACTIVITY_PUB.POTENTIAL_ACCEPT_HEADERS) |
| 817 | const OTP = { | ||
| 818 | HEADER_NAME: 'x-peertube-otp', | ||
| 819 | HEADER_REQUIRED_VALUE: 'required; app' | ||
| 820 | } | ||
| 807 | 821 | ||
| 808 | const ASSETS_PATH = { | 822 | const ASSETS_PATH = { |
| 809 | DEFAULT_AUDIO_BACKGROUND: join(root(), 'dist', 'server', 'assets', 'default-audio-background.jpg'), | 823 | DEFAULT_AUDIO_BACKGROUND: join(root(), 'dist', 'server', 'assets', 'default-audio-background.jpg'), |
| @@ -952,6 +966,7 @@ const VIDEO_FILTERS = { | |||
| 952 | export { | 966 | export { |
| 953 | WEBSERVER, | 967 | WEBSERVER, |
| 954 | API_VERSION, | 968 | API_VERSION, |
| 969 | ENCRYPTION, | ||
| 955 | VIDEO_LIVE, | 970 | VIDEO_LIVE, |
| 956 | PEERTUBE_VERSION, | 971 | PEERTUBE_VERSION, |
| 957 | LAZY_STATIC_PATHS, | 972 | LAZY_STATIC_PATHS, |
| @@ -985,6 +1000,7 @@ export { | |||
| 985 | FOLLOW_STATES, | 1000 | FOLLOW_STATES, |
| 986 | DEFAULT_USER_THEME_NAME, | 1001 | DEFAULT_USER_THEME_NAME, |
| 987 | SERVER_ACTOR_NAME, | 1002 | SERVER_ACTOR_NAME, |
| 1003 | TWO_FACTOR_AUTH_REQUEST_TOKEN_LIFETIME, | ||
| 988 | PLUGIN_GLOBAL_CSS_FILE_NAME, | 1004 | PLUGIN_GLOBAL_CSS_FILE_NAME, |
| 989 | PLUGIN_GLOBAL_CSS_PATH, | 1005 | PLUGIN_GLOBAL_CSS_PATH, |
| 990 | PRIVATE_RSA_KEY_SIZE, | 1006 | PRIVATE_RSA_KEY_SIZE, |
| @@ -1040,6 +1056,7 @@ export { | |||
| 1040 | PLUGIN_EXTERNAL_AUTH_TOKEN_LIFETIME, | 1056 | PLUGIN_EXTERNAL_AUTH_TOKEN_LIFETIME, |
| 1041 | ASSETS_PATH, | 1057 | ASSETS_PATH, |
| 1042 | FILES_CONTENT_HASH, | 1058 | FILES_CONTENT_HASH, |
| 1059 | OTP, | ||
| 1043 | loadLanguages, | 1060 | loadLanguages, |
| 1044 | buildLanguages, | 1061 | buildLanguages, |
| 1045 | generateContentHash | 1062 | generateContentHash |
diff --git a/server/initializers/migrations/0745-user-otp.ts b/server/initializers/migrations/0745-user-otp.ts new file mode 100644 index 000000000..157308ea1 --- /dev/null +++ b/server/initializers/migrations/0745-user-otp.ts | |||
| @@ -0,0 +1,29 @@ | |||
| 1 | import * as Sequelize from 'sequelize' | ||
| 2 | |||
| 3 | async function up (utils: { | ||
| 4 | transaction: Sequelize.Transaction | ||
| 5 | queryInterface: Sequelize.QueryInterface | ||
| 6 | sequelize: Sequelize.Sequelize | ||
| 7 | db: any | ||
| 8 | }): Promise<void> { | ||
| 9 | const { transaction } = utils | ||
| 10 | |||
| 11 | const data = { | ||
| 12 | type: Sequelize.STRING, | ||
| 13 | defaultValue: null, | ||
| 14 | allowNull: true | ||
| 15 | } | ||
| 16 | await utils.queryInterface.addColumn('user', 'otpSecret', data, { transaction }) | ||
| 17 | |||
| 18 | } | ||
| 19 | |||
| 20 | async function down (utils: { | ||
| 21 | queryInterface: Sequelize.QueryInterface | ||
| 22 | transaction: Sequelize.Transaction | ||
| 23 | }) { | ||
| 24 | } | ||
| 25 | |||
| 26 | export { | ||
| 27 | up, | ||
| 28 | down | ||
| 29 | } | ||