aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/middlewares
diff options
context:
space:
mode:
Diffstat (limited to 'server/middlewares')
-rw-r--r--server/middlewares/cache.js23
-rw-r--r--server/middlewares/index.js15
-rw-r--r--server/middlewares/reqValidators/index.js15
-rw-r--r--server/middlewares/reqValidators/pods.js39
-rw-r--r--server/middlewares/reqValidators/remote.js43
-rw-r--r--server/middlewares/reqValidators/utils.js25
-rw-r--r--server/middlewares/reqValidators/videos.js74
-rw-r--r--server/middlewares/secure.js49
8 files changed, 283 insertions, 0 deletions
diff --git a/server/middlewares/cache.js b/server/middlewares/cache.js
new file mode 100644
index 000000000..0d3da0075
--- /dev/null
+++ b/server/middlewares/cache.js
@@ -0,0 +1,23 @@
1'use strict'
2
3var cacheMiddleware = {
4 cache: cache
5}
6
7function cache (cache) {
8 return function (req, res, next) {
9 // If we want explicitly a cache
10 // Or if we don't specify if we want a cache or no and we are in production
11 if (cache === true || (cache !== false && process.env.NODE_ENV === 'production')) {
12 res.setHeader('Cache-Control', 'public')
13 } else {
14 res.setHeader('Cache-Control', 'no-cache, no-store, max-age=0, must-revalidate')
15 }
16
17 next()
18 }
19}
20
21// ---------------------------------------------------------------------------
22
23module.exports = cacheMiddleware
diff --git a/server/middlewares/index.js b/server/middlewares/index.js
new file mode 100644
index 000000000..c85899b0c
--- /dev/null
+++ b/server/middlewares/index.js
@@ -0,0 +1,15 @@
1'use strict'
2
3var cacheMiddleware = require('./cache')
4var reqValidatorsMiddleware = require('./reqValidators')
5var secureMiddleware = require('./secure')
6
7var middlewares = {
8 cache: cacheMiddleware,
9 reqValidators: reqValidatorsMiddleware,
10 secure: secureMiddleware
11}
12
13// ---------------------------------------------------------------------------
14
15module.exports = middlewares
diff --git a/server/middlewares/reqValidators/index.js b/server/middlewares/reqValidators/index.js
new file mode 100644
index 000000000..345dbd0e2
--- /dev/null
+++ b/server/middlewares/reqValidators/index.js
@@ -0,0 +1,15 @@
1'use strict'
2
3var podsReqValidators = require('./pods')
4var remoteReqValidators = require('./remote')
5var videosReqValidators = require('./videos')
6
7var reqValidators = {
8 pods: podsReqValidators,
9 remote: remoteReqValidators,
10 videos: videosReqValidators
11}
12
13// ---------------------------------------------------------------------------
14
15module.exports = reqValidators
diff --git a/server/middlewares/reqValidators/pods.js b/server/middlewares/reqValidators/pods.js
new file mode 100644
index 000000000..ef09d51cf
--- /dev/null
+++ b/server/middlewares/reqValidators/pods.js
@@ -0,0 +1,39 @@
1'use strict'
2
3var checkErrors = require('./utils').checkErrors
4var friends = require('../../lib/friends')
5var logger = require('../../helpers/logger')
6
7var reqValidatorsPod = {
8 makeFriends: makeFriends,
9 podsAdd: podsAdd
10}
11
12function makeFriends (req, res, next) {
13 friends.hasFriends(function (err, has_friends) {
14 if (err) {
15 logger.error('Cannot know if we have friends.', { error: err })
16 res.sendStatus(500)
17 }
18
19 if (has_friends === true) {
20 // We need to quit our friends before make new ones
21 res.sendStatus(409)
22 } else {
23 return next()
24 }
25 })
26}
27
28function podsAdd (req, res, next) {
29 req.checkBody('data.url', 'Should have an url').notEmpty().isURL({ require_protocol: true })
30 req.checkBody('data.publicKey', 'Should have a public key').notEmpty()
31
32 logger.debug('Checking podsAdd parameters', { parameters: req.body })
33
34 checkErrors(req, res, next)
35}
36
37// ---------------------------------------------------------------------------
38
39module.exports = reqValidatorsPod
diff --git a/server/middlewares/reqValidators/remote.js b/server/middlewares/reqValidators/remote.js
new file mode 100644
index 000000000..88de16b49
--- /dev/null
+++ b/server/middlewares/reqValidators/remote.js
@@ -0,0 +1,43 @@
1'use strict'
2
3var checkErrors = require('./utils').checkErrors
4var logger = require('../../helpers/logger')
5
6var reqValidatorsRemote = {
7 remoteVideosAdd: remoteVideosAdd,
8 remoteVideosRemove: remoteVideosRemove,
9 secureRequest: secureRequest
10}
11
12function remoteVideosAdd (req, res, next) {
13 req.checkBody('data').isArray()
14 req.checkBody('data').eachIsRemoteVideosAddValid()
15
16 logger.debug('Checking remoteVideosAdd parameters', { parameters: req.body })
17
18 checkErrors(req, res, next)
19}
20
21function remoteVideosRemove (req, res, next) {
22 req.checkBody('data').isArray()
23 req.checkBody('data').eachIsRemoteVideosRemoveValid()
24
25 logger.debug('Checking remoteVideosRemove parameters', { parameters: req.body })
26
27 checkErrors(req, res, next)
28}
29
30function secureRequest (req, res, next) {
31 req.checkBody('signature.url', 'Should have a signature url').isURL()
32 req.checkBody('signature.signature', 'Should have a signature').notEmpty()
33 req.checkBody('key', 'Should have a key').notEmpty()
34 req.checkBody('data', 'Should have data').notEmpty()
35
36 logger.debug('Checking secureRequest parameters', { parameters: { data: req.body.data, keyLength: req.body.key.length } })
37
38 checkErrors(req, res, next)
39}
40
41// ---------------------------------------------------------------------------
42
43module.exports = reqValidatorsRemote
diff --git a/server/middlewares/reqValidators/utils.js b/server/middlewares/reqValidators/utils.js
new file mode 100644
index 000000000..46c982571
--- /dev/null
+++ b/server/middlewares/reqValidators/utils.js
@@ -0,0 +1,25 @@
1'use strict'
2
3var util = require('util')
4
5var logger = require('../../helpers/logger')
6
7var reqValidatorsUtils = {
8 checkErrors: checkErrors
9}
10
11function checkErrors (req, res, next, status_code) {
12 if (status_code === undefined) status_code = 400
13 var errors = req.validationErrors()
14
15 if (errors) {
16 logger.warn('Incorrect request parameters', { path: req.originalUrl, err: errors })
17 return res.status(status_code).send('There have been validation errors: ' + util.inspect(errors))
18 }
19
20 return next()
21}
22
23// ---------------------------------------------------------------------------
24
25module.exports = reqValidatorsUtils
diff --git a/server/middlewares/reqValidators/videos.js b/server/middlewares/reqValidators/videos.js
new file mode 100644
index 000000000..4e5f4391f
--- /dev/null
+++ b/server/middlewares/reqValidators/videos.js
@@ -0,0 +1,74 @@
1'use strict'
2
3var checkErrors = require('./utils').checkErrors
4var logger = require('../../helpers/logger')
5var Videos = require('../../models/videos')
6
7var reqValidatorsVideos = {
8 videosAdd: videosAdd,
9 videosGet: videosGet,
10 videosRemove: videosRemove,
11 videosSearch: videosSearch
12}
13
14function videosAdd (req, res, next) {
15 req.checkFiles('input_video[0].originalname', 'Should have an input video').notEmpty()
16 req.checkFiles('input_video[0].mimetype', 'Should have a correct mime type').matches(/video\/(webm)|(mp4)|(ogg)/i)
17 req.checkBody('name', 'Should have a name').isLength(1, 50)
18 req.checkBody('description', 'Should have a description').isLength(1, 250)
19
20 logger.debug('Checking videosAdd parameters', { parameters: req.body, files: req.files })
21
22 checkErrors(req, res, next)
23}
24
25function videosGet (req, res, next) {
26 req.checkParams('id', 'Should have a valid id').notEmpty().isMongoId()
27
28 logger.debug('Checking videosGet parameters', { parameters: req.params })
29
30 checkErrors(req, res, function () {
31 Videos.getVideoState(req.params.id, function (err, state) {
32 if (err) {
33 logger.error('Error in videosGet request validator.', { error: err })
34 res.sendStatus(500)
35 }
36
37 if (state.exist === false) return res.status(404).send('Video not found')
38
39 next()
40 })
41 })
42}
43
44function videosRemove (req, res, next) {
45 req.checkParams('id', 'Should have a valid id').notEmpty().isMongoId()
46
47 logger.debug('Checking videosRemove parameters', { parameters: req.params })
48
49 checkErrors(req, res, function () {
50 Videos.getVideoState(req.params.id, function (err, state) {
51 if (err) {
52 logger.error('Error in videosRemove request validator.', { error: err })
53 res.sendStatus(500)
54 }
55
56 if (state.exist === false) return res.status(404).send('Video not found')
57 else if (state.owned === false) return res.status(403).send('Cannot remove video of another pod')
58
59 next()
60 })
61 })
62}
63
64function videosSearch (req, res, next) {
65 req.checkParams('name', 'Should have a name').notEmpty()
66
67 logger.debug('Checking videosSearch parameters', { parameters: req.params })
68
69 checkErrors(req, res, next)
70}
71
72// ---------------------------------------------------------------------------
73
74module.exports = reqValidatorsVideos
diff --git a/server/middlewares/secure.js b/server/middlewares/secure.js
new file mode 100644
index 000000000..bfd28316a
--- /dev/null
+++ b/server/middlewares/secure.js
@@ -0,0 +1,49 @@
1'use strict'
2
3var logger = require('../helpers/logger')
4var peertubeCrypto = require('../helpers/peertubeCrypto')
5var Pods = require('../models/pods')
6
7var secureMiddleware = {
8 decryptBody: decryptBody
9}
10
11function decryptBody (req, res, next) {
12 var url = req.body.signature.url
13 Pods.findByUrl(url, function (err, pod) {
14 if (err) {
15 logger.error('Cannot get signed url in decryptBody.', { error: err })
16 return res.sendStatus(500)
17 }
18
19 if (pod === null) {
20 logger.error('Unknown pod %s.', url)
21 return res.sendStatus(403)
22 }
23
24 logger.debug('Decrypting body from %s.', url)
25
26 var signature_ok = peertubeCrypto.checkSignature(pod.publicKey, url, req.body.signature.signature)
27
28 if (signature_ok === true) {
29 peertubeCrypto.decrypt(req.body.key, req.body.data, function (err, decrypted) {
30 if (err) {
31 logger.error('Cannot decrypt data.', { error: err })
32 return res.sendStatus(500)
33 }
34
35 req.body.data = JSON.parse(decrypted)
36 delete req.body.key
37
38 next()
39 })
40 } else {
41 logger.error('Signature is not okay in decryptBody for %s.', req.body.signature.url)
42 return res.sendStatus(403)
43 }
44 })
45}
46
47// ---------------------------------------------------------------------------
48
49module.exports = secureMiddleware