diff options
Diffstat (limited to 'server/middlewares')
-rw-r--r-- | server/middlewares/cache.js | 23 | ||||
-rw-r--r-- | server/middlewares/index.js | 15 | ||||
-rw-r--r-- | server/middlewares/reqValidators/index.js | 15 | ||||
-rw-r--r-- | server/middlewares/reqValidators/pods.js | 39 | ||||
-rw-r--r-- | server/middlewares/reqValidators/remote.js | 43 | ||||
-rw-r--r-- | server/middlewares/reqValidators/utils.js | 25 | ||||
-rw-r--r-- | server/middlewares/reqValidators/videos.js | 74 | ||||
-rw-r--r-- | server/middlewares/secure.js | 49 |
8 files changed, 283 insertions, 0 deletions
diff --git a/server/middlewares/cache.js b/server/middlewares/cache.js new file mode 100644 index 000000000..0d3da0075 --- /dev/null +++ b/server/middlewares/cache.js | |||
@@ -0,0 +1,23 @@ | |||
1 | 'use strict' | ||
2 | |||
3 | var cacheMiddleware = { | ||
4 | cache: cache | ||
5 | } | ||
6 | |||
7 | function cache (cache) { | ||
8 | return function (req, res, next) { | ||
9 | // If we want explicitly a cache | ||
10 | // Or if we don't specify if we want a cache or no and we are in production | ||
11 | if (cache === true || (cache !== false && process.env.NODE_ENV === 'production')) { | ||
12 | res.setHeader('Cache-Control', 'public') | ||
13 | } else { | ||
14 | res.setHeader('Cache-Control', 'no-cache, no-store, max-age=0, must-revalidate') | ||
15 | } | ||
16 | |||
17 | next() | ||
18 | } | ||
19 | } | ||
20 | |||
21 | // --------------------------------------------------------------------------- | ||
22 | |||
23 | module.exports = cacheMiddleware | ||
diff --git a/server/middlewares/index.js b/server/middlewares/index.js new file mode 100644 index 000000000..c85899b0c --- /dev/null +++ b/server/middlewares/index.js | |||
@@ -0,0 +1,15 @@ | |||
1 | 'use strict' | ||
2 | |||
3 | var cacheMiddleware = require('./cache') | ||
4 | var reqValidatorsMiddleware = require('./reqValidators') | ||
5 | var secureMiddleware = require('./secure') | ||
6 | |||
7 | var middlewares = { | ||
8 | cache: cacheMiddleware, | ||
9 | reqValidators: reqValidatorsMiddleware, | ||
10 | secure: secureMiddleware | ||
11 | } | ||
12 | |||
13 | // --------------------------------------------------------------------------- | ||
14 | |||
15 | module.exports = middlewares | ||
diff --git a/server/middlewares/reqValidators/index.js b/server/middlewares/reqValidators/index.js new file mode 100644 index 000000000..345dbd0e2 --- /dev/null +++ b/server/middlewares/reqValidators/index.js | |||
@@ -0,0 +1,15 @@ | |||
1 | 'use strict' | ||
2 | |||
3 | var podsReqValidators = require('./pods') | ||
4 | var remoteReqValidators = require('./remote') | ||
5 | var videosReqValidators = require('./videos') | ||
6 | |||
7 | var reqValidators = { | ||
8 | pods: podsReqValidators, | ||
9 | remote: remoteReqValidators, | ||
10 | videos: videosReqValidators | ||
11 | } | ||
12 | |||
13 | // --------------------------------------------------------------------------- | ||
14 | |||
15 | module.exports = reqValidators | ||
diff --git a/server/middlewares/reqValidators/pods.js b/server/middlewares/reqValidators/pods.js new file mode 100644 index 000000000..ef09d51cf --- /dev/null +++ b/server/middlewares/reqValidators/pods.js | |||
@@ -0,0 +1,39 @@ | |||
1 | 'use strict' | ||
2 | |||
3 | var checkErrors = require('./utils').checkErrors | ||
4 | var friends = require('../../lib/friends') | ||
5 | var logger = require('../../helpers/logger') | ||
6 | |||
7 | var reqValidatorsPod = { | ||
8 | makeFriends: makeFriends, | ||
9 | podsAdd: podsAdd | ||
10 | } | ||
11 | |||
12 | function makeFriends (req, res, next) { | ||
13 | friends.hasFriends(function (err, has_friends) { | ||
14 | if (err) { | ||
15 | logger.error('Cannot know if we have friends.', { error: err }) | ||
16 | res.sendStatus(500) | ||
17 | } | ||
18 | |||
19 | if (has_friends === true) { | ||
20 | // We need to quit our friends before make new ones | ||
21 | res.sendStatus(409) | ||
22 | } else { | ||
23 | return next() | ||
24 | } | ||
25 | }) | ||
26 | } | ||
27 | |||
28 | function podsAdd (req, res, next) { | ||
29 | req.checkBody('data.url', 'Should have an url').notEmpty().isURL({ require_protocol: true }) | ||
30 | req.checkBody('data.publicKey', 'Should have a public key').notEmpty() | ||
31 | |||
32 | logger.debug('Checking podsAdd parameters', { parameters: req.body }) | ||
33 | |||
34 | checkErrors(req, res, next) | ||
35 | } | ||
36 | |||
37 | // --------------------------------------------------------------------------- | ||
38 | |||
39 | module.exports = reqValidatorsPod | ||
diff --git a/server/middlewares/reqValidators/remote.js b/server/middlewares/reqValidators/remote.js new file mode 100644 index 000000000..88de16b49 --- /dev/null +++ b/server/middlewares/reqValidators/remote.js | |||
@@ -0,0 +1,43 @@ | |||
1 | 'use strict' | ||
2 | |||
3 | var checkErrors = require('./utils').checkErrors | ||
4 | var logger = require('../../helpers/logger') | ||
5 | |||
6 | var reqValidatorsRemote = { | ||
7 | remoteVideosAdd: remoteVideosAdd, | ||
8 | remoteVideosRemove: remoteVideosRemove, | ||
9 | secureRequest: secureRequest | ||
10 | } | ||
11 | |||
12 | function remoteVideosAdd (req, res, next) { | ||
13 | req.checkBody('data').isArray() | ||
14 | req.checkBody('data').eachIsRemoteVideosAddValid() | ||
15 | |||
16 | logger.debug('Checking remoteVideosAdd parameters', { parameters: req.body }) | ||
17 | |||
18 | checkErrors(req, res, next) | ||
19 | } | ||
20 | |||
21 | function remoteVideosRemove (req, res, next) { | ||
22 | req.checkBody('data').isArray() | ||
23 | req.checkBody('data').eachIsRemoteVideosRemoveValid() | ||
24 | |||
25 | logger.debug('Checking remoteVideosRemove parameters', { parameters: req.body }) | ||
26 | |||
27 | checkErrors(req, res, next) | ||
28 | } | ||
29 | |||
30 | function secureRequest (req, res, next) { | ||
31 | req.checkBody('signature.url', 'Should have a signature url').isURL() | ||
32 | req.checkBody('signature.signature', 'Should have a signature').notEmpty() | ||
33 | req.checkBody('key', 'Should have a key').notEmpty() | ||
34 | req.checkBody('data', 'Should have data').notEmpty() | ||
35 | |||
36 | logger.debug('Checking secureRequest parameters', { parameters: { data: req.body.data, keyLength: req.body.key.length } }) | ||
37 | |||
38 | checkErrors(req, res, next) | ||
39 | } | ||
40 | |||
41 | // --------------------------------------------------------------------------- | ||
42 | |||
43 | module.exports = reqValidatorsRemote | ||
diff --git a/server/middlewares/reqValidators/utils.js b/server/middlewares/reqValidators/utils.js new file mode 100644 index 000000000..46c982571 --- /dev/null +++ b/server/middlewares/reqValidators/utils.js | |||
@@ -0,0 +1,25 @@ | |||
1 | 'use strict' | ||
2 | |||
3 | var util = require('util') | ||
4 | |||
5 | var logger = require('../../helpers/logger') | ||
6 | |||
7 | var reqValidatorsUtils = { | ||
8 | checkErrors: checkErrors | ||
9 | } | ||
10 | |||
11 | function checkErrors (req, res, next, status_code) { | ||
12 | if (status_code === undefined) status_code = 400 | ||
13 | var errors = req.validationErrors() | ||
14 | |||
15 | if (errors) { | ||
16 | logger.warn('Incorrect request parameters', { path: req.originalUrl, err: errors }) | ||
17 | return res.status(status_code).send('There have been validation errors: ' + util.inspect(errors)) | ||
18 | } | ||
19 | |||
20 | return next() | ||
21 | } | ||
22 | |||
23 | // --------------------------------------------------------------------------- | ||
24 | |||
25 | module.exports = reqValidatorsUtils | ||
diff --git a/server/middlewares/reqValidators/videos.js b/server/middlewares/reqValidators/videos.js new file mode 100644 index 000000000..4e5f4391f --- /dev/null +++ b/server/middlewares/reqValidators/videos.js | |||
@@ -0,0 +1,74 @@ | |||
1 | 'use strict' | ||
2 | |||
3 | var checkErrors = require('./utils').checkErrors | ||
4 | var logger = require('../../helpers/logger') | ||
5 | var Videos = require('../../models/videos') | ||
6 | |||
7 | var reqValidatorsVideos = { | ||
8 | videosAdd: videosAdd, | ||
9 | videosGet: videosGet, | ||
10 | videosRemove: videosRemove, | ||
11 | videosSearch: videosSearch | ||
12 | } | ||
13 | |||
14 | function videosAdd (req, res, next) { | ||
15 | req.checkFiles('input_video[0].originalname', 'Should have an input video').notEmpty() | ||
16 | req.checkFiles('input_video[0].mimetype', 'Should have a correct mime type').matches(/video\/(webm)|(mp4)|(ogg)/i) | ||
17 | req.checkBody('name', 'Should have a name').isLength(1, 50) | ||
18 | req.checkBody('description', 'Should have a description').isLength(1, 250) | ||
19 | |||
20 | logger.debug('Checking videosAdd parameters', { parameters: req.body, files: req.files }) | ||
21 | |||
22 | checkErrors(req, res, next) | ||
23 | } | ||
24 | |||
25 | function videosGet (req, res, next) { | ||
26 | req.checkParams('id', 'Should have a valid id').notEmpty().isMongoId() | ||
27 | |||
28 | logger.debug('Checking videosGet parameters', { parameters: req.params }) | ||
29 | |||
30 | checkErrors(req, res, function () { | ||
31 | Videos.getVideoState(req.params.id, function (err, state) { | ||
32 | if (err) { | ||
33 | logger.error('Error in videosGet request validator.', { error: err }) | ||
34 | res.sendStatus(500) | ||
35 | } | ||
36 | |||
37 | if (state.exist === false) return res.status(404).send('Video not found') | ||
38 | |||
39 | next() | ||
40 | }) | ||
41 | }) | ||
42 | } | ||
43 | |||
44 | function videosRemove (req, res, next) { | ||
45 | req.checkParams('id', 'Should have a valid id').notEmpty().isMongoId() | ||
46 | |||
47 | logger.debug('Checking videosRemove parameters', { parameters: req.params }) | ||
48 | |||
49 | checkErrors(req, res, function () { | ||
50 | Videos.getVideoState(req.params.id, function (err, state) { | ||
51 | if (err) { | ||
52 | logger.error('Error in videosRemove request validator.', { error: err }) | ||
53 | res.sendStatus(500) | ||
54 | } | ||
55 | |||
56 | if (state.exist === false) return res.status(404).send('Video not found') | ||
57 | else if (state.owned === false) return res.status(403).send('Cannot remove video of another pod') | ||
58 | |||
59 | next() | ||
60 | }) | ||
61 | }) | ||
62 | } | ||
63 | |||
64 | function videosSearch (req, res, next) { | ||
65 | req.checkParams('name', 'Should have a name').notEmpty() | ||
66 | |||
67 | logger.debug('Checking videosSearch parameters', { parameters: req.params }) | ||
68 | |||
69 | checkErrors(req, res, next) | ||
70 | } | ||
71 | |||
72 | // --------------------------------------------------------------------------- | ||
73 | |||
74 | module.exports = reqValidatorsVideos | ||
diff --git a/server/middlewares/secure.js b/server/middlewares/secure.js new file mode 100644 index 000000000..bfd28316a --- /dev/null +++ b/server/middlewares/secure.js | |||
@@ -0,0 +1,49 @@ | |||
1 | 'use strict' | ||
2 | |||
3 | var logger = require('../helpers/logger') | ||
4 | var peertubeCrypto = require('../helpers/peertubeCrypto') | ||
5 | var Pods = require('../models/pods') | ||
6 | |||
7 | var secureMiddleware = { | ||
8 | decryptBody: decryptBody | ||
9 | } | ||
10 | |||
11 | function decryptBody (req, res, next) { | ||
12 | var url = req.body.signature.url | ||
13 | Pods.findByUrl(url, function (err, pod) { | ||
14 | if (err) { | ||
15 | logger.error('Cannot get signed url in decryptBody.', { error: err }) | ||
16 | return res.sendStatus(500) | ||
17 | } | ||
18 | |||
19 | if (pod === null) { | ||
20 | logger.error('Unknown pod %s.', url) | ||
21 | return res.sendStatus(403) | ||
22 | } | ||
23 | |||
24 | logger.debug('Decrypting body from %s.', url) | ||
25 | |||
26 | var signature_ok = peertubeCrypto.checkSignature(pod.publicKey, url, req.body.signature.signature) | ||
27 | |||
28 | if (signature_ok === true) { | ||
29 | peertubeCrypto.decrypt(req.body.key, req.body.data, function (err, decrypted) { | ||
30 | if (err) { | ||
31 | logger.error('Cannot decrypt data.', { error: err }) | ||
32 | return res.sendStatus(500) | ||
33 | } | ||
34 | |||
35 | req.body.data = JSON.parse(decrypted) | ||
36 | delete req.body.key | ||
37 | |||
38 | next() | ||
39 | }) | ||
40 | } else { | ||
41 | logger.error('Signature is not okay in decryptBody for %s.', req.body.signature.url) | ||
42 | return res.sendStatus(403) | ||
43 | } | ||
44 | }) | ||
45 | } | ||
46 | |||
47 | // --------------------------------------------------------------------------- | ||
48 | |||
49 | module.exports = secureMiddleware | ||