From 441b66f80923d1f574a74582f1fb9306b99fc12a Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Wed, 16 Nov 2016 20:22:17 +0100 Subject: Server: forbid to make friends with a non https server --- server/helpers/utils.js | 7 ++++++- server/initializers/constants.js | 3 ++- server/middlewares/validators/pods.js | 7 +++++++ 3 files changed, 15 insertions(+), 2 deletions(-) (limited to 'server') diff --git a/server/helpers/utils.js b/server/helpers/utils.js index 9c2d402e3..9f27671b6 100644 --- a/server/helpers/utils.js +++ b/server/helpers/utils.js @@ -6,7 +6,8 @@ const logger = require('./logger') const utils = { cleanForExit, - generateRandomString + generateRandomString, + isTestInstance } function generateRandomString (size, callback) { @@ -22,6 +23,10 @@ function cleanForExit (webtorrentProcess) { process.kill(-webtorrentProcess.pid) } +function isTestInstance () { + return (process.env.NODE_ENV === 'test') +} + // --------------------------------------------------------------------------- module.exports = utils diff --git a/server/initializers/constants.js b/server/initializers/constants.js index 40e1c5381..3ddf87454 100644 --- a/server/initializers/constants.js +++ b/server/initializers/constants.js @@ -152,7 +152,7 @@ const REQUEST_ENDPOINTS = { const REMOTE_SCHEME = { HTTP: 'https', - WS: 'WS' + WS: 'wss' } // Password encryption @@ -220,6 +220,7 @@ module.exports = { // --------------------------------------------------------------------------- +// This method exists in utils module but we want to let the constants module independent function isTestInstance () { return (process.env.NODE_ENV === 'test') } diff --git a/server/middlewares/validators/pods.js b/server/middlewares/validators/pods.js index 4f8bad2f9..0723871b2 100644 --- a/server/middlewares/validators/pods.js +++ b/server/middlewares/validators/pods.js @@ -1,8 +1,10 @@ 'use strict' const checkErrors = require('./utils').checkErrors +const constants = require('../../initializers/constants') const friends = require('../../lib/friends') const logger = require('../../helpers/logger') +const utils = require('../../helpers/utils') const validatorsPod = { makeFriends, @@ -10,6 +12,11 @@ const validatorsPod = { } function makeFriends (req, res, next) { + // Force https if the administrator wants to make friends + if (utils.isTestInstance() === false && constants.CONFIG.WEBSERVER.SCHEME === 'http') { + return res.status(400).send('Cannot make friends with a non HTTPS webserver.') + } + req.checkBody('hosts', 'Should have an array of unique hosts').isEachUniqueHostValid() logger.debug('Checking makeFriends parameters', { parameters: req.body }) -- cgit v1.2.3