projects / oweals / peertube.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 9c89a45)
Server: forbid to make friends with a non https server
authorChocobozzz <florian.bigard@gmail.com>
Wed, 16 Nov 2016 19:22:17 +0000 (20:22 +0100)
committerChocobozzz <florian.bigard@gmail.com>
Wed, 16 Nov 2016 19:29:26 +0000 (20:29 +0100)
server/helpers/utils.js patch | blob | history
server/initializers/constants.js patch | blob | history
server/middlewares/validators/pods.js patch | blob | history

diff --git a/server/helpers/utils.js b/server/helpers/utils.js
index 9c2d402e3105047615d26bfe4ebd016deed2810d..9f27671b6f5712b8550dbfe4c5b378d6e703af66 100644 (file)
--- a/server/helpers/utils.js
+++ b/server/helpers/utils.js
@@ -6,7 +6,8 @@ const logger = require('./logger')
 
 const utils = {
   cleanForExit,
-  generateRandomString
+  generateRandomString,
+  isTestInstance
 }
 
 function generateRandomString (size, callback) {
@@ -22,6 +23,10 @@ function cleanForExit (webtorrentProcess) {
   process.kill(-webtorrentProcess.pid)
 }
 
+function isTestInstance () {
+  return (process.env.NODE_ENV === 'test')
+}
+
 // ---------------------------------------------------------------------------
 
 module.exports = utils
diff --git a/server/initializers/constants.js b/server/initializers/constants.js
index 40e1c5381c9968e3215a630fdd5dd22ceb1f5c21..3ddf87454e0e234ffaf3215cfd6c2fa0f088c9c1 100644 (file)
--- a/server/initializers/constants.js
+++ b/server/initializers/constants.js
@@ -152,7 +152,7 @@ const REQUEST_ENDPOINTS = {
 
 const REMOTE_SCHEME = {
   HTTP: 'https',
-  WS: 'WS'
+  WS: 'wss'
 }
 
 // Password encryption
@@ -220,6 +220,7 @@ module.exports = {
 
 // ---------------------------------------------------------------------------
 
+// This method exists in utils module but we want to let the constants module independent
 function isTestInstance () {
   return (process.env.NODE_ENV === 'test')
 }
diff --git a/server/middlewares/validators/pods.js b/server/middlewares/validators/pods.js
index 4f8bad2f9610cd0ce311b43b4b0933d4d78e04ed..0723871b2ca3499c5504b4fbc156ae4276250fc6 100644 (file)
--- a/server/middlewares/validators/pods.js
+++ b/server/middlewares/validators/pods.js
@@ -1,8 +1,10 @@
 'use strict'
 
 const checkErrors = require('./utils').checkErrors
+const constants = require('../../initializers/constants')
 const friends = require('../../lib/friends')
 const logger = require('../../helpers/logger')
+const utils = require('../../helpers/utils')
 
 const validatorsPod = {
   makeFriends,
@@ -10,6 +12,11 @@ const validatorsPod = {
 }
 
 function makeFriends (req, res, next) {
+  // Force https if the administrator wants to make friends
+  if (utils.isTestInstance() === false && constants.CONFIG.WEBSERVER.SCHEME === 'http') {
+    return res.status(400).send('Cannot make friends with a non HTTPS webserver.')
+  }
+
   req.checkBody('hosts', 'Should have an array of unique hosts').isEachUniqueHostValid()
 
   logger.debug('Checking makeFriends parameters', { parameters: req.body })
Unnamed repository; edit this file 'description' to name the repository.