draft "security.txt" spec integration (#1020)

diff --git a/config/default.yaml b/config/default.yaml
index 254fa0c99f979299e16af31b5d5783a625bb7fe4..e95fa3ec7b33208f4973f6cd81f1bbdb56537224 100644 (file)
--- a/config/default.yaml
+++ b/config/default.yaml
@@ -127,6 +127,9 @@ instance:
   robots: |
     User-agent: *
     Disallow: ''
+  # Security.txt rules. To discourage researchers from testing your instance and disable security.txt integration, set this to an empty string.
+  securitytxt:
+    "# If you would like to report a security issue\n# you may report it to:\nContact: https://github.com/Chocobozzz/PeerTube\nContact: mailto:"
 
 services:
   # Cards configuration to format video in Twitter

diff --git a/config/production.yaml.example b/config/production.yaml.example
index e33427faeb1eceb9dd489cb0d2afd67e39618f1a..edc774e6b9f07e961fe12fe73ef19253e6e40196 100644 (file)
--- a/config/production.yaml.example
+++ b/config/production.yaml.example
@@ -141,6 +141,9 @@ instance:
   robots: |
     User-agent: *
     Disallow: ''
+  # Security.txt rules. To discourage researchers from testing your instance and disable security.txt integration, set this to an empty string.
+  securitytxt:
+    "# If you would like to report a security issue\n# you may report it to:\nContact: https://github.com/Chocobozzz/PeerTube\nContact: mailto:"
 
 services:
   # Cards configuration to format video in Twitter

diff --git a/server/controllers/static.ts b/server/controllers/static.ts
index df31c313455149b0345a71862bf98d89672709bf..63f78b3b3e11799bdbebe1a57467ac1975aa3081 100644 (file)
--- a/server/controllers/static.ts
+++ b/server/controllers/static.ts
@@ -79,6 +79,21 @@ staticRouter.get('/robots.txt',
   }
 )
 
+// security.txt service
+staticRouter.get('/security.txt',
+  (_, res: express.Response) => {
+    return res.redirect(301, '/.well-known/security.txt')
+  }
+)
+
+staticRouter.get('/.well-known/security.txt',
+  asyncMiddleware(cacheRoute(ROUTE_CACHE_LIFETIME.SECURITYTXT)),
+  (_, res: express.Response) => {
+    res.type('text/plain')
+    return res.send(CONFIG.INSTANCE.SECURITYTXT + CONFIG.INSTANCE.SECURITYTXT_CONTACT)
+  }
+)
+
 // nodeinfo service
 staticRouter.use('/.well-known/nodeinfo',
   asyncMiddleware(cacheRoute(ROUTE_CACHE_LIFETIME.NODEINFO)),

diff --git a/server/initializers/checker.ts b/server/initializers/checker.ts
index 3cc6268cfa946ba2ba5bbee25fe2201eaee5e69f..9dd104035f8f4991519793035dd5752692a80530 100644 (file)
--- a/server/initializers/checker.ts
+++ b/server/initializers/checker.ts
@@ -55,7 +55,7 @@ function checkMissedConfig () {
     'import.videos.http.enabled', 'import.videos.torrent.enabled',
     'trending.videos.interval_days',
     'instance.name', 'instance.short_description', 'instance.description', 'instance.terms', 'instance.default_client_route',
-    'instance.default_nsfw_policy', 'instance.robots',
+    'instance.default_nsfw_policy', 'instance.robots', 'instance.securitytxt',
     'services.twitter.username', 'services.twitter.whitelisted'
   ]
   const requiredAlternatives = [

diff --git a/server/initializers/constants.ts b/server/initializers/constants.ts
index ba8b9b6ed268491ea9aca3fbf94507bafcd531de..5b7ea5d6c0a78d1e9a0a350913fe65b0504e8c28 100644 (file)
--- a/server/initializers/constants.ts
+++ b/server/initializers/constants.ts
@@ -57,6 +57,7 @@ const OAUTH_LIFETIME = {
 const ROUTE_CACHE_LIFETIME = {
   FEEDS: '15 minutes',
   ROBOTS: '2 hours',
+  SECURITYTXT: '2 hours',
   NODEINFO: '10 minutes',
   DNT_POLICY: '1 week',
   OVERVIEWS: {
@@ -265,7 +266,9 @@ const CONFIG = {
       get JAVASCRIPT () { return config.get<string>('instance.customizations.javascript') },
       get CSS () { return config.get<string>('instance.customizations.css') }
     },
-    get ROBOTS () { return config.get<string>('instance.robots') }
+    get ROBOTS () { return config.get<string>('instance.robots') },
+    get SECURITYTXT () { return config.get<string>('instance.securitytxt') },
+    get SECURITYTXT_CONTACT () { return config.get<string>('admin.email') }
   },
   SERVICES: {
     TWITTER: {