draft "security.txt" spec integration (#1020)

pull/1026/head
Austin Heap 2018-09-06 05:23:46 -07:00 committed by Rigel Kent
parent 35c2930776
commit 5447516b9a
5 changed files with 26 additions and 2 deletions

View File

@ -127,6 +127,9 @@ instance:
robots: |
User-agent: *
Disallow: ''
# Security.txt rules. To discourage researchers from testing your instance and disable security.txt integration, set this to an empty string.
securitytxt:
"# If you would like to report a security issue\n# you may report it to:\nContact: https://github.com/Chocobozzz/PeerTube\nContact: mailto:"
services:
# Cards configuration to format video in Twitter

View File

@ -141,6 +141,9 @@ instance:
robots: |
User-agent: *
Disallow: ''
# Security.txt rules. To discourage researchers from testing your instance and disable security.txt integration, set this to an empty string.
securitytxt:
"# If you would like to report a security issue\n# you may report it to:\nContact: https://github.com/Chocobozzz/PeerTube\nContact: mailto:"
services:
# Cards configuration to format video in Twitter

View File

@ -79,6 +79,21 @@ staticRouter.get('/robots.txt',
}
)
// security.txt service
staticRouter.get('/security.txt',
(_, res: express.Response) => {
return res.redirect(301, '/.well-known/security.txt')
}
)
staticRouter.get('/.well-known/security.txt',
asyncMiddleware(cacheRoute(ROUTE_CACHE_LIFETIME.SECURITYTXT)),
(_, res: express.Response) => {
res.type('text/plain')
return res.send(CONFIG.INSTANCE.SECURITYTXT + CONFIG.INSTANCE.SECURITYTXT_CONTACT)
}
)
// nodeinfo service
staticRouter.use('/.well-known/nodeinfo',
asyncMiddleware(cacheRoute(ROUTE_CACHE_LIFETIME.NODEINFO)),

View File

@ -55,7 +55,7 @@ function checkMissedConfig () {
'import.videos.http.enabled', 'import.videos.torrent.enabled',
'trending.videos.interval_days',
'instance.name', 'instance.short_description', 'instance.description', 'instance.terms', 'instance.default_client_route',
'instance.default_nsfw_policy', 'instance.robots',
'instance.default_nsfw_policy', 'instance.robots', 'instance.securitytxt',
'services.twitter.username', 'services.twitter.whitelisted'
]
const requiredAlternatives = [

View File

@ -57,6 +57,7 @@ const OAUTH_LIFETIME = {
const ROUTE_CACHE_LIFETIME = {
FEEDS: '15 minutes',
ROBOTS: '2 hours',
SECURITYTXT: '2 hours',
NODEINFO: '10 minutes',
DNT_POLICY: '1 week',
OVERVIEWS: {
@ -265,7 +266,9 @@ const CONFIG = {
get JAVASCRIPT () { return config.get<string>('instance.customizations.javascript') },
get CSS () { return config.get<string>('instance.customizations.css') }
},
get ROBOTS () { return config.get<string>('instance.robots') }
get ROBOTS () { return config.get<string>('instance.robots') },
get SECURITYTXT () { return config.get<string>('instance.securitytxt') },
get SECURITYTXT_CONTACT () { return config.get<string>('admin.email') }
},
SERVICES: {
TWITTER: {