draft "security.txt" spec integration (#1020)

2018-09-06 05:23:46 -07:00 · 2018-09-06 05:23:46 -07:00 · 5447516b9a
parent 35c2930776
commit 5447516b9a
5 changed files with 26 additions and 2 deletions
--- a/config/default.yaml
+++ b/config/default.yaml
@ -127,6 +127,9 @@ instance:
  robots: |
    User-agent: *
    Disallow: ''
+  # Security.txt rules. To discourage researchers from testing your instance and disable security.txt integration, set this to an empty string.
+  securitytxt:
+    "# If you would like to report a security issue\n# you may report it to:\nContact: https://github.com/Chocobozzz/PeerTube\nContact: mailto:"

 services:
  # Cards configuration to format video in Twitter
--- a/config/production.yaml.example
+++ b/config/production.yaml.example
@ -141,6 +141,9 @@ instance:
  robots: |
    User-agent: *
    Disallow: ''
+  # Security.txt rules. To discourage researchers from testing your instance and disable security.txt integration, set this to an empty string.
+  securitytxt:
+    "# If you would like to report a security issue\n# you may report it to:\nContact: https://github.com/Chocobozzz/PeerTube\nContact: mailto:"

 services:
  # Cards configuration to format video in Twitter
--- a/server/controllers/static.ts
+++ b/server/controllers/static.ts
@ -79,6 +79,21 @@ staticRouter.get('/robots.txt',
  }
 )

+// security.txt service
+staticRouter.get('/security.txt',
+  (_, res: express.Response) => {
+    return res.redirect(301, '/.well-known/security.txt')
+  }
+)
+
+staticRouter.get('/.well-known/security.txt',
+  asyncMiddleware(cacheRoute(ROUTE_CACHE_LIFETIME.SECURITYTXT)),
+  (_, res: express.Response) => {
+    res.type('text/plain')
+    return res.send(CONFIG.INSTANCE.SECURITYTXT + CONFIG.INSTANCE.SECURITYTXT_CONTACT)
+  }
+)
+
 // nodeinfo service
 staticRouter.use('/.well-known/nodeinfo',
  asyncMiddleware(cacheRoute(ROUTE_CACHE_LIFETIME.NODEINFO)),
--- a/server/initializers/checker.ts
+++ b/server/initializers/checker.ts
@ -55,7 +55,7 @@ function checkMissedConfig () {
    'import.videos.http.enabled', 'import.videos.torrent.enabled',
    'trending.videos.interval_days',
    'instance.name', 'instance.short_description', 'instance.description', 'instance.terms', 'instance.default_client_route',
-    'instance.default_nsfw_policy', 'instance.robots',
+    'instance.default_nsfw_policy', 'instance.robots', 'instance.securitytxt',
    'services.twitter.username', 'services.twitter.whitelisted'
  ]
  const requiredAlternatives = [
--- a/server/initializers/constants.ts
+++ b/server/initializers/constants.ts
@ -57,6 +57,7 @@ const OAUTH_LIFETIME = {
 const ROUTE_CACHE_LIFETIME = {
  FEEDS: '15 minutes',
  ROBOTS: '2 hours',
+  SECURITYTXT: '2 hours',
  NODEINFO: '10 minutes',
  DNT_POLICY: '1 week',
  OVERVIEWS: {
@ -265,7 +266,9 @@ const CONFIG = {
      get JAVASCRIPT () { return config.get<string>('instance.customizations.javascript') },
      get CSS () { return config.get<string>('instance.customizations.css') }
    },
-    get ROBOTS () { return config.get<string>('instance.robots') }
+    get ROBOTS () { return config.get<string>('instance.robots') },
+    get SECURITYTXT () { return config.get<string>('instance.securitytxt') },
+    get SECURITYTXT_CONTACT () { return config.get<string>('admin.email') }
  },
  SERVICES: {
    TWITTER: {