diff --git a/config/default.yaml b/config/default.yaml index 254fa0c99..e95fa3ec7 100644 --- a/config/default.yaml +++ b/config/default.yaml @@ -127,6 +127,9 @@ instance: robots: | User-agent: * Disallow: '' + # Security.txt rules. To discourage researchers from testing your instance and disable security.txt integration, set this to an empty string. + securitytxt: + "# If you would like to report a security issue\n# you may report it to:\nContact: https://github.com/Chocobozzz/PeerTube\nContact: mailto:" services: # Cards configuration to format video in Twitter diff --git a/config/production.yaml.example b/config/production.yaml.example index e33427fae..edc774e6b 100644 --- a/config/production.yaml.example +++ b/config/production.yaml.example @@ -141,6 +141,9 @@ instance: robots: | User-agent: * Disallow: '' + # Security.txt rules. To discourage researchers from testing your instance and disable security.txt integration, set this to an empty string. + securitytxt: + "# If you would like to report a security issue\n# you may report it to:\nContact: https://github.com/Chocobozzz/PeerTube\nContact: mailto:" services: # Cards configuration to format video in Twitter diff --git a/server/controllers/static.ts b/server/controllers/static.ts index df31c3134..63f78b3b3 100644 --- a/server/controllers/static.ts +++ b/server/controllers/static.ts @@ -79,6 +79,21 @@ staticRouter.get('/robots.txt', } ) +// security.txt service +staticRouter.get('/security.txt', + (_, res: express.Response) => { + return res.redirect(301, '/.well-known/security.txt') + } +) + +staticRouter.get('/.well-known/security.txt', + asyncMiddleware(cacheRoute(ROUTE_CACHE_LIFETIME.SECURITYTXT)), + (_, res: express.Response) => { + res.type('text/plain') + return res.send(CONFIG.INSTANCE.SECURITYTXT + CONFIG.INSTANCE.SECURITYTXT_CONTACT) + } +) + // nodeinfo service staticRouter.use('/.well-known/nodeinfo', asyncMiddleware(cacheRoute(ROUTE_CACHE_LIFETIME.NODEINFO)), diff --git a/server/initializers/checker.ts b/server/initializers/checker.ts index 3cc6268cf..9dd104035 100644 --- a/server/initializers/checker.ts +++ b/server/initializers/checker.ts @@ -55,7 +55,7 @@ function checkMissedConfig () { 'import.videos.http.enabled', 'import.videos.torrent.enabled', 'trending.videos.interval_days', 'instance.name', 'instance.short_description', 'instance.description', 'instance.terms', 'instance.default_client_route', - 'instance.default_nsfw_policy', 'instance.robots', + 'instance.default_nsfw_policy', 'instance.robots', 'instance.securitytxt', 'services.twitter.username', 'services.twitter.whitelisted' ] const requiredAlternatives = [ diff --git a/server/initializers/constants.ts b/server/initializers/constants.ts index ba8b9b6ed..5b7ea5d6c 100644 --- a/server/initializers/constants.ts +++ b/server/initializers/constants.ts @@ -57,6 +57,7 @@ const OAUTH_LIFETIME = { const ROUTE_CACHE_LIFETIME = { FEEDS: '15 minutes', ROBOTS: '2 hours', + SECURITYTXT: '2 hours', NODEINFO: '10 minutes', DNT_POLICY: '1 week', OVERVIEWS: { @@ -265,7 +266,9 @@ const CONFIG = { get JAVASCRIPT () { return config.get('instance.customizations.javascript') }, get CSS () { return config.get('instance.customizations.css') } }, - get ROBOTS () { return config.get('instance.robots') } + get ROBOTS () { return config.get('instance.robots') }, + get SECURITYTXT () { return config.get('instance.securitytxt') }, + get SECURITYTXT_CONTACT () { return config.get('admin.email') } }, SERVICES: { TWITTER: {