New option to use and configure Prosody mod_firewall WIP (#97):

* new setting * new configuration screen for Peertube admins * include the mod_firewall module * load mod_firewall if enabled * sys admin can disable the firewall config editing by creating a special file on the disk * user documentation
2024-08-12 18:17:31 +02:00
parent 481f265a44
commit 8e99199f29
76 changed files with 7577 additions and 300 deletions
--- a/shared/lib/admin-firewall.ts
+++ b/shared/lib/admin-firewall.ts
@ -0,0 +1,12 @@
+// SPDX-FileCopyrightText: 2024 John Livingston <https://www.john-livingston.fr/>
+//
+// SPDX-License-Identifier: AGPL-3.0-only
+
+// Note: API request body size is limited to 100Kb (expressjs body-parser defaut limit, and Peertube nginx config).
+// So we must be sure to never send more than 100Kb.
+// All files are sent in one JSON object.
+export const maxFirewallFileSize: number = 3 * 1024
+export const maxFirewallFiles = 20
+
+export const maxFirewallNameLength = 20
+export const firewallNameRegexp = /^[a-zA-Z0-9_-]+$/
--- a/shared/lib/types.ts
+++ b/shared/lib/types.ts
@ -192,6 +192,17 @@ interface LivechatToken {
  date: number
 }

+interface AdminFirewallConfigurationFile {
+  name: string
+  content: string
+  enabled: boolean
+}
+
+interface AdminFirewallConfiguration {
+  enabled: boolean
+  files: AdminFirewallConfigurationFile[]
+}
+
 export type {
  ConverseJSTheme,
  InitConverseJSParams,
@ -212,5 +223,7 @@ export type {
  ChannelEmojis,
  ChannelEmojisConfiguration,
  ProsodyAuthentInfos,
-  LivechatToken
+  LivechatToken,
+  AdminFirewallConfiguration,
+  AdminFirewallConfigurationFile
 }