[github/Chocobozzz/PeerTube.git] / helpers / utils.js

;(function () {
  'use strict'

  var async = require('async')
  var config = require('config')
  var crypto = require('crypto')
  var fs = require('fs')
  var openssl = require('openssl-wrapper')
  var request = require('request')
  var replay = require('request-replay')
  var ursa = require('ursa')

  var constants = require('../initializers/constants')
  var logger = require('./logger')

  var certDir = __dirname + '/../' + config.get('storage.certs')
  var http = config.get('webserver.https') ? 'https' : 'http'
  var host = config.get('webserver.host')
  var port = config.get('webserver.port')
  var algorithm = 'aes-256-ctr'

  var utils = {
    getCertDir: getCertDir,
    certsExist: certsExist,
    cleanForExit: cleanForExit,
    createCerts: createCerts,
    createCertsIfNotExist: createCertsIfNotExist,
    generatePassword: generatePassword,
    makeMultipleRetryRequest: makeMultipleRetryRequest,
    symetricEncrypt: symetricEncrypt,
    symetricDecrypt: symetricDecrypt
  }

  function getCertDir () {
    return certDir
  }

  function makeMultipleRetryRequest (all_data, pods, callbackEach, callback) {
    if (!callback) {
      callback = callbackEach
      callbackEach = null
    }

    var url = http + '://' + host + ':' + port
    var signature

    // Add signature if it is specified in the params
    if (all_data.method === 'POST' && all_data.data && all_data.sign === true) {
      var myKey = ursa.createPrivateKey(fs.readFileSync(certDir + 'peertube.key.pem'))
      signature = myKey.hashAndSign('sha256', url, 'utf8', 'hex')
    }

    // Make a request for each pod
    async.each(pods, function (pod, callback_each_async) {
      function callbackEachRetryRequest (err, response, body, url, pod) {
        if (callbackEach !== null) {
          callbackEach(err, response, body, url, pod, function () {
            callback_each_async()
          })
        } else {
          callback_each_async()
        }
      }

      var params = {
        url: pod.url + all_data.path,
        method: all_data.method
      }

      // Add data with POST requst ?
      if (all_data.method === 'POST' && all_data.data) {
        // Encrypt data ?
        if (all_data.encrypt === true) {
          var crt = ursa.createPublicKey(pod.publicKey)

          // TODO: ES6 with let
          ;(function (crt_copy, copy_params, copy_url, copy_pod, copy_signature) {
            symetricEncrypt(JSON.stringify(all_data.data), function (err, dataEncrypted) {
              if (err) throw err

              var passwordEncrypted = crt_copy.encrypt(dataEncrypted.password, 'utf8', 'hex')
              copy_params.json = {
                data: dataEncrypted.crypted,
                key: passwordEncrypted
              }

              makeRetryRequest(copy_params, copy_url, copy_pod, copy_signature, callbackEachRetryRequest)
            })
          })(crt, params, url, pod, signature)
        } else {
          params.json = { data: all_data.data }
          makeRetryRequest(params, url, pod, signature, callbackEachRetryRequest)
        }
      } else {
        makeRetryRequest(params, url, pod, signature, callbackEachRetryRequest)
      }
    }, callback)
  }

  function certsExist (callback) {
    fs.exists(certDir + 'peertube.key.pem', function (exists) {
      return callback(exists)
    })
  }

  function createCerts (callback) {
    certsExist(function (exist) {
      if (exist === true) {
        var string = 'Certs already exist.'
        logger.warning(string)
        return callback(new Error(string))
      }

      logger.info('Generating a RSA key...')
      openssl.exec('genrsa', { 'out': certDir + 'peertube.key.pem', '2048': false }, function (err) {
        if (err) {
          logger.error('Cannot create private key on this pod.', { error: err })
          return callback(err)
        }
        logger.info('RSA key generated.')

        logger.info('Manage public key...')
        openssl.exec('rsa', { 'in': certDir + 'peertube.key.pem', 'pubout': true, 'out': certDir + 'peertube.pub' }, function (err) {
          if (err) {
            logger.error('Cannot create public key on this pod .', { error: err })
            return callback(err)
          }

          logger.info('Public key managed.')
          return callback(null)
        })
      })
    })
  }

  function createCertsIfNotExist (callback) {
    certsExist(function (exist) {
      if (exist === true) {
        return callback(null)
      }

      createCerts(function (err) {
        return callback(err)
      })
    })
  }

  function generatePassword (callback) {
    crypto.randomBytes(32, function (err, buf) {
      if (err) {
        return callback(err)
      }

      callback(null, buf.toString('utf8'))
    })
  }

  function symetricEncrypt (text, callback) {
    generatePassword(function (err, password) {
      if (err) {
        return callback(err)
      }

      var cipher = crypto.createCipher(algorithm, password)
      var crypted = cipher.update(text, 'utf8', 'hex')
      crypted += cipher.final('hex')
      callback(null, { crypted: crypted, password: password })
    })
  }

  function symetricDecrypt (text, password) {
    var decipher = crypto.createDecipher(algorithm, password)
    var dec = decipher.update(text, 'hex', 'utf8')
    dec += decipher.final('utf8')
    return dec
  }

  function cleanForExit (webtorrent_process) {
    logger.info('Gracefully exiting')
    process.kill(-webtorrent_process.pid)
  }

  // ---------------------------------------------------------------------------

  module.exports = utils

  // ---------------------------------------------------------------------------

  function makeRetryRequest (params, from_url, to_pod, signature, callbackEach) {
    // Append the signature
    if (signature) {
      params.json.signature = {
        url: from_url,
        signature: signature
      }
    }

    logger.debug('Make retry requests to %s.', to_pod.url)

    replay(
      request.post(params, function (err, response, body) {
        callbackEach(err, response, body, params.url, to_pod)
      }),
      {
        retries: constants.REQUEST_RETRIES,
        factor: 3,
        maxTimeout: Infinity,
        errorCodes: [ 'EADDRINFO', 'ETIMEDOUT', 'ECONNRESET', 'ESOCKETTIMEDOUT', 'ENOTFOUND', 'ECONNREFUSED' ]
      }
    ).on('replay', function (replay) {
      logger.info('Replaying request to %s. Request failed: %d %s. Replay number: #%d. Will retry in: %d ms.',
        params.url, replay.error.code, replay.error.message, replay.number, replay.delay)
    })
  }
})()
Commit	Line	Data
8c308c2b C	1	;(function () {
	2	'use strict'
	3
3bcb78b3	4	var async = require('async')
8c308c2b	5	var config = require('config')
a1860380	6	var crypto = require('crypto')
8c308c2b C	7	var fs = require('fs')
8c308c2b C	8	var openssl = require('openssl-wrapper')
a1860380 C	9	var request = require('request')
	10	var replay = require('request-replay')
	11	var ursa = require('ursa')
8c308c2b	12
cda02107	13	var constants = require('../initializers/constants')
8c308c2b C	14	var logger = require('./logger')
8c308c2b C	15
c45f7f84	16	var certDir = __dirname + '/../' + config.get('storage.certs')
8c308c2b C	17	var http = config.get('webserver.https') ? 'https' : 'http'
	18	var host = config.get('webserver.host')
	19	var port = config.get('webserver.port')
	20	var algorithm = 'aes-256-ctr'
	21
c45f7f84 C	22	var utils = {
	23	getCertDir: getCertDir,
	24	certsExist: certsExist,
	25	cleanForExit: cleanForExit,
	26	createCerts: createCerts,
	27	createCertsIfNotExist: createCertsIfNotExist,
	28	generatePassword: generatePassword,
	29	makeMultipleRetryRequest: makeMultipleRetryRequest,
	30	symetricEncrypt: symetricEncrypt,
	31	symetricDecrypt: symetricDecrypt
8c308c2b C	32	}
8c308c2b C	33
c45f7f84 C	34	function getCertDir () {
	35	return certDir
	36	}
8c308c2b	37
c45f7f84	38	function makeMultipleRetryRequest (all_data, pods, callbackEach, callback) {
8c308c2b C	39	if (!callback) {
8c308c2b C	40	callback = callbackEach
45239549	41	callbackEach = null
8c308c2b C	42	}
	43
	44	var url = http + '://' + host + ':' + port
	45	var signature
	46
a1860380 C	47	// Add signature if it is specified in the params
a1860380 C	48	if (all_data.method === 'POST' && all_data.data && all_data.sign === true) {
c45f7f84	49	var myKey = ursa.createPrivateKey(fs.readFileSync(certDir + 'peertube.key.pem'))
8c308c2b C	50	signature = myKey.hashAndSign('sha256', url, 'utf8', 'hex')
	51	}
	52
	53	// Make a request for each pod
3bcb78b3	54	async.each(pods, function (pod, callback_each_async) {
0b697522	55	function callbackEachRetryRequest (err, response, body, url, pod) {
45239549 C	56	if (callbackEach !== null) {
	57	callbackEach(err, response, body, url, pod, function () {
	58	callback_each_async()
	59	})
	60	} else {
3bcb78b3	61	callback_each_async()
45239549	62	}
3bcb78b3 C	63	}
3bcb78b3 C	64
8c308c2b	65	var params = {
a1860380 C	66	url: pod.url + all_data.path,
a1860380 C	67	method: all_data.method
8c308c2b C	68	}
	69
	70	// Add data with POST requst ?
a1860380	71	if (all_data.method === 'POST' && all_data.data) {
8c308c2b	72	// Encrypt data ?
a1860380	73	if (all_data.encrypt === true) {
8c308c2b C	74	var crt = ursa.createPublicKey(pod.publicKey)
	75
	76	// TODO: ES6 with let
	77	;(function (crt_copy, copy_params, copy_url, copy_pod, copy_signature) {
c45f7f84	78	symetricEncrypt(JSON.stringify(all_data.data), function (err, dataEncrypted) {
8c308c2b C	79	if (err) throw err
	80
	81	var passwordEncrypted = crt_copy.encrypt(dataEncrypted.password, 'utf8', 'hex')
	82	copy_params.json = {
	83	data: dataEncrypted.crypted,
	84	key: passwordEncrypted
	85	}
	86
3bcb78b3	87	makeRetryRequest(copy_params, copy_url, copy_pod, copy_signature, callbackEachRetryRequest)
8c308c2b C	88	})
	89	})(crt, params, url, pod, signature)
	90	} else {
a1860380	91	params.json = { data: all_data.data }
3bcb78b3	92	makeRetryRequest(params, url, pod, signature, callbackEachRetryRequest)
8c308c2b C	93	}
8c308c2b C	94	} else {
3bcb78b3	95	makeRetryRequest(params, url, pod, signature, callbackEachRetryRequest)
8c308c2b	96	}
3bcb78b3	97	}, callback)
8c308c2b C	98	}
8c308c2b C	99
c45f7f84 C	100	function certsExist (callback) {
c45f7f84 C	101	fs.exists(certDir + 'peertube.key.pem', function (exists) {
8c308c2b C	102	return callback(exists)
	103	})
	104	}
	105
c45f7f84 C	106	function createCerts (callback) {
c45f7f84 C	107	certsExist(function (exist) {
8c308c2b C	108	if (exist === true) {
	109	var string = 'Certs already exist.'
	110	logger.warning(string)
	111	return callback(new Error(string))
	112	}
	113
a1860380	114	logger.info('Generating a RSA key...')
c45f7f84	115	openssl.exec('genrsa', { 'out': certDir + 'peertube.key.pem', '2048': false }, function (err) {
8c308c2b C	116	if (err) {
	117	logger.error('Cannot create private key on this pod.', { error: err })
	118	return callback(err)
	119	}
a1860380	120	logger.info('RSA key generated.')
8c308c2b	121
a1860380	122	logger.info('Manage public key...')
c45f7f84	123	openssl.exec('rsa', { 'in': certDir + 'peertube.key.pem', 'pubout': true, 'out': certDir + 'peertube.pub' }, function (err) {
8c308c2b C	124	if (err) {
	125	logger.error('Cannot create public key on this pod .', { error: err })
	126	return callback(err)
	127	}
	128
a1860380	129	logger.info('Public key managed.')
8c308c2b C	130	return callback(null)
	131	})
	132	})
	133	})
	134	}
	135
c45f7f84 C	136	function createCertsIfNotExist (callback) {
c45f7f84 C	137	certsExist(function (exist) {
8c308c2b C	138	if (exist === true) {
	139	return callback(null)
	140	}
	141
c45f7f84	142	createCerts(function (err) {
8c308c2b C	143	return callback(err)
	144	})
	145	})
	146	}
	147
c45f7f84	148	function generatePassword (callback) {
8c308c2b C	149	crypto.randomBytes(32, function (err, buf) {
	150	if (err) {
	151	return callback(err)
	152	}
	153
	154	callback(null, buf.toString('utf8'))
	155	})
	156	}
	157
c45f7f84 C	158	function symetricEncrypt (text, callback) {
c45f7f84 C	159	generatePassword(function (err, password) {
8c308c2b C	160	if (err) {
	161	return callback(err)
	162	}
	163
	164	var cipher = crypto.createCipher(algorithm, password)
	165	var crypted = cipher.update(text, 'utf8', 'hex')
	166	crypted += cipher.final('hex')
	167	callback(null, { crypted: crypted, password: password })
	168	})
	169	}
	170
c45f7f84	171	function symetricDecrypt (text, password) {
8c308c2b C	172	var decipher = crypto.createDecipher(algorithm, password)
	173	var dec = decipher.update(text, 'hex', 'utf8')
	174	dec += decipher.final('utf8')
	175	return dec
	176	}
	177
c45f7f84	178	function cleanForExit (webtorrent_process) {
0ae2e7f7 C	179	logger.info('Gracefully exiting')
	180	process.kill(-webtorrent_process.pid)
	181	}
	182
c45f7f84 C	183	// ---------------------------------------------------------------------------
c45f7f84 C	184
8c308c2b	185	module.exports = utils
c45f7f84 C	186
	187	// ---------------------------------------------------------------------------
	188
	189	function makeRetryRequest (params, from_url, to_pod, signature, callbackEach) {
	190	// Append the signature
	191	if (signature) {
	192	params.json.signature = {
	193	url: from_url,
	194	signature: signature
	195	}
	196	}
	197
	198	logger.debug('Make retry requests to %s.', to_pod.url)
	199
	200	replay(
	201	request.post(params, function (err, response, body) {
	202	callbackEach(err, response, body, params.url, to_pod)
	203	}),
	204	{
	205	retries: constants.REQUEST_RETRIES,
	206	factor: 3,
	207	maxTimeout: Infinity,
	208	errorCodes: [ 'EADDRINFO', 'ETIMEDOUT', 'ECONNRESET', 'ESOCKETTIMEDOUT', 'ENOTFOUND', 'ECONNREFUSED' ]
	209	}
	210	).on('replay', function (replay) {
	211	logger.info('Replaying request to %s. Request failed: %d %s. Replay number: #%d. Will retry in: %d ms.',
	212	params.url, replay.error.code, replay.error.message, replay.number, replay.delay)
	213	})
	214	}
8c308c2b	215	})()