]>
Commit | Line | Data |
---|---|---|
b60035d8 C |
1 | ;(function () { |
2 | 'use strict' | |
3 | ||
b60035d8 | 4 | var fs = require('fs') |
c45f7f84 | 5 | var ursa = require('ursa') |
b60035d8 | 6 | |
cda02107 | 7 | var logger = require('../helpers/logger') |
cda02107 | 8 | var PodsDB = require('../initializers/database').PodsDB |
c45f7f84 | 9 | var utils = require('../helpers/utils') |
b60035d8 | 10 | |
c45f7f84 C |
11 | var miscMiddleware = { |
12 | cache: cache, | |
13 | decryptBody: decryptBody | |
14 | } | |
b60035d8 | 15 | |
c45f7f84 | 16 | function cache (cache) { |
b60035d8 C |
17 | return function (req, res, next) { |
18 | // If we want explicitly a cache | |
19 | // Or if we don't specify if we want a cache or no and we are in production | |
20 | if (cache === true || (cache !== false && process.env.NODE_ENV === 'production')) { | |
21 | res.setHeader('Cache-Control', 'public') | |
22 | } else { | |
23 | res.setHeader('Cache-Control', 'no-cache, no-store, max-age=0, must-revalidate') | |
24 | } | |
25 | ||
26 | next() | |
27 | } | |
28 | } | |
29 | ||
c45f7f84 | 30 | function decryptBody (req, res, next) { |
b60035d8 C |
31 | PodsDB.findOne({ url: req.body.signature.url }, function (err, pod) { |
32 | if (err) { | |
33 | logger.error('Cannot get signed url in decryptBody.', { error: err }) | |
45239549 C |
34 | return res.sendStatus(500) |
35 | } | |
36 | ||
37 | if (pod === null) { | |
38 | logger.error('Unknown pod %s.', req.body.signature.url) | |
39 | return res.sendStatus(403) | |
b60035d8 C |
40 | } |
41 | ||
1cb4884d | 42 | logger.debug('Decrypting body from %s.', req.body.signature.url) |
b60035d8 C |
43 | |
44 | var crt = ursa.createPublicKey(pod.publicKey) | |
45 | var signature_ok = crt.hashAndVerify('sha256', new Buffer(req.body.signature.url).toString('hex'), req.body.signature.signature, 'hex') | |
46 | ||
47 | if (signature_ok === true) { | |
c45f7f84 | 48 | var myKey = ursa.createPrivateKey(fs.readFileSync(utils.getCertDir() + 'peertube.key.pem')) |
b60035d8 | 49 | var decryptedKey = myKey.decrypt(req.body.key, 'hex', 'utf8') |
b60035d8 | 50 | req.body.data = JSON.parse(utils.symetricDecrypt(req.body.data, decryptedKey)) |
1cb4884d | 51 | delete req.body.key |
b60035d8 C |
52 | } else { |
53 | logger.error('Signature is not okay in decryptBody for %s.', req.body.signature.url) | |
45239549 | 54 | return res.sendStatus(403) |
b60035d8 C |
55 | } |
56 | ||
57 | next() | |
58 | }) | |
59 | } | |
60 | ||
c45f7f84 C |
61 | // --------------------------------------------------------------------------- |
62 | ||
63 | module.exports = miscMiddleware | |
b60035d8 | 64 | })() |