]>
Commit | Line | Data |
---|---|---|
9f10b292 C |
1 | 'use strict' |
2 | ||
f0f5567b C |
3 | const logger = require('../helpers/logger') |
4 | const peertubeCrypto = require('../helpers/peertubeCrypto') | |
5 | const Pods = require('../models/pods') | |
9f10b292 | 6 | |
f0f5567b | 7 | const secureMiddleware = { |
9f10b292 C |
8 | decryptBody: decryptBody |
9 | } | |
10 | ||
11 | function decryptBody (req, res, next) { | |
f0f5567b | 12 | const url = req.body.signature.url |
9f10b292 C |
13 | Pods.findByUrl(url, function (err, pod) { |
14 | if (err) { | |
15 | logger.error('Cannot get signed url in decryptBody.', { error: err }) | |
16 | return res.sendStatus(500) | |
17 | } | |
18 | ||
19 | if (pod === null) { | |
20 | logger.error('Unknown pod %s.', url) | |
21 | return res.sendStatus(403) | |
22 | } | |
23 | ||
24 | logger.debug('Decrypting body from %s.', url) | |
25 | ||
bc503c2a | 26 | const signatureOk = peertubeCrypto.checkSignature(pod.publicKey, url, req.body.signature.signature) |
9f10b292 | 27 | |
bc503c2a | 28 | if (signatureOk === true) { |
9f10b292 C |
29 | peertubeCrypto.decrypt(req.body.key, req.body.data, function (err, decrypted) { |
30 | if (err) { | |
31 | logger.error('Cannot decrypt data.', { error: err }) | |
32 | return res.sendStatus(500) | |
33 | } | |
34 | ||
35 | req.body.data = JSON.parse(decrypted) | |
36 | delete req.body.key | |
37 | ||
38 | next() | |
39 | }) | |
40 | } else { | |
41 | logger.error('Signature is not okay in decryptBody for %s.', req.body.signature.url) | |
42 | return res.sendStatus(403) | |
43 | } | |
44 | }) | |
45 | } | |
46 | ||
47 | // --------------------------------------------------------------------------- | |
48 | ||
49 | module.exports = secureMiddleware |