]>
Commit | Line | Data |
---|---|---|
9f10b292 C |
1 | 'use strict' |
2 | ||
feb4bdfd | 3 | const db = require('../initializers/database') |
f0f5567b | 4 | const logger = require('../helpers/logger') |
5f698b82 | 5 | const peertubeCrypto = require('../helpers/peertube-crypto') |
a3ee6fa2 | 6 | |
f0f5567b | 7 | const secureMiddleware = { |
38d78e5b | 8 | checkSignature |
9f10b292 C |
9 | } |
10 | ||
0eb78d53 | 11 | function checkSignature (req, res, next) { |
49abbbbe | 12 | const host = req.body.signature.host |
feb4bdfd | 13 | db.Pod.loadByHost(host, function (err, pod) { |
9f10b292 | 14 | if (err) { |
38d78e5b | 15 | logger.error('Cannot get signed host in body.', { error: err }) |
9f10b292 C |
16 | return res.sendStatus(500) |
17 | } | |
18 | ||
19 | if (pod === null) { | |
49abbbbe | 20 | logger.error('Unknown pod %s.', host) |
9f10b292 C |
21 | return res.sendStatus(403) |
22 | } | |
23 | ||
38d78e5b | 24 | logger.debug('Checking signature from %s.', host) |
9f10b292 | 25 | |
bdfbd4f1 | 26 | let signatureShouldBe |
5a976a8c C |
27 | // If there is data in the body the sender used it for its signature |
28 | // If there is no data we just use its host as signature | |
bdfbd4f1 C |
29 | if (req.body.data) { |
30 | signatureShouldBe = req.body.data | |
31 | } else { | |
32 | signatureShouldBe = host | |
33 | } | |
34 | ||
35 | const signatureOk = peertubeCrypto.checkSignature(pod.publicKey, signatureShouldBe, req.body.signature.signature) | |
9f10b292 | 36 | |
bc503c2a | 37 | if (signatureOk === true) { |
4ff0d862 C |
38 | res.locals.secure = { |
39 | pod | |
40 | } | |
41 | ||
0eb78d53 C |
42 | return next() |
43 | } | |
44 | ||
38d78e5b | 45 | logger.error('Signature is not okay in body for %s.', req.body.signature.host) |
0eb78d53 C |
46 | return res.sendStatus(403) |
47 | }) | |
48 | } | |
49 | ||
9f10b292 C |
50 | // --------------------------------------------------------------------------- |
51 | ||
52 | module.exports = secureMiddleware |