]>
Commit | Line | Data |
---|---|---|
1 | 'use strict' | |
2 | ||
3 | const logger = require('../helpers/logger') | |
4 | const mongoose = require('mongoose') | |
5 | const peertubeCrypto = require('../helpers/peertube-crypto') | |
6 | ||
7 | const Pod = mongoose.model('Pod') | |
8 | ||
9 | const secureMiddleware = { | |
10 | decryptBody: decryptBody | |
11 | } | |
12 | ||
13 | function decryptBody (req, res, next) { | |
14 | const url = req.body.signature.url | |
15 | Pod.loadByUrl(url, function (err, pod) { | |
16 | if (err) { | |
17 | logger.error('Cannot get signed url in decryptBody.', { error: err }) | |
18 | return res.sendStatus(500) | |
19 | } | |
20 | ||
21 | if (pod === null) { | |
22 | logger.error('Unknown pod %s.', url) | |
23 | return res.sendStatus(403) | |
24 | } | |
25 | ||
26 | logger.debug('Decrypting body from %s.', url) | |
27 | ||
28 | const signatureOk = peertubeCrypto.checkSignature(pod.publicKey, url, req.body.signature.signature) | |
29 | ||
30 | if (signatureOk === true) { | |
31 | peertubeCrypto.decrypt(req.body.key, req.body.data, function (err, decrypted) { | |
32 | if (err) { | |
33 | logger.error('Cannot decrypt data.', { error: err }) | |
34 | return res.sendStatus(500) | |
35 | } | |
36 | ||
37 | try { | |
38 | req.body.data = JSON.parse(decrypted) | |
39 | delete req.body.key | |
40 | } catch (err) { | |
41 | logger.error('Error in JSON.parse', { error: err }) | |
42 | return res.sendStatus(500) | |
43 | } | |
44 | ||
45 | next() | |
46 | }) | |
47 | } else { | |
48 | logger.error('Signature is not okay in decryptBody for %s.', req.body.signature.url) | |
49 | return res.sendStatus(403) | |
50 | } | |
51 | }) | |
52 | } | |
53 | ||
54 | // --------------------------------------------------------------------------- | |
55 | ||
56 | module.exports = secureMiddleware |