middlewares/secure.js

   1 ;(function () {
   2   'use strict'
   3
   4   var fs = require('fs')
   5   var ursa = require('ursa')
   6
   7   var logger = require('../helpers/logger')
   8   var Pods = require('../models/pods')
   9   var utils = require('../helpers/utils')
  10
  11   var secureMiddleware = {
  12     decryptBody: decryptBody
  13   }
  14
  15   function decryptBody (req, res, next) {
  16     var url = req.body.signature.url
  17     Pods.findByUrl(url, function (err, pod) {
  18       if (err) {
  19         logger.error('Cannot get signed url in decryptBody.', { error: err })
  20         return res.sendStatus(500)
  21       }
  22
  23       if (pod === null) {
  24         logger.error('Unknown pod %s.', url)
  25         return res.sendStatus(403)
  26       }
  27
  28       logger.debug('Decrypting body from %s.', url)
  29
  30       var crt = ursa.createPublicKey(pod.publicKey)
  31       var signature_ok = crt.hashAndVerify('sha256', new Buffer(req.body.signature.url).toString('hex'), req.body.signature.signature, 'hex')
  32
  33       if (signature_ok === true) {
  34         var myKey = ursa.createPrivateKey(fs.readFileSync(utils.getCertDir() + 'peertube.key.pem'))
  35         var decryptedKey = myKey.decrypt(req.body.key, 'hex', 'utf8')
  36         req.body.data = JSON.parse(utils.symetricDecrypt(req.body.data, decryptedKey))
  37         delete req.body.key
  38       } else {
  39         logger.error('Signature is not okay in decryptBody for %s.', req.body.signature.url)
  40         return res.sendStatus(403)
  41       }
  42
  43       next()
  44     })
  45   }
  46
  47   // ---------------------------------------------------------------------------
  48
  49   module.exports = secureMiddleware
  50 })()