]> git.immae.eu Git - github/Chocobozzz/PeerTube.git/blob - server/helpers/peertube-crypto.js
projects / github / Chocobozzz / PeerTube.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Server: do not break remote videos processing on error
[github/Chocobozzz/PeerTube.git] / server / helpers / peertube-crypto.js
1 'use strict'
2
3 const crypto = require('crypto')
4 const bcrypt = require('bcrypt')
5 const fs = require('fs')
6 const openssl = require('openssl-wrapper')
7
8 const constants = require('../initializers/constants')
9 const logger = require('./logger')
10
11 const peertubeCrypto = {
12 checkSignature,
13 comparePassword,
14 createCertsIfNotExist,
15 cryptPassword,
16 sign
17 }
18
19 function checkSignature (publicKey, data, hexSignature) {
20 const verify = crypto.createVerify(constants.SIGNATURE_ALGORITHM)
21
22 let dataString
23 if (typeof data === 'string') {
24 dataString = data
25 } else {
26 try {
27 dataString = JSON.stringify(data)
28 } catch (err) {
29 logger.error('Cannot check signature.', { error: err })
30 return false
31 }
32 }
33
34 verify.update(dataString, 'utf8')
35
36 const isValid = verify.verify(publicKey, hexSignature, constants.SIGNATURE_ENCODING)
37 return isValid
38 }
39
40 function sign (data) {
41 const sign = crypto.createSign(constants.SIGNATURE_ALGORITHM)
42
43 let dataString
44 if (typeof data === 'string') {
45 dataString = data
46 } else {
47 try {
48 dataString = JSON.stringify(data)
49 } catch (err) {
50 logger.error('Cannot sign data.', { error: err })
51 return ''
52 }
53 }
54
55 sign.update(dataString, 'utf8')
56
57 // TODO: make async
58 const myKey = fs.readFileSync(constants.CONFIG.STORAGE.CERT_DIR + 'peertube.key.pem')
59 const signature = sign.sign(myKey, constants.SIGNATURE_ENCODING)
60
61 return signature
62 }
63
64 function comparePassword (plainPassword, hashPassword, callback) {
65 bcrypt.compare(plainPassword, hashPassword, function (err, isPasswordMatch) {
66 if (err) return callback(err)
67
68 return callback(null, isPasswordMatch)
69 })
70 }
71
72 function createCertsIfNotExist (callback) {
73 certsExist(function (exist) {
74 if (exist === true) {
75 return callback(null)
76 }
77
78 createCerts(function (err) {
79 return callback(err)
80 })
81 })
82 }
83
84 function cryptPassword (password, callback) {
85 bcrypt.genSalt(constants.BCRYPT_SALT_SIZE, function (err, salt) {
86 if (err) return callback(err)
87
88 bcrypt.hash(password, salt, function (err, hash) {
89 return callback(err, hash)
90 })
91 })
92 }
93
94 // ---------------------------------------------------------------------------
95
96 module.exports = peertubeCrypto
97
98 // ---------------------------------------------------------------------------
99
100 function certsExist (callback) {
101 fs.exists(constants.CONFIG.STORAGE.CERT_DIR + 'peertube.key.pem', function (exists) {
102 return callback(exists)
103 })
104 }
105
106 function createCerts (callback) {
107 certsExist(function (exist) {
108 if (exist === true) {
109 const string = 'Certs already exist.'
110 logger.warning(string)
111 return callback(new Error(string))
112 }
113
114 logger.info('Generating a RSA key...')
115
116 let options = {
117 'out': constants.CONFIG.STORAGE.CERT_DIR + 'peertube.key.pem',
118 '2048': false
119 }
120 openssl.exec('genrsa', options, function (err) {
121 if (err) {
122 logger.error('Cannot create private key on this pod.')
123 return callback(err)
124 }
125 logger.info('RSA key generated.')
126
127 options = {
128 'in': constants.CONFIG.STORAGE.CERT_DIR + 'peertube.key.pem',
129 'pubout': true,
130 'out': constants.CONFIG.STORAGE.CERT_DIR + 'peertube.pub'
131 }
132 logger.info('Manage public key...')
133 openssl.exec('rsa', options, function (err) {
134 if (err) {
135 logger.error('Cannot create public key on this pod.')
136 return callback(err)
137 }
138
139 logger.info('Public key managed.')
140 return callback(null)
141 })
142 })
143 })
144 }
ActivityPub-federated video streaming platform using P2P directly in your web browser