]>
git.immae.eu Git - github/Chocobozzz/PeerTube.git/blob - server/middlewares/secure.js
3 const logger
= require('../helpers/logger')
4 const mongoose
= require('mongoose')
5 const peertubeCrypto
= require('../helpers/peertube-crypto')
7 const Pod
= mongoose
.model('Pod')
9 const secureMiddleware
= {
10 decryptBody: decryptBody
13 function decryptBody (req
, res
, next
) {
14 const url
= req
.body
.signature
.url
15 Pod
.loadByUrl(url
, function (err
, pod
) {
17 logger
.error('Cannot get signed url in decryptBody.', { error: err
})
18 return res
.sendStatus(500)
22 logger
.error('Unknown pod %s.', url
)
23 return res
.sendStatus(403)
26 logger
.debug('Decrypting body from %s.', url
)
28 const signatureOk
= peertubeCrypto
.checkSignature(pod
.publicKey
, url
, req
.body
.signature
.signature
)
30 if (signatureOk
=== true) {
31 peertubeCrypto
.decrypt(req
.body
.key
, req
.body
.data
, function (err
, decrypted
) {
33 logger
.error('Cannot decrypt data.', { error: err
})
34 return res
.sendStatus(500)
38 req
.body
.data
= JSON
.parse(decrypted
)
41 logger
.error('Error in JSON.parse', { error: err
})
42 return res
.sendStatus(500)
48 logger
.error('Signature is not okay in decryptBody for %s.', req
.body
.signature
.url
)
49 return res
.sendStatus(403)
54 // ---------------------------------------------------------------------------
56 module
.exports
= secureMiddleware