server/middlewares/secure.js

   1 'use strict'
   2
   3 const db = require('../initializers/database')
   4 const logger = require('../helpers/logger')
   5 const peertubeCrypto = require('../helpers/peertube-crypto')
   6
   7 const secureMiddleware = {
   8   checkSignature
   9 }
  10
  11 function checkSignature (req, res, next) {
  12   const host = req.body.signature.host
  13   db.Pod.loadByHost(host, function (err, pod) {
  14     if (err) {
  15       logger.error('Cannot get signed host in body.', { error: err })
  16       return res.sendStatus(500)
  17     }
  18
  19     if (pod === null) {
  20       logger.error('Unknown pod %s.', host)
  21       return res.sendStatus(403)
  22     }
  23
  24     logger.debug('Checking signature from %s.', host)
  25
  26     let signatureShouldBe
  27     // If there is data in the body the sender used it for its signature
  28     // If there is no data we just use its host as signature
  29     if (req.body.data) {
  30       signatureShouldBe = req.body.data
  31     } else {
  32       signatureShouldBe = host
  33     }
  34
  35     const signatureOk = peertubeCrypto.checkSignature(pod.publicKey, signatureShouldBe, req.body.signature.signature)
  36
  37     if (signatureOk === true) {
  38       res.locals.secure = {
  39         pod
  40       }
  41
  42       return next()
  43     }
  44
  45     logger.error('Signature is not okay in body for %s.', req.body.signature.host)
  46     return res.sendStatus(403)
  47   })
  48 }
  49
  50 // ---------------------------------------------------------------------------
  51
  52 module.exports = secureMiddleware