import { createSign, createVerify } from 'crypto'
import { Request } from 'express'
import { cloneDeep } from 'lodash'
+import { sha256 } from '@shared/extra-utils'
import { BCRYPT_SALT_SIZE, HTTP_SIGNATURE, PRIVATE_RSA_KEY_SIZE } from '../initializers/constants'
import { MActor } from '../types/models'
-import { createPrivateKey, getPublicKey, promisify1, promisify2, sha256 } from './core-utils'
+import { generateRSAKeyPairPromise, promisify1, promisify2 } from './core-utils'
import { jsonld } from './custom-jsonld-signature'
import { logger } from './logger'
const httpSignature = require('@peertube/http-signature')
-async function createPrivateAndPublicKeys () {
+function createPrivateAndPublicKeys () {
logger.info('Generating a RSA key...')
- const { key } = await createPrivateKey(PRIVATE_RSA_KEY_SIZE)
- const { publicKey } = await getPublicKey(key)
-
- return { privateKey: key, publicKey }
+ return generateRSAKeyPairPromise(PRIVATE_RSA_KEY_SIZE)
}
// User password checks
}
function parseHTTPSignature (req: Request, clockSkew?: number) {
- const headers = req.method === 'POST'
- ? HTTP_SIGNATURE.REQUIRED_HEADERS.POST
- : HTTP_SIGNATURE.REQUIRED_HEADERS.ALL
+ const requiredHeaders = req.method === 'POST'
+ ? [ '(request-target)', 'host', 'digest' ]
+ : [ '(request-target)', 'host' ]
+
+ const parsed = httpSignature.parse(req, { clockSkew, headers: requiredHeaders })
+
+ const parsedHeaders = parsed.params.headers
+ if (!parsedHeaders.includes('date') && !parsedHeaders.includes('(created)')) {
+ throw new Error(`date or (created) must be included in signature`)
+ }
- return httpSignature.parse(req, { clockSkew, headers })
+ return parsed
}
// JSONLD
projects / github / Chocobozzz / PeerTube.git / blobdiff