function makeSecureRequest (params, callback) {
const requestParams = {
- url: params.toPod.url + params.path
+ url: constants.REMOTE_SCHEME.HTTP + '://' + params.toPod.host + params.path
}
- // Add data with POST requst ?
- if (params.method === 'POST') {
- requestParams.json = {}
-
- // Add signature if it is specified in the params
- if (params.sign === true) {
- requestParams.json.signature = {
- url: constants.CONFIG.WEBSERVER.URL,
- signature: peertubeCrypto.sign(constants.CONFIG.WEBSERVER.URL)
- }
- }
+ if (params.method !== 'POST') {
+ return callback(new Error('Cannot make a secure request with a non POST method.'))
+ }
- // If there are data informations
- if (params.data) {
- // Encrypt data
- if (params.encrypt === true) {
- peertubeCrypto.encrypt(params.toPod.publicKey, JSON.stringify(params.data), function (err, encrypted) {
- if (err) return callback(err)
+ requestParams.json = {}
- requestParams.json.data = encrypted.data
- requestParams.json.key = encrypted.key
+ // Add signature if it is specified in the params
+ if (params.sign === true) {
+ const host = constants.CONFIG.WEBSERVER.HOST
- request.post(requestParams, callback)
- })
- } else {
- // No encryption
- requestParams.json.data = params.data
- request.post(requestParams, callback)
- }
+ let dataToSign
+ if (params.data) {
+ dataToSign = dataToSign = params.data
} else {
- // No data
- request.post(requestParams, callback)
+ // We do not have data to sign so we just take our host
+ // It is not ideal but the connection should be in HTTPS
+ dataToSign = host
}
- } else {
- request.get(requestParams, callback)
+
+ requestParams.json.signature = {
+ host, // Which host we pretend to be
+ signature: peertubeCrypto.sign(dataToSign)
+ }
+ }
+
+ // If there are data informations
+ if (params.data) {
+ requestParams.json.data = params.data
}
+
+ console.log(requestParams.json.data)
+
+ request.post(requestParams, callback)
}
// ---------------------------------------------------------------------------