X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;ds=sidebyside;f=server%2Fhelpers%2Fpeertube-crypto.ts;h=dcf47ce761efb5752cb2af92c0fb7283a9a62cf4;hb=2166c058f34dff6f91566930d12448805d829de7;hp=b8f7c782ae7b88ba88463d14f156d43d65a9dec1;hpb=c3edc5b074aa4bb1861ed0a94d3713808e87170f;p=github%2FChocobozzz%2FPeerTube.git

diff --git a/server/helpers/peertube-crypto.ts b/server/helpers/peertube-crypto.ts
index b8f7c782a..dcf47ce76 100644
--- a/server/helpers/peertube-crypto.ts
+++ b/server/helpers/peertube-crypto.ts
@@ -5,7 +5,7 @@ import { cloneDeep } from 'lodash'
 import { sha256 } from '@shared/extra-utils'
 import { BCRYPT_SALT_SIZE, HTTP_SIGNATURE, PRIVATE_RSA_KEY_SIZE } from '../initializers/constants'
 import { MActor } from '../types/models'
-import { createPrivateKey, getPublicKey, promisify1, promisify2 } from './core-utils'
+import { generateRSAKeyPairPromise, promisify1, promisify2 } from './core-utils'
 import { jsonld } from './custom-jsonld-signature'
 import { logger } from './logger'
 
@@ -15,18 +15,17 @@ const bcryptHashPromise = promisify2<any, string | number, string>(hash)
 
 const httpSignature = require('@peertube/http-signature')
 
-async function createPrivateAndPublicKeys () {
+function createPrivateAndPublicKeys () {
   logger.info('Generating a RSA key...')
 
-  const { key } = await createPrivateKey(PRIVATE_RSA_KEY_SIZE)
-  const { publicKey } = await getPublicKey(key)
-
-  return { privateKey: key, publicKey }
+  return generateRSAKeyPairPromise(PRIVATE_RSA_KEY_SIZE)
 }
 
 // User password checks
 
 function comparePassword (plainPassword: string, hashPassword: string) {
+  if (!plainPassword) return Promise.resolve(false)
+
   return bcryptComparePromise(plainPassword, hashPassword)
 }
 
@@ -51,11 +50,18 @@ function isHTTPSignatureVerified (httpSignatureParsed: any, actor: MActor): bool
 }
 
 function parseHTTPSignature (req: Request, clockSkew?: number) {
-  const headers = req.method === 'POST'
-    ? HTTP_SIGNATURE.REQUIRED_HEADERS.POST
-    : HTTP_SIGNATURE.REQUIRED_HEADERS.ALL
+  const requiredHeaders = req.method === 'POST'
+    ? [ '(request-target)', 'host', 'digest' ]
+    : [ '(request-target)', 'host' ]
+
+  const parsed = httpSignature.parse(req, { clockSkew, headers: requiredHeaders })
+
+  const parsedHeaders = parsed.params.headers
+  if (!parsedHeaders.includes('date') && !parsedHeaders.includes('(created)')) {
+    throw new Error(`date or (created) must be included in signature`)
+  }
 
-  return httpSignature.parse(req, { clockSkew, headers })
+  return parsed
 }
 
 // JSONLD
@@ -131,12 +137,11 @@ export {
 // ---------------------------------------------------------------------------
 
 function hashObject (obj: any): Promise<any> {
-  return jsonld.promises
-               .normalize(obj, {
-                 algorithm: 'URDNA2015',
-                 format: 'application/n-quads'
-               })
-               .then(res => sha256(res))
+  return jsonld.promises.normalize(obj, {
+    safe: false,
+    algorithm: 'URDNA2015',
+    format: 'application/n-quads'
+  }).then(res => sha256(res))
 }
 
 function createSignatureHash (signature: any) {