X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=middlewares%2Fsecure.js;h=bfd28316a3b1551c38508cd09b59510596fb80c6;hb=c35ae59dba667b5b416d3b1803fedd58114d0382;hp=99ac9cdaeeed43e092ef85e422f240de8537e942;hpb=a5fa04b0cce851f680a45055f57ed2c3d22f1c82;p=github%2FChocobozzz%2FPeerTube.git

diff --git a/middlewares/secure.js b/middlewares/secure.js
index 99ac9cdae..bfd28316a 100644
--- a/middlewares/secure.js
+++ b/middlewares/secure.js
@@ -1,50 +1,49 @@
-;(function () {
-  'use strict'
-
-  var fs = require('fs')
-  var ursa = require('ursa')
-
-  var logger = require('../helpers/logger')
-  var Pods = require('../models/pods')
-  var utils = require('../helpers/utils')
-
-  var secureMiddleware = {
-    decryptBody: decryptBody
-  }
-
-  function decryptBody (req, res, next) {
-    var url = req.body.signature.url
-    Pods.findByUrl(url, function (err, pod) {
-      if (err) {
-        logger.error('Cannot get signed url in decryptBody.', { error: err })
-        return res.sendStatus(500)
-      }
-
-      if (pod === null) {
-        logger.error('Unknown pod %s.', url)
-        return res.sendStatus(403)
-      }
-
-      logger.debug('Decrypting body from %s.', url)
-
-      var crt = ursa.createPublicKey(pod.publicKey)
-      var signature_ok = crt.hashAndVerify('sha256', new Buffer(req.body.signature.url).toString('hex'), req.body.signature.signature, 'hex')
-
-      if (signature_ok === true) {
-        var myKey = ursa.createPrivateKey(fs.readFileSync(utils.getCertDir() + 'peertube.key.pem'))
-        var decryptedKey = myKey.decrypt(req.body.key, 'hex', 'utf8')
-        req.body.data = JSON.parse(utils.symetricDecrypt(req.body.data, decryptedKey))
+'use strict'
+
+var logger = require('../helpers/logger')
+var peertubeCrypto = require('../helpers/peertubeCrypto')
+var Pods = require('../models/pods')
+
+var secureMiddleware = {
+  decryptBody: decryptBody
+}
+
+function decryptBody (req, res, next) {
+  var url = req.body.signature.url
+  Pods.findByUrl(url, function (err, pod) {
+    if (err) {
+      logger.error('Cannot get signed url in decryptBody.', { error: err })
+      return res.sendStatus(500)
+    }
+
+    if (pod === null) {
+      logger.error('Unknown pod %s.', url)
+      return res.sendStatus(403)
+    }
+
+    logger.debug('Decrypting body from %s.', url)
+
+    var signature_ok = peertubeCrypto.checkSignature(pod.publicKey, url, req.body.signature.signature)
+
+    if (signature_ok === true) {
+      peertubeCrypto.decrypt(req.body.key, req.body.data, function (err, decrypted) {
+        if (err) {
+          logger.error('Cannot decrypt data.', { error: err })
+          return res.sendStatus(500)
+        }
+
+        req.body.data = JSON.parse(decrypted)
         delete req.body.key
-      } else {
-        logger.error('Signature is not okay in decryptBody for %s.', req.body.signature.url)
-        return res.sendStatus(403)
-      }
 
-      next()
-    })
-  }
+        next()
+      })
+    } else {
+      logger.error('Signature is not okay in decryptBody for %s.', req.body.signature.url)
+      return res.sendStatus(403)
+    }
+  })
+}
 
-  // ---------------------------------------------------------------------------
+// ---------------------------------------------------------------------------
 
-  module.exports = secureMiddleware
-})()
+module.exports = secureMiddleware