X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=server%2Fhelpers%2Fpeertube-crypto.ts;h=1a7ee24a757843feecf1a7fb4cb9b0b155eb2c9d;hb=5d2fd66ab4a75281dab6363ba9131adee7be3a2b;hp=66060bde294d39137a69da2116171a5bca386bba;hpb=41fb13c330de629df2d23379209e79c7af0f2e9a;p=github%2FChocobozzz%2FPeerTube.git

diff --git a/server/helpers/peertube-crypto.ts b/server/helpers/peertube-crypto.ts
index 66060bde2..1a7ee24a7 100644
--- a/server/helpers/peertube-crypto.ts
+++ b/server/helpers/peertube-crypto.ts
@@ -2,9 +2,10 @@ import { compare, genSalt, hash } from 'bcrypt'
 import { createSign, createVerify } from 'crypto'
 import { Request } from 'express'
 import { cloneDeep } from 'lodash'
+import { sha256 } from '@shared/extra-utils'
 import { BCRYPT_SALT_SIZE, HTTP_SIGNATURE, PRIVATE_RSA_KEY_SIZE } from '../initializers/constants'
 import { MActor } from '../types/models'
-import { createPrivateKey, getPublicKey, promisify1, promisify2, sha256 } from './core-utils'
+import { createPrivateKey, getPublicKey, promisify1, promisify2 } from './core-utils'
 import { jsonld } from './custom-jsonld-signature'
 import { logger } from './logger'
 
@@ -12,7 +13,7 @@ const bcryptComparePromise = promisify2<any, string, boolean>(compare)
 const bcryptGenSaltPromise = promisify1<number, string>(genSalt)
 const bcryptHashPromise = promisify2<any, string | number, string>(hash)
 
-const httpSignature = require('http-signature')
+const httpSignature = require('@peertube/http-signature')
 
 async function createPrivateAndPublicKeys () {
   logger.info('Generating a RSA key...')
@@ -50,11 +51,18 @@ function isHTTPSignatureVerified (httpSignatureParsed: any, actor: MActor): bool
 }
 
 function parseHTTPSignature (req: Request, clockSkew?: number) {
-  const headers = req.method === 'POST'
-    ? HTTP_SIGNATURE.REQUIRED_HEADERS.POST
-    : HTTP_SIGNATURE.REQUIRED_HEADERS.ALL
+  const requiredHeaders = req.method === 'POST'
+    ? [ '(request-target)', 'host', 'digest' ]
+    : [ '(request-target)', 'host' ]
 
-  return httpSignature.parse(req, { clockSkew, headers })
+  const parsed = httpSignature.parse(req, { clockSkew, headers: requiredHeaders })
+
+  const parsedHeaders = parsed.params.headers
+  if (!parsedHeaders.includes('date') && !parsedHeaders.includes('(created)')) {
+    throw new Error(`date or (created) must be included in signature`)
+  }
+
+  return parsed
 }
 
 // JSONLD