X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=server%2Fmiddlewares%2Fsecure.js;h=fa000c6f077b74b0dc418d5f5950ccee3160a300;hb=ec8d8440a893ba64075da2e57ea04c7976e0b303;hp=9ecbf5df18db6d3a00b086973839e1e106274fb0;hpb=f0f5567b6918fc60c8cab15e13aec03a89a91dfb;p=github%2FChocobozzz%2FPeerTube.git diff --git a/server/middlewares/secure.js b/server/middlewares/secure.js index 9ecbf5df1..fa000c6f0 100644 --- a/server/middlewares/secure.js +++ b/server/middlewares/secure.js @@ -1,8 +1,10 @@ 'use strict' const logger = require('../helpers/logger') -const peertubeCrypto = require('../helpers/peertubeCrypto') -const Pods = require('../models/pods') +const mongoose = require('mongoose') +const peertubeCrypto = require('../helpers/peertube-crypto') + +const Pod = mongoose.model('Pod') const secureMiddleware = { decryptBody: decryptBody @@ -10,7 +12,7 @@ const secureMiddleware = { function decryptBody (req, res, next) { const url = req.body.signature.url - Pods.findByUrl(url, function (err, pod) { + Pod.loadByUrl(url, function (err, pod) { if (err) { logger.error('Cannot get signed url in decryptBody.', { error: err }) return res.sendStatus(500) @@ -23,17 +25,22 @@ function decryptBody (req, res, next) { logger.debug('Decrypting body from %s.', url) - const signature_ok = peertubeCrypto.checkSignature(pod.publicKey, url, req.body.signature.signature) + const signatureOk = peertubeCrypto.checkSignature(pod.publicKey, url, req.body.signature.signature) - if (signature_ok === true) { + if (signatureOk === true) { peertubeCrypto.decrypt(req.body.key, req.body.data, function (err, decrypted) { if (err) { logger.error('Cannot decrypt data.', { error: err }) return res.sendStatus(500) } - req.body.data = JSON.parse(decrypted) - delete req.body.key + try { + req.body.data = JSON.parse(decrypted) + delete req.body.key + } catch (err) { + logger.error('Error in JSON.parse', { error: err }) + return res.sendStatus(500) + } next() })