const middlewares = require('../../../middlewares')
const admin = middlewares.admin
const oAuth = middlewares.oauth
+const checkSignature = middlewares.secure.checkSignature
const validators = middlewares.validators.pods
const signatureValidator = middlewares.validators.remote.signature
quitFriends
)
// Post because this is a secured request
-router.post('/remove', signatureValidator, removePods)
+router.post('/remove',
+ signatureValidator,
+ checkSignature,
+ removePods
+)
// ---------------------------------------------------------------------------
const Pod = mongoose.model('Pod')
const secureMiddleware = {
+ checkSignature: checkSignature,
decryptBody: decryptBody
}
-function decryptBody (req, res, next) {
+function checkSignature (req, res, next) {
const url = req.body.signature.url
Pod.loadByUrl(url, function (err, pod) {
if (err) {
const signatureOk = peertubeCrypto.checkSignature(pod.publicKey, url, req.body.signature.signature)
if (signatureOk === true) {
- peertubeCrypto.decrypt(req.body.key, req.body.data, function (err, decrypted) {
- if (err) {
- logger.error('Cannot decrypt data.', { error: err })
- return res.sendStatus(500)
- }
-
- try {
- req.body.data = JSON.parse(decrypted)
- delete req.body.key
- } catch (err) {
- logger.error('Error in JSON.parse', { error: err })
- return res.sendStatus(500)
- }
-
- next()
- })
- } else {
- logger.error('Signature is not okay in decryptBody for %s.', req.body.signature.url)
- return res.sendStatus(403)
+ return next()
+ }
+
+ logger.error('Signature is not okay in decryptBody for %s.', req.body.signature.url)
+ return res.sendStatus(403)
+ })
+}
+
+function decryptBody (req, res, next) {
+ peertubeCrypto.decrypt(req.body.key, req.body.data, function (err, decrypted) {
+ if (err) {
+ logger.error('Cannot decrypt data.', { error: err })
+ return res.sendStatus(500)
}
+
+ try {
+ req.body.data = JSON.parse(decrypted)
+ delete req.body.key
+ } catch (err) {
+ logger.error('Error in JSON.parse', { error: err })
+ return res.sendStatus(500)
+ }
+
+ next()
})
}