Split misc middleware

author: Chocobozzz <florian.bigard@gmail.com> 2016-02-04 21:16:27 +0100
committer: Chocobozzz <florian.bigard@gmail.com> 2016-02-04 21:23:06 +0100
commit: a5fa04b0cce851f680a45055f57ed2c3d22f1c82 (patch)
tree: 0749c4d6889d7cf250110f9ff59a8cd22ee8a480 /middlewares/secure.js
parent: c173e56520b0fe4206b9ea8049b6add40bfeabcd (diff)
download: PeerTube-a5fa04b0cce851f680a45055f57ed2c3d22f1c82.tar.gz
PeerTube-a5fa04b0cce851f680a45055f57ed2c3d22f1c82.tar.zst
PeerTube-a5fa04b0cce851f680a45055f57ed2c3d22f1c82.zip
1 files changed, 50 insertions, 0 deletions
diff --git a/middlewares/secure.js b/middlewares/secure.js
new file mode 100644
index 000000000..99ac9cdae
--- /dev/null
+++ b/middlewares/secure.js
@@ -0,0 +1,50 @@
+;(function () {
+  'use strict'
+  var fs = require('fs')
+  var ursa = require('ursa')
+  var logger = require('../helpers/logger')
+  var Pods = require('../models/pods')
+  var utils = require('../helpers/utils')
+  var secureMiddleware = {
+    decryptBody: decryptBody
+  }
+  function decryptBody (req, res, next) {
+    var url = req.body.signature.url
+    Pods.findByUrl(url, function (err, pod) {
+      if (err) {
+        logger.error('Cannot get signed url in decryptBody.', { error: err })
+        return res.sendStatus(500)
+      }
+      if (pod === null) {
+        logger.error('Unknown pod %s.', url)
+        return res.sendStatus(403)
+      }
+      logger.debug('Decrypting body from %s.', url)
+      var crt = ursa.createPublicKey(pod.publicKey)
+      var signature_ok = crt.hashAndVerify('sha256', new Buffer(req.body.signature.url).toString('hex'), req.body.signature.signature, 'hex')
+      if (signature_ok === true) {
+        var myKey = ursa.createPrivateKey(fs.readFileSync(utils.getCertDir() + 'peertube.key.pem'))
+        var decryptedKey = myKey.decrypt(req.body.key, 'hex', 'utf8')
+        req.body.data = JSON.parse(utils.symetricDecrypt(req.body.data, decryptedKey))
+        delete req.body.key
+      } else {
+        logger.error('Signature is not okay in decryptBody for %s.', req.body.signature.url)
+        return res.sendStatus(403)
+      }
+      next()
+    })
+  }
+  // ---------------------------------------------------------------------------
+  module.exports = secureMiddleware
+})()
author	Chocobozzz <florian.bigard@gmail.com>	2016-02-04 21:16:27 +0100
committer	Chocobozzz <florian.bigard@gmail.com>	2016-02-04 21:23:06 +0100
commit	a5fa04b0cce851f680a45055f57ed2c3d22f1c82 (patch)
tree	0749c4d6889d7cf250110f9ff59a8cd22ee8a480 /middlewares/secure.js
parent	c173e56520b0fe4206b9ea8049b6add40bfeabcd (diff)
download	PeerTube-a5fa04b0cce851f680a45055f57ed2c3d22f1c82.tar.gz PeerTube-a5fa04b0cce851f680a45055f57ed2c3d22f1c82.tar.zst PeerTube-a5fa04b0cce851f680a45055f57ed2c3d22f1c82.zip

diff --git a/middlewares/secure.js b/middlewares/secure.js new file mode 100644 index 000000000..99ac9cdae --- /dev/null +++ b/middlewares/secure.js
@@ -0,0 +1,50 @@
	1	;(function () {
	2	'use strict'
	3
	4	var fs = require('fs')
	5	var ursa = require('ursa')
	6
	7	var logger = require('../helpers/logger')
	8	var Pods = require('../models/pods')
	9	var utils = require('../helpers/utils')
	10
	11	var secureMiddleware = {
	12	decryptBody: decryptBody
	13	}
	14
	15	function decryptBody (req, res, next) {
	16	var url = req.body.signature.url
	17	Pods.findByUrl(url, function (err, pod) {
	18	if (err) {
	19	logger.error('Cannot get signed url in decryptBody.', { error: err })
	20	return res.sendStatus(500)
	21	}
	22
	23	if (pod === null) {
	24	logger.error('Unknown pod %s.', url)
	25	return res.sendStatus(403)
	26	}
	27
	28	logger.debug('Decrypting body from %s.', url)
	29
	30	var crt = ursa.createPublicKey(pod.publicKey)
	31	var signature_ok = crt.hashAndVerify('sha256', new Buffer(req.body.signature.url).toString('hex'), req.body.signature.signature, 'hex')
	32
	33	if (signature_ok === true) {
	34	var myKey = ursa.createPrivateKey(fs.readFileSync(utils.getCertDir() + 'peertube.key.pem'))
	35	var decryptedKey = myKey.decrypt(req.body.key, 'hex', 'utf8')
	36	req.body.data = JSON.parse(utils.symetricDecrypt(req.body.data, decryptedKey))
	37	delete req.body.key
	38	} else {
	39	logger.error('Signature is not okay in decryptBody for %s.', req.body.signature.url)
	40	return res.sendStatus(403)
	41	}
	42
	43	next()
	44	})
	45	}
	46
	47	// ---------------------------------------------------------------------------
	48
	49	module.exports = secureMiddleware
	50	})()