Merge branch 'master' into webseed-merged

author: Chocobozzz <florian.bigard@gmail.com> 2016-10-02 15:39:09 +0200
committer: Chocobozzz <florian.bigard@gmail.com> 2016-10-02 15:39:09 +0200
commit: a6375e69668ea42e19531c6bc68dcd37f3f7cbd7 (patch)
tree: 03204a408d56311692c3528bedcf95d2455e94f2 /server/helpers/peertube-crypto.js
parent: 052937db8a8d282eccdbdf38d487ed8d85d3c0a7 (diff)
parent: c4403b29ad4db097af528a7f04eea07e0ed320d0 (diff)
download: PeerTube-a6375e69668ea42e19531c6bc68dcd37f3f7cbd7.tar.gz
PeerTube-a6375e69668ea42e19531c6bc68dcd37f3f7cbd7.tar.zst
PeerTube-a6375e69668ea42e19531c6bc68dcd37f3f7cbd7.zip
1 files changed, 42 insertions, 18 deletions
diff --git a/server/helpers/peertube-crypto.js b/server/helpers/peertube-crypto.js
index 46dff8d03..1ff638b04 100644
--- a/server/helpers/peertube-crypto.js
+++ b/server/helpers/peertube-crypto.js
@@ -1,24 +1,24 @@
 'use strict'
-const config = require('config')
+const bcrypt = require('bcrypt')
 const crypto = require('crypto')
 const fs = require('fs')
 const openssl = require('openssl-wrapper')
-const path = require('path')
 const ursa = require('ursa')
+const constants = require('../initializers/constants')
 const logger = require('./logger')
-const certDir = path.join(__dirname, '..', '..', config.get('storage.certs'))
 const algorithm = 'aes-256-ctr'
 const peertubeCrypto = {
-  checkSignature: checkSignature,
+  checkSignature,
-  createCertsIfNotExist: createCertsIfNotExist,
+  comparePassword,
-  decrypt: decrypt,
+  createCertsIfNotExist,
-  encrypt: encrypt,
+  cryptPassword,
-  getCertDir: getCertDir,
+  decrypt,
-  sign: sign
+  encrypt,
+  sign
 }
 function checkSignature (publicKey, rawData, hexSignature) {
@@ -27,6 +27,14 @@ function checkSignature (publicKey, rawData, hexSignature) {
  return isValid
 }
+function comparePassword (plainPassword, hashPassword, callback) {
+  bcrypt.compare(plainPassword, hashPassword, function (err, isPasswordMatch) {
+    if (err) return callback(err)
+    return callback(null, isPasswordMatch)
+  })
+}
 function createCertsIfNotExist (callback) {
  certsExist(function (exist) {
    if (exist === true) {
@@ -39,8 +47,18 @@ function createCertsIfNotExist (callback) {
  })
 }
+function cryptPassword (password, callback) {
+  bcrypt.genSalt(constants.BCRYPT_SALT_SIZE, function (err, salt) {
+    if (err) return callback(err)
+    bcrypt.hash(password, salt, function (err, hash) {
+      return callback(err, hash)
+    })
+  })
+}
 function decrypt (key, data, callback) {
-  fs.readFile(getCertDir() + 'peertube.key.pem', function (err, file) {
+  fs.readFile(constants.CONFIG.STORAGE.CERT_DIR + 'peertube.key.pem', function (err, file) {
    if (err) return callback(err)
    const myPrivateKey = ursa.createPrivateKey(file)
@@ -67,12 +85,8 @@ function encrypt (publicKey, data, callback) {
  })
 }
-function getCertDir () {
-  return certDir
-}
 function sign (data) {
-  const myKey = ursa.createPrivateKey(fs.readFileSync(certDir + 'peertube.key.pem'))
+  const myKey = ursa.createPrivateKey(fs.readFileSync(constants.CONFIG.STORAGE.CERT_DIR + 'peertube.key.pem'))
  const signature = myKey.hashAndSign('sha256', data, 'utf8', 'hex')
  return signature
@@ -85,7 +99,7 @@ module.exports = peertubeCrypto
 // ---------------------------------------------------------------------------
 function certsExist (callback) {
-  fs.exists(certDir + 'peertube.key.pem', function (exists) {
+  fs.exists(constants.CONFIG.STORAGE.CERT_DIR + 'peertube.key.pem', function (exists) {
    return callback(exists)
  })
 }
@@ -99,15 +113,25 @@ function createCerts (callback) {
    }
    logger.info('Generating a RSA key...')
-    openssl.exec('genrsa', { 'out': certDir + 'peertube.key.pem', '2048': false }, function (err) {
+    let options = {
+      'out': constants.CONFIG.STORAGE.CERT_DIR + 'peertube.key.pem',
+      '2048': false
+    }
+    openssl.exec('genrsa', options, function (err) {
      if (err) {
        logger.error('Cannot create private key on this pod.')
        return callback(err)
      }
      logger.info('RSA key generated.')
+      options = {
+        'in': constants.CONFIG.STORAGE.CERT_DIR + 'peertube.key.pem',
+        'pubout': true,
+        'out': constants.CONFIG.STORAGE.CERT_DIR + 'peertube.pub'
+      }
      logger.info('Manage public key...')
-      openssl.exec('rsa', { 'in': certDir + 'peertube.key.pem', 'pubout': true, 'out': certDir + 'peertube.pub' }, function (err) {
+      openssl.exec('rsa', options, function (err) {
        if (err) {
          logger.error('Cannot create public key on this pod.')
          return callback(err)
author	Chocobozzz <florian.bigard@gmail.com>	2016-10-02 15:39:09 +0200
committer	Chocobozzz <florian.bigard@gmail.com>	2016-10-02 15:39:09 +0200
commit	a6375e69668ea42e19531c6bc68dcd37f3f7cbd7 (patch)
tree	03204a408d56311692c3528bedcf95d2455e94f2 /server/helpers/peertube-crypto.js
parent	052937db8a8d282eccdbdf38d487ed8d85d3c0a7 (diff)
parent	c4403b29ad4db097af528a7f04eea07e0ed320d0 (diff)
download	PeerTube-a6375e69668ea42e19531c6bc68dcd37f3f7cbd7.tar.gz PeerTube-a6375e69668ea42e19531c6bc68dcd37f3f7cbd7.tar.zst PeerTube-a6375e69668ea42e19531c6bc68dcd37f3f7cbd7.zip

diff --git a/server/helpers/peertube-crypto.js b/server/helpers/peertube-crypto.js index 46dff8d03..1ff638b04 100644 --- a/server/helpers/peertube-crypto.js +++ b/server/helpers/peertube-crypto.js
@@ -1,24 +1,24 @@
1	'use strict'	1	'use strict'
2		2
3	const config = require('config')	3	const bcrypt = require('bcrypt')
4	const crypto = require('crypto')	4	const crypto = require('crypto')
5	const fs = require('fs')	5	const fs = require('fs')
6	const openssl = require('openssl-wrapper')	6	const openssl = require('openssl-wrapper')
7	const path = require('path')
8	const ursa = require('ursa')	7	const ursa = require('ursa')
9		8
		9	const constants = require('../initializers/constants')
10	const logger = require('./logger')	10	const logger = require('./logger')
11		11
12	const certDir = path.join(__dirname, '..', '..', config.get('storage.certs'))
13	const algorithm = 'aes-256-ctr'	12	const algorithm = 'aes-256-ctr'
14		13
15	const peertubeCrypto = {	14	const peertubeCrypto = {
16	checkSignature: checkSignature,	15	checkSignature,
17	createCertsIfNotExist: createCertsIfNotExist,	16	comparePassword,
18	decrypt: decrypt,	17	createCertsIfNotExist,
19	encrypt: encrypt,	18	cryptPassword,
20	getCertDir: getCertDir,	19	decrypt,
21	sign: sign	20	encrypt,
		21	sign
22	}	22	}
23		23
24	function checkSignature (publicKey, rawData, hexSignature) {	24	function checkSignature (publicKey, rawData, hexSignature) {
@@ -27,6 +27,14 @@ function checkSignature (publicKey, rawData, hexSignature) {
27	return isValid	27	return isValid
28	}	28	}
29		29
		30	function comparePassword (plainPassword, hashPassword, callback) {
		31	bcrypt.compare(plainPassword, hashPassword, function (err, isPasswordMatch) {
		32	if (err) return callback(err)
		33
		34	return callback(null, isPasswordMatch)
		35	})
		36	}
		37
30	function createCertsIfNotExist (callback) {	38	function createCertsIfNotExist (callback) {
31	certsExist(function (exist) {	39	certsExist(function (exist) {
32	if (exist === true) {	40	if (exist === true) {
@@ -39,8 +47,18 @@ function createCertsIfNotExist (callback) {
39	})	47	})
40	}	48	}
41		49
		50	function cryptPassword (password, callback) {
		51	bcrypt.genSalt(constants.BCRYPT_SALT_SIZE, function (err, salt) {
		52	if (err) return callback(err)
		53
		54	bcrypt.hash(password, salt, function (err, hash) {
		55	return callback(err, hash)
		56	})
		57	})
		58	}
		59
42	function decrypt (key, data, callback) {	60	function decrypt (key, data, callback) {
43	fs.readFile(getCertDir() + 'peertube.key.pem', function (err, file) {	61	fs.readFile(constants.CONFIG.STORAGE.CERT_DIR + 'peertube.key.pem', function (err, file) {
44	if (err) return callback(err)	62	if (err) return callback(err)
45		63
46	const myPrivateKey = ursa.createPrivateKey(file)	64	const myPrivateKey = ursa.createPrivateKey(file)
@@ -67,12 +85,8 @@ function encrypt (publicKey, data, callback) {
67	})	85	})
68	}	86	}
69		87
70	function getCertDir () {
71	return certDir
72	}
73
74	function sign (data) {	88	function sign (data) {
75	const myKey = ursa.createPrivateKey(fs.readFileSync(certDir + 'peertube.key.pem'))	89	const myKey = ursa.createPrivateKey(fs.readFileSync(constants.CONFIG.STORAGE.CERT_DIR + 'peertube.key.pem'))
76	const signature = myKey.hashAndSign('sha256', data, 'utf8', 'hex')	90	const signature = myKey.hashAndSign('sha256', data, 'utf8', 'hex')
77		91
78	return signature	92	return signature
@@ -85,7 +99,7 @@ module.exports = peertubeCrypto
85	// ---------------------------------------------------------------------------	99	// ---------------------------------------------------------------------------
86		100
87	function certsExist (callback) {	101	function certsExist (callback) {
88	fs.exists(certDir + 'peertube.key.pem', function (exists) {	102	fs.exists(constants.CONFIG.STORAGE.CERT_DIR + 'peertube.key.pem', function (exists) {
89	return callback(exists)	103	return callback(exists)
90	})	104	})
91	}	105	}
@@ -99,15 +113,25 @@ function createCerts (callback) {
99	}	113	}
100		114
101	logger.info('Generating a RSA key...')	115	logger.info('Generating a RSA key...')
102	openssl.exec('genrsa', { 'out': certDir + 'peertube.key.pem', '2048': false }, function (err) {	116
		117	let options = {
		118	'out': constants.CONFIG.STORAGE.CERT_DIR + 'peertube.key.pem',
		119	'2048': false
		120	}
		121	openssl.exec('genrsa', options, function (err) {
103	if (err) {	122	if (err) {
104	logger.error('Cannot create private key on this pod.')	123	logger.error('Cannot create private key on this pod.')
105	return callback(err)	124	return callback(err)
106	}	125	}
107	logger.info('RSA key generated.')	126	logger.info('RSA key generated.')
108		127
		128	options = {
		129	'in': constants.CONFIG.STORAGE.CERT_DIR + 'peertube.key.pem',
		130	'pubout': true,
		131	'out': constants.CONFIG.STORAGE.CERT_DIR + 'peertube.pub'
		132	}
109	logger.info('Manage public key...')	133	logger.info('Manage public key...')
110	openssl.exec('rsa', { 'in': certDir + 'peertube.key.pem', 'pubout': true, 'out': certDir + 'peertube.pub' }, function (err) {	134	openssl.exec('rsa', options, function (err) {
111	if (err) {	135	if (err) {
112	logger.error('Cannot create public key on this pod.')	136	logger.error('Cannot create public key on this pod.')
113	return callback(err)	137	return callback(err)