Merge branch 'feature/otp' into develop

author: Chocobozzz <me@florianbigard.com> 2022-10-10 11:19:58 +0200
committer: Chocobozzz <me@florianbigard.com> 2022-10-10 11:19:58 +0200
commit: 63fa260a81a8930c157b73c897fe8696a8cc90d4 (patch)
tree: 705ebfae42f9c59b2a1ac97779e4037102dfed1c /server/helpers/peertube-crypto.ts
parent: 9b99d32804e99462c6f22df3ec3db9ec5bf8a18c (diff)
parent: 1ea868a9456439108fbd87255537093ed8bd456f (diff)
download: PeerTube-63fa260a81a8930c157b73c897fe8696a8cc90d4.tar.gz
PeerTube-63fa260a81a8930c157b73c897fe8696a8cc90d4.tar.zst
PeerTube-63fa260a81a8930c157b73c897fe8696a8cc90d4.zip
1 files changed, 45 insertions, 4 deletions
diff --git a/server/helpers/peertube-crypto.ts b/server/helpers/peertube-crypto.ts
index 8aca50900..ae7d11800 100644
--- a/server/helpers/peertube-crypto.ts
+++ b/server/helpers/peertube-crypto.ts
@@ -1,11 +1,11 @@
 import { compare, genSalt, hash } from 'bcrypt'
-import { createSign, createVerify } from 'crypto'
+import { createCipheriv, createDecipheriv, createSign, createVerify } from 'crypto'
 import { Request } from 'express'
 import { cloneDeep } from 'lodash'
 import { sha256 } from '@shared/extra-utils'
-import { BCRYPT_SALT_SIZE, HTTP_SIGNATURE, PRIVATE_RSA_KEY_SIZE } from '../initializers/constants'
+import { BCRYPT_SALT_SIZE, ENCRYPTION, HTTP_SIGNATURE, PRIVATE_RSA_KEY_SIZE } from '../initializers/constants'
 import { MActor } from '../types/models'
-import { generateRSAKeyPairPromise, promisify1, promisify2 } from './core-utils'
+import { generateRSAKeyPairPromise, promisify1, promisify2, randomBytesPromise, scryptPromise } from './core-utils'
 import { jsonld } from './custom-jsonld-signature'
 import { logger } from './logger'
@@ -21,9 +21,13 @@ function createPrivateAndPublicKeys () {
  return generateRSAKeyPairPromise(PRIVATE_RSA_KEY_SIZE)
 }
+// ---------------------------------------------------------------------------
 // User password checks
+// ---------------------------------------------------------------------------
 function comparePassword (plainPassword: string, hashPassword: string) {
+  if (!plainPassword) return Promise.resolve(false)
  return bcryptComparePromise(plainPassword, hashPassword)
 }
@@ -33,7 +37,9 @@ async function cryptPassword (password: string) {
  return bcryptHashPromise(password, salt)
 }
+// ---------------------------------------------------------------------------
 // HTTP Signature
+// ---------------------------------------------------------------------------
 function isHTTPSignatureDigestValid (rawBody: Buffer, req: Request): boolean {
  if (req.headers[HTTP_SIGNATURE.HEADER_NAME] && req.headers['digest']) {
@@ -62,7 +68,9 @@ function parseHTTPSignature (req: Request, clockSkew?: number) {
  return parsed
 }
+// ---------------------------------------------------------------------------
 // JSONLD
+// ---------------------------------------------------------------------------
 function isJsonLDSignatureVerified (fromActor: MActor, signedDocument: any): Promise<boolean> {
  if (signedDocument.signature.type === 'RsaSignature2017') {
@@ -112,6 +120,8 @@ async function signJsonLDObject <T> (byActor: MActor, data: T) {
  return Object.assign(data, { signature })
 }
+// ---------------------------------------------------------------------------
 function buildDigest (body: any) {
  const rawBody = typeof body === 'string' ? body : JSON.stringify(body)
@@ -119,6 +129,34 @@ function buildDigest (body: any) {
 }
 // ---------------------------------------------------------------------------
+// Encryption
+// ---------------------------------------------------------------------------
+async function encrypt (str: string, secret: string) {
+  const iv = await randomBytesPromise(ENCRYPTION.IV)
+  const key = await scryptPromise(secret, ENCRYPTION.SALT, 32)
+  const cipher = createCipheriv(ENCRYPTION.ALGORITHM, key, iv)
+  let encrypted = iv.toString(ENCRYPTION.ENCODING) + ':'
+  encrypted += cipher.update(str, 'utf8', ENCRYPTION.ENCODING)
+  encrypted += cipher.final(ENCRYPTION.ENCODING)
+  return encrypted
+}
+async function decrypt (encryptedArg: string, secret: string) {
+  const [ ivStr, encryptedStr ] = encryptedArg.split(':')
+  const iv = Buffer.from(ivStr, 'hex')
+  const key = await scryptPromise(secret, ENCRYPTION.SALT, 32)
+  const decipher = createDecipheriv(ENCRYPTION.ALGORITHM, key, iv)
+  return decipher.update(encryptedStr, ENCRYPTION.ENCODING, 'utf8') + decipher.final('utf8')
+}
+// ---------------------------------------------------------------------------
 export {
  isHTTPSignatureDigestValid,
@@ -129,7 +167,10 @@ export {
  comparePassword,
  createPrivateAndPublicKeys,
  cryptPassword,
-  signJsonLDObject
+  signJsonLDObject,
+  encrypt,
+  decrypt
 }
 // ---------------------------------------------------------------------------
author	Chocobozzz <me@florianbigard.com>	2022-10-10 11:19:58 +0200
committer	Chocobozzz <me@florianbigard.com>	2022-10-10 11:19:58 +0200
commit	63fa260a81a8930c157b73c897fe8696a8cc90d4 (patch)
tree	705ebfae42f9c59b2a1ac97779e4037102dfed1c /server/helpers/peertube-crypto.ts
parent	9b99d32804e99462c6f22df3ec3db9ec5bf8a18c (diff)
parent	1ea868a9456439108fbd87255537093ed8bd456f (diff)
download	PeerTube-63fa260a81a8930c157b73c897fe8696a8cc90d4.tar.gz PeerTube-63fa260a81a8930c157b73c897fe8696a8cc90d4.tar.zst PeerTube-63fa260a81a8930c157b73c897fe8696a8cc90d4.zip