diff options
author | Chocobozzz <florian.bigard@gmail.com> | 2016-10-01 09:09:07 +0200 |
---|---|---|
committer | Chocobozzz <florian.bigard@gmail.com> | 2016-10-01 09:09:07 +0200 |
commit | 0eb78d530376c43d228e3e071e032fe9849149ed (patch) | |
tree | e4a81e9de1267e8e316cfe27de65f4cb450ae8b7 /server/middlewares | |
parent | c60f2212fd326c323dc2d145ba64080612b655d3 (diff) | |
download | PeerTube-0eb78d530376c43d228e3e071e032fe9849149ed.tar.gz PeerTube-0eb78d530376c43d228e3e071e032fe9849149ed.tar.zst PeerTube-0eb78d530376c43d228e3e071e032fe9849149ed.zip |
Server: do not forget to check the signature when another pod wants to
quit us
Diffstat (limited to 'server/middlewares')
-rw-r--r-- | server/middlewares/secure.js | 45 |
1 files changed, 25 insertions, 20 deletions
diff --git a/server/middlewares/secure.js b/server/middlewares/secure.js index fa000c6f0..33a52e8d9 100644 --- a/server/middlewares/secure.js +++ b/server/middlewares/secure.js | |||
@@ -7,10 +7,11 @@ const peertubeCrypto = require('../helpers/peertube-crypto') | |||
7 | const Pod = mongoose.model('Pod') | 7 | const Pod = mongoose.model('Pod') |
8 | 8 | ||
9 | const secureMiddleware = { | 9 | const secureMiddleware = { |
10 | checkSignature: checkSignature, | ||
10 | decryptBody: decryptBody | 11 | decryptBody: decryptBody |
11 | } | 12 | } |
12 | 13 | ||
13 | function decryptBody (req, res, next) { | 14 | function checkSignature (req, res, next) { |
14 | const url = req.body.signature.url | 15 | const url = req.body.signature.url |
15 | Pod.loadByUrl(url, function (err, pod) { | 16 | Pod.loadByUrl(url, function (err, pod) { |
16 | if (err) { | 17 | if (err) { |
@@ -28,26 +29,30 @@ function decryptBody (req, res, next) { | |||
28 | const signatureOk = peertubeCrypto.checkSignature(pod.publicKey, url, req.body.signature.signature) | 29 | const signatureOk = peertubeCrypto.checkSignature(pod.publicKey, url, req.body.signature.signature) |
29 | 30 | ||
30 | if (signatureOk === true) { | 31 | if (signatureOk === true) { |
31 | peertubeCrypto.decrypt(req.body.key, req.body.data, function (err, decrypted) { | 32 | return next() |
32 | if (err) { | 33 | } |
33 | logger.error('Cannot decrypt data.', { error: err }) | 34 | |
34 | return res.sendStatus(500) | 35 | logger.error('Signature is not okay in decryptBody for %s.', req.body.signature.url) |
35 | } | 36 | return res.sendStatus(403) |
36 | 37 | }) | |
37 | try { | 38 | } |
38 | req.body.data = JSON.parse(decrypted) | 39 | |
39 | delete req.body.key | 40 | function decryptBody (req, res, next) { |
40 | } catch (err) { | 41 | peertubeCrypto.decrypt(req.body.key, req.body.data, function (err, decrypted) { |
41 | logger.error('Error in JSON.parse', { error: err }) | 42 | if (err) { |
42 | return res.sendStatus(500) | 43 | logger.error('Cannot decrypt data.', { error: err }) |
43 | } | 44 | return res.sendStatus(500) |
44 | |||
45 | next() | ||
46 | }) | ||
47 | } else { | ||
48 | logger.error('Signature is not okay in decryptBody for %s.', req.body.signature.url) | ||
49 | return res.sendStatus(403) | ||
50 | } | 45 | } |
46 | |||
47 | try { | ||
48 | req.body.data = JSON.parse(decrypted) | ||
49 | delete req.body.key | ||
50 | } catch (err) { | ||
51 | logger.error('Error in JSON.parse', { error: err }) | ||
52 | return res.sendStatus(500) | ||
53 | } | ||
54 | |||
55 | next() | ||
51 | }) | 56 | }) |
52 | } | 57 | } |
53 | 58 | ||