aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/middlewares
diff options
context:
space:
mode:
authorChocobozzz <florian.bigard@gmail.com>2016-10-01 09:09:07 +0200
committerChocobozzz <florian.bigard@gmail.com>2016-10-01 09:09:07 +0200
commit0eb78d530376c43d228e3e071e032fe9849149ed (patch)
treee4a81e9de1267e8e316cfe27de65f4cb450ae8b7 /server/middlewares
parentc60f2212fd326c323dc2d145ba64080612b655d3 (diff)
downloadPeerTube-0eb78d530376c43d228e3e071e032fe9849149ed.tar.gz
PeerTube-0eb78d530376c43d228e3e071e032fe9849149ed.tar.zst
PeerTube-0eb78d530376c43d228e3e071e032fe9849149ed.zip
Server: do not forget to check the signature when another pod wants to
quit us
Diffstat (limited to 'server/middlewares')
-rw-r--r--server/middlewares/secure.js45
1 files changed, 25 insertions, 20 deletions
diff --git a/server/middlewares/secure.js b/server/middlewares/secure.js
index fa000c6f0..33a52e8d9 100644
--- a/server/middlewares/secure.js
+++ b/server/middlewares/secure.js
@@ -7,10 +7,11 @@ const peertubeCrypto = require('../helpers/peertube-crypto')
7const Pod = mongoose.model('Pod') 7const Pod = mongoose.model('Pod')
8 8
9const secureMiddleware = { 9const secureMiddleware = {
10 checkSignature: checkSignature,
10 decryptBody: decryptBody 11 decryptBody: decryptBody
11} 12}
12 13
13function decryptBody (req, res, next) { 14function checkSignature (req, res, next) {
14 const url = req.body.signature.url 15 const url = req.body.signature.url
15 Pod.loadByUrl(url, function (err, pod) { 16 Pod.loadByUrl(url, function (err, pod) {
16 if (err) { 17 if (err) {
@@ -28,26 +29,30 @@ function decryptBody (req, res, next) {
28 const signatureOk = peertubeCrypto.checkSignature(pod.publicKey, url, req.body.signature.signature) 29 const signatureOk = peertubeCrypto.checkSignature(pod.publicKey, url, req.body.signature.signature)
29 30
30 if (signatureOk === true) { 31 if (signatureOk === true) {
31 peertubeCrypto.decrypt(req.body.key, req.body.data, function (err, decrypted) { 32 return next()
32 if (err) { 33 }
33 logger.error('Cannot decrypt data.', { error: err }) 34
34 return res.sendStatus(500) 35 logger.error('Signature is not okay in decryptBody for %s.', req.body.signature.url)
35 } 36 return res.sendStatus(403)
36 37 })
37 try { 38}
38 req.body.data = JSON.parse(decrypted) 39
39 delete req.body.key 40function decryptBody (req, res, next) {
40 } catch (err) { 41 peertubeCrypto.decrypt(req.body.key, req.body.data, function (err, decrypted) {
41 logger.error('Error in JSON.parse', { error: err }) 42 if (err) {
42 return res.sendStatus(500) 43 logger.error('Cannot decrypt data.', { error: err })
43 } 44 return res.sendStatus(500)
44
45 next()
46 })
47 } else {
48 logger.error('Signature is not okay in decryptBody for %s.', req.body.signature.url)
49 return res.sendStatus(403)
50 } 45 }
46
47 try {
48 req.body.data = JSON.parse(decrypted)
49 delete req.body.key
50 } catch (err) {
51 logger.error('Error in JSON.parse', { error: err })
52 return res.sendStatus(500)
53 }
54
55 next()
51 }) 56 })
52} 57}
53 58