diff options
author | Chocobozzz <florian.bigard@gmail.com> | 2016-11-27 18:25:35 +0100 |
---|---|---|
committer | Chocobozzz <florian.bigard@gmail.com> | 2016-11-27 18:25:35 +0100 |
commit | 38d78e5b82a30d1318e3cc2532b7ea22b8e163fa (patch) | |
tree | 3c4cdab683caf1e30c6e76ba78efeb0431fec932 /server/middlewares | |
parent | bf57d5eebf8b0fa2361b7973ce9772abd1bb4828 (diff) | |
download | PeerTube-38d78e5b82a30d1318e3cc2532b7ea22b8e163fa.tar.gz PeerTube-38d78e5b82a30d1318e3cc2532b7ea22b8e163fa.tar.zst PeerTube-38d78e5b82a30d1318e3cc2532b7ea22b8e163fa.zip |
Server: remove encryption when seending requests to other pods
We don't need it anymore since HTTPS is mandatory now
Diffstat (limited to 'server/middlewares')
-rw-r--r-- | server/middlewares/secure.js | 28 | ||||
-rw-r--r-- | server/middlewares/validators/remote.js | 10 |
2 files changed, 4 insertions, 34 deletions
diff --git a/server/middlewares/secure.js b/server/middlewares/secure.js index fd5bc51d6..ee836beed 100644 --- a/server/middlewares/secure.js +++ b/server/middlewares/secure.js | |||
@@ -7,15 +7,14 @@ const peertubeCrypto = require('../helpers/peertube-crypto') | |||
7 | const Pod = mongoose.model('Pod') | 7 | const Pod = mongoose.model('Pod') |
8 | 8 | ||
9 | const secureMiddleware = { | 9 | const secureMiddleware = { |
10 | checkSignature, | 10 | checkSignature |
11 | decryptBody | ||
12 | } | 11 | } |
13 | 12 | ||
14 | function checkSignature (req, res, next) { | 13 | function checkSignature (req, res, next) { |
15 | const host = req.body.signature.host | 14 | const host = req.body.signature.host |
16 | Pod.loadByHost(host, function (err, pod) { | 15 | Pod.loadByHost(host, function (err, pod) { |
17 | if (err) { | 16 | if (err) { |
18 | logger.error('Cannot get signed host in decryptBody.', { error: err }) | 17 | logger.error('Cannot get signed host in body.', { error: err }) |
19 | return res.sendStatus(500) | 18 | return res.sendStatus(500) |
20 | } | 19 | } |
21 | 20 | ||
@@ -24,7 +23,7 @@ function checkSignature (req, res, next) { | |||
24 | return res.sendStatus(403) | 23 | return res.sendStatus(403) |
25 | } | 24 | } |
26 | 25 | ||
27 | logger.debug('Decrypting body from %s.', host) | 26 | logger.debug('Checking signature from %s.', host) |
28 | 27 | ||
29 | const signatureOk = peertubeCrypto.checkSignature(pod.publicKey, host, req.body.signature.signature) | 28 | const signatureOk = peertubeCrypto.checkSignature(pod.publicKey, host, req.body.signature.signature) |
30 | 29 | ||
@@ -32,30 +31,11 @@ function checkSignature (req, res, next) { | |||
32 | return next() | 31 | return next() |
33 | } | 32 | } |
34 | 33 | ||
35 | logger.error('Signature is not okay in decryptBody for %s.', req.body.signature.host) | 34 | logger.error('Signature is not okay in body for %s.', req.body.signature.host) |
36 | return res.sendStatus(403) | 35 | return res.sendStatus(403) |
37 | }) | 36 | }) |
38 | } | 37 | } |
39 | 38 | ||
40 | function decryptBody (req, res, next) { | ||
41 | peertubeCrypto.decrypt(req.body.key, req.body.data, function (err, decrypted) { | ||
42 | if (err) { | ||
43 | logger.error('Cannot decrypt data.', { error: err }) | ||
44 | return res.sendStatus(500) | ||
45 | } | ||
46 | |||
47 | try { | ||
48 | req.body.data = JSON.parse(decrypted) | ||
49 | delete req.body.key | ||
50 | } catch (err) { | ||
51 | logger.error('Error in JSON.parse', { error: err }) | ||
52 | return res.sendStatus(500) | ||
53 | } | ||
54 | |||
55 | next() | ||
56 | }) | ||
57 | } | ||
58 | |||
59 | // --------------------------------------------------------------------------- | 39 | // --------------------------------------------------------------------------- |
60 | 40 | ||
61 | module.exports = secureMiddleware | 41 | module.exports = secureMiddleware |
diff --git a/server/middlewares/validators/remote.js b/server/middlewares/validators/remote.js index c6455e678..858d193cc 100644 --- a/server/middlewares/validators/remote.js +++ b/server/middlewares/validators/remote.js | |||
@@ -4,20 +4,10 @@ const checkErrors = require('./utils').checkErrors | |||
4 | const logger = require('../../helpers/logger') | 4 | const logger = require('../../helpers/logger') |
5 | 5 | ||
6 | const validatorsRemote = { | 6 | const validatorsRemote = { |
7 | dataToDecrypt, | ||
8 | remoteVideos, | 7 | remoteVideos, |
9 | signature | 8 | signature |
10 | } | 9 | } |
11 | 10 | ||
12 | function dataToDecrypt (req, res, next) { | ||
13 | req.checkBody('key', 'Should have a key').notEmpty() | ||
14 | req.checkBody('data', 'Should have data').notEmpty() | ||
15 | |||
16 | logger.debug('Checking dataToDecrypt parameters', { parameters: { keyLength: req.body.key.length, bodyLength: req.body.data.length } }) | ||
17 | |||
18 | checkErrors(req, res, next) | ||
19 | } | ||
20 | |||
21 | function remoteVideos (req, res, next) { | 11 | function remoteVideos (req, res, next) { |
22 | req.checkBody('data').isEachRemoteVideosValid() | 12 | req.checkBody('data').isEachRemoteVideosValid() |
23 | 13 | ||