aboutsummaryrefslogtreecommitdiffhomepage
path: root/middlewares/secure.js
diff options
context:
space:
mode:
Diffstat (limited to 'middlewares/secure.js')
-rw-r--r--middlewares/secure.js50
1 files changed, 50 insertions, 0 deletions
diff --git a/middlewares/secure.js b/middlewares/secure.js
new file mode 100644
index 000000000..99ac9cdae
--- /dev/null
+++ b/middlewares/secure.js
@@ -0,0 +1,50 @@
1;(function () {
2 'use strict'
3
4 var fs = require('fs')
5 var ursa = require('ursa')
6
7 var logger = require('../helpers/logger')
8 var Pods = require('../models/pods')
9 var utils = require('../helpers/utils')
10
11 var secureMiddleware = {
12 decryptBody: decryptBody
13 }
14
15 function decryptBody (req, res, next) {
16 var url = req.body.signature.url
17 Pods.findByUrl(url, function (err, pod) {
18 if (err) {
19 logger.error('Cannot get signed url in decryptBody.', { error: err })
20 return res.sendStatus(500)
21 }
22
23 if (pod === null) {
24 logger.error('Unknown pod %s.', url)
25 return res.sendStatus(403)
26 }
27
28 logger.debug('Decrypting body from %s.', url)
29
30 var crt = ursa.createPublicKey(pod.publicKey)
31 var signature_ok = crt.hashAndVerify('sha256', new Buffer(req.body.signature.url).toString('hex'), req.body.signature.signature, 'hex')
32
33 if (signature_ok === true) {
34 var myKey = ursa.createPrivateKey(fs.readFileSync(utils.getCertDir() + 'peertube.key.pem'))
35 var decryptedKey = myKey.decrypt(req.body.key, 'hex', 'utf8')
36 req.body.data = JSON.parse(utils.symetricDecrypt(req.body.data, decryptedKey))
37 delete req.body.key
38 } else {
39 logger.error('Signature is not okay in decryptBody for %s.', req.body.signature.url)
40 return res.sendStatus(403)
41 }
42
43 next()
44 })
45 }
46
47 // ---------------------------------------------------------------------------
48
49 module.exports = secureMiddleware
50})()