aboutsummaryrefslogtreecommitdiffhomepage
path: root/middlewares
diff options
context:
space:
mode:
Diffstat (limited to 'middlewares')
-rw-r--r--middlewares/secure.js25
1 files changed, 13 insertions, 12 deletions
diff --git a/middlewares/secure.js b/middlewares/secure.js
index 99ac9cdae..b7a18ad3e 100644
--- a/middlewares/secure.js
+++ b/middlewares/secure.js
@@ -1,12 +1,9 @@
1;(function () { 1;(function () {
2 'use strict' 2 'use strict'
3 3
4 var fs = require('fs')
5 var ursa = require('ursa')
6
7 var logger = require('../helpers/logger') 4 var logger = require('../helpers/logger')
5 var peertubeCrypto = require('../helpers/peertubeCrypto')
8 var Pods = require('../models/pods') 6 var Pods = require('../models/pods')
9 var utils = require('../helpers/utils')
10 7
11 var secureMiddleware = { 8 var secureMiddleware = {
12 decryptBody: decryptBody 9 decryptBody: decryptBody
@@ -27,20 +24,24 @@
27 24
28 logger.debug('Decrypting body from %s.', url) 25 logger.debug('Decrypting body from %s.', url)
29 26
30 var crt = ursa.createPublicKey(pod.publicKey) 27 var signature_ok = peertubeCrypto.checkSignature(pod.publicKey, url, req.body.signature.signature)
31 var signature_ok = crt.hashAndVerify('sha256', new Buffer(req.body.signature.url).toString('hex'), req.body.signature.signature, 'hex')
32 28
33 if (signature_ok === true) { 29 if (signature_ok === true) {
34 var myKey = ursa.createPrivateKey(fs.readFileSync(utils.getCertDir() + 'peertube.key.pem')) 30 peertubeCrypto.decrypt(req.body.key, req.body.data, function (err, decrypted) {
35 var decryptedKey = myKey.decrypt(req.body.key, 'hex', 'utf8') 31 if (err) {
36 req.body.data = JSON.parse(utils.symetricDecrypt(req.body.data, decryptedKey)) 32 logger.error('Cannot decrypt data.', { error: err })
37 delete req.body.key 33 return res.sendStatus(500)
34 }
35
36 req.body.data = JSON.parse(decrypted)
37 delete req.body.key
38
39 next()
40 })
38 } else { 41 } else {
39 logger.error('Signature is not okay in decryptBody for %s.', req.body.signature.url) 42 logger.error('Signature is not okay in decryptBody for %s.', req.body.signature.url)
40 return res.sendStatus(403) 43 return res.sendStatus(403)
41 } 44 }
42
43 next()
44 }) 45 })
45 } 46 }
46 47