diff options
Diffstat (limited to 'middlewares')
-rw-r--r-- | middlewares/secure.js | 25 |
1 files changed, 13 insertions, 12 deletions
diff --git a/middlewares/secure.js b/middlewares/secure.js index 99ac9cdae..b7a18ad3e 100644 --- a/middlewares/secure.js +++ b/middlewares/secure.js | |||
@@ -1,12 +1,9 @@ | |||
1 | ;(function () { | 1 | ;(function () { |
2 | 'use strict' | 2 | 'use strict' |
3 | 3 | ||
4 | var fs = require('fs') | ||
5 | var ursa = require('ursa') | ||
6 | |||
7 | var logger = require('../helpers/logger') | 4 | var logger = require('../helpers/logger') |
5 | var peertubeCrypto = require('../helpers/peertubeCrypto') | ||
8 | var Pods = require('../models/pods') | 6 | var Pods = require('../models/pods') |
9 | var utils = require('../helpers/utils') | ||
10 | 7 | ||
11 | var secureMiddleware = { | 8 | var secureMiddleware = { |
12 | decryptBody: decryptBody | 9 | decryptBody: decryptBody |
@@ -27,20 +24,24 @@ | |||
27 | 24 | ||
28 | logger.debug('Decrypting body from %s.', url) | 25 | logger.debug('Decrypting body from %s.', url) |
29 | 26 | ||
30 | var crt = ursa.createPublicKey(pod.publicKey) | 27 | var signature_ok = peertubeCrypto.checkSignature(pod.publicKey, url, req.body.signature.signature) |
31 | var signature_ok = crt.hashAndVerify('sha256', new Buffer(req.body.signature.url).toString('hex'), req.body.signature.signature, 'hex') | ||
32 | 28 | ||
33 | if (signature_ok === true) { | 29 | if (signature_ok === true) { |
34 | var myKey = ursa.createPrivateKey(fs.readFileSync(utils.getCertDir() + 'peertube.key.pem')) | 30 | peertubeCrypto.decrypt(req.body.key, req.body.data, function (err, decrypted) { |
35 | var decryptedKey = myKey.decrypt(req.body.key, 'hex', 'utf8') | 31 | if (err) { |
36 | req.body.data = JSON.parse(utils.symetricDecrypt(req.body.data, decryptedKey)) | 32 | logger.error('Cannot decrypt data.', { error: err }) |
37 | delete req.body.key | 33 | return res.sendStatus(500) |
34 | } | ||
35 | |||
36 | req.body.data = JSON.parse(decrypted) | ||
37 | delete req.body.key | ||
38 | |||
39 | next() | ||
40 | }) | ||
38 | } else { | 41 | } else { |
39 | logger.error('Signature is not okay in decryptBody for %s.', req.body.signature.url) | 42 | logger.error('Signature is not okay in decryptBody for %s.', req.body.signature.url) |
40 | return res.sendStatus(403) | 43 | return res.sendStatus(403) |
41 | } | 44 | } |
42 | |||
43 | next() | ||
44 | }) | 45 | }) |
45 | } | 46 | } |
46 | 47 | ||