aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/helpers/peertube-crypto.js
diff options
context:
space:
mode:
Diffstat (limited to 'server/helpers/peertube-crypto.js')
-rw-r--r--server/helpers/peertube-crypto.js60
1 files changed, 42 insertions, 18 deletions
diff --git a/server/helpers/peertube-crypto.js b/server/helpers/peertube-crypto.js
index 46dff8d03..1ff638b04 100644
--- a/server/helpers/peertube-crypto.js
+++ b/server/helpers/peertube-crypto.js
@@ -1,24 +1,24 @@
1'use strict' 1'use strict'
2 2
3const config = require('config') 3const bcrypt = require('bcrypt')
4const crypto = require('crypto') 4const crypto = require('crypto')
5const fs = require('fs') 5const fs = require('fs')
6const openssl = require('openssl-wrapper') 6const openssl = require('openssl-wrapper')
7const path = require('path')
8const ursa = require('ursa') 7const ursa = require('ursa')
9 8
9const constants = require('../initializers/constants')
10const logger = require('./logger') 10const logger = require('./logger')
11 11
12const certDir = path.join(__dirname, '..', '..', config.get('storage.certs'))
13const algorithm = 'aes-256-ctr' 12const algorithm = 'aes-256-ctr'
14 13
15const peertubeCrypto = { 14const peertubeCrypto = {
16 checkSignature: checkSignature, 15 checkSignature,
17 createCertsIfNotExist: createCertsIfNotExist, 16 comparePassword,
18 decrypt: decrypt, 17 createCertsIfNotExist,
19 encrypt: encrypt, 18 cryptPassword,
20 getCertDir: getCertDir, 19 decrypt,
21 sign: sign 20 encrypt,
21 sign
22} 22}
23 23
24function checkSignature (publicKey, rawData, hexSignature) { 24function checkSignature (publicKey, rawData, hexSignature) {
@@ -27,6 +27,14 @@ function checkSignature (publicKey, rawData, hexSignature) {
27 return isValid 27 return isValid
28} 28}
29 29
30function comparePassword (plainPassword, hashPassword, callback) {
31 bcrypt.compare(plainPassword, hashPassword, function (err, isPasswordMatch) {
32 if (err) return callback(err)
33
34 return callback(null, isPasswordMatch)
35 })
36}
37
30function createCertsIfNotExist (callback) { 38function createCertsIfNotExist (callback) {
31 certsExist(function (exist) { 39 certsExist(function (exist) {
32 if (exist === true) { 40 if (exist === true) {
@@ -39,8 +47,18 @@ function createCertsIfNotExist (callback) {
39 }) 47 })
40} 48}
41 49
50function cryptPassword (password, callback) {
51 bcrypt.genSalt(constants.BCRYPT_SALT_SIZE, function (err, salt) {
52 if (err) return callback(err)
53
54 bcrypt.hash(password, salt, function (err, hash) {
55 return callback(err, hash)
56 })
57 })
58}
59
42function decrypt (key, data, callback) { 60function decrypt (key, data, callback) {
43 fs.readFile(getCertDir() + 'peertube.key.pem', function (err, file) { 61 fs.readFile(constants.CONFIG.STORAGE.CERT_DIR + 'peertube.key.pem', function (err, file) {
44 if (err) return callback(err) 62 if (err) return callback(err)
45 63
46 const myPrivateKey = ursa.createPrivateKey(file) 64 const myPrivateKey = ursa.createPrivateKey(file)
@@ -67,12 +85,8 @@ function encrypt (publicKey, data, callback) {
67 }) 85 })
68} 86}
69 87
70function getCertDir () {
71 return certDir
72}
73
74function sign (data) { 88function sign (data) {
75 const myKey = ursa.createPrivateKey(fs.readFileSync(certDir + 'peertube.key.pem')) 89 const myKey = ursa.createPrivateKey(fs.readFileSync(constants.CONFIG.STORAGE.CERT_DIR + 'peertube.key.pem'))
76 const signature = myKey.hashAndSign('sha256', data, 'utf8', 'hex') 90 const signature = myKey.hashAndSign('sha256', data, 'utf8', 'hex')
77 91
78 return signature 92 return signature
@@ -85,7 +99,7 @@ module.exports = peertubeCrypto
85// --------------------------------------------------------------------------- 99// ---------------------------------------------------------------------------
86 100
87function certsExist (callback) { 101function certsExist (callback) {
88 fs.exists(certDir + 'peertube.key.pem', function (exists) { 102 fs.exists(constants.CONFIG.STORAGE.CERT_DIR + 'peertube.key.pem', function (exists) {
89 return callback(exists) 103 return callback(exists)
90 }) 104 })
91} 105}
@@ -99,15 +113,25 @@ function createCerts (callback) {
99 } 113 }
100 114
101 logger.info('Generating a RSA key...') 115 logger.info('Generating a RSA key...')
102 openssl.exec('genrsa', { 'out': certDir + 'peertube.key.pem', '2048': false }, function (err) { 116
117 let options = {
118 'out': constants.CONFIG.STORAGE.CERT_DIR + 'peertube.key.pem',
119 '2048': false
120 }
121 openssl.exec('genrsa', options, function (err) {
103 if (err) { 122 if (err) {
104 logger.error('Cannot create private key on this pod.') 123 logger.error('Cannot create private key on this pod.')
105 return callback(err) 124 return callback(err)
106 } 125 }
107 logger.info('RSA key generated.') 126 logger.info('RSA key generated.')
108 127
128 options = {
129 'in': constants.CONFIG.STORAGE.CERT_DIR + 'peertube.key.pem',
130 'pubout': true,
131 'out': constants.CONFIG.STORAGE.CERT_DIR + 'peertube.pub'
132 }
109 logger.info('Manage public key...') 133 logger.info('Manage public key...')
110 openssl.exec('rsa', { 'in': certDir + 'peertube.key.pem', 'pubout': true, 'out': certDir + 'peertube.pub' }, function (err) { 134 openssl.exec('rsa', options, function (err) {
111 if (err) { 135 if (err) {
112 logger.error('Cannot create public key on this pod.') 136 logger.error('Cannot create public key on this pod.')
113 return callback(err) 137 return callback(err)