1 files changed, 47 insertions, 23 deletions
diff --git a/server/helpers/peertube-crypto.ts b/server/helpers/peertube-crypto.ts
index 5c182961d..cb5f27240 100644
--- a/server/helpers/peertube-crypto.ts
+++ b/server/helpers/peertube-crypto.ts
@@ -1,9 +1,12 @@
-import { BCRYPT_SALT_SIZE, PRIVATE_RSA_KEY_SIZE } from '../initializers'
+import { Request } from 'express'
+import { BCRYPT_SALT_SIZE, HTTP_SIGNATURE, PRIVATE_RSA_KEY_SIZE } from '../initializers'
 import { ActorModel } from '../models/activitypub/actor'
 import { bcryptComparePromise, bcryptGenSaltPromise, bcryptHashPromise, createPrivateKey, getPublicKey } from './core-utils'
 import { jsig } from './custom-jsonld-signature'
 import { logger } from './logger'
+const httpSignature = require('http-signature')
 async function createPrivateAndPublicKeys () {
  logger.info('Generating a RSA key...')
@@ -13,18 +16,42 @@ async function createPrivateAndPublicKeys () {
  return { privateKey: key, publicKey }
 }
-function isSignatureVerified (fromActor: ActorModel, signedDocument: object) {
+// User password checks
+function comparePassword (plainPassword: string, hashPassword: string) {
+  return bcryptComparePromise(plainPassword, hashPassword)
+}
+async function cryptPassword (password: string) {
+  const salt = await bcryptGenSaltPromise(BCRYPT_SALT_SIZE)
+  return bcryptHashPromise(password, salt)
+}
+// HTTP Signature
+function isHTTPSignatureVerified (httpSignatureParsed: any, actor: ActorModel) {
+  return httpSignature.verifySignature(httpSignatureParsed, actor.publicKey) === true
+}
+function parseHTTPSignature (req: Request) {
+  return httpSignature.parse(req, { authorizationHeaderName: HTTP_SIGNATURE.HEADER_NAME })
+}
+// JSONLD
+function isJsonLDSignatureVerified (fromActor: ActorModel, signedDocument: any) {
  const publicKeyObject = {
    '@context': jsig.SECURITY_CONTEXT_URL,
-    '@id': fromActor.url,
+    id: fromActor.url,
-    '@type':  'CryptographicKey',
+    type:  'CryptographicKey',
    owner: fromActor.url,
    publicKeyPem: fromActor.publicKey
  }
  const publicKeyOwnerObject = {
    '@context': jsig.SECURITY_CONTEXT_URL,
-    '@id': fromActor.url,
+    id: fromActor.url,
    publicKey: [ publicKeyObject ]
  }
@@ -33,14 +60,19 @@ function isSignatureVerified (fromActor: ActorModel, signedDocument: object) {
    publicKeyOwner: publicKeyOwnerObject
  }
-  return jsig.promises.verify(signedDocument, options)
+  return jsig.promises
-    .catch(err => {
+             .verify(signedDocument, options)
-      logger.error('Cannot check signature.', { err })
+             .then((result: { verified: boolean }) => {
-      return false
+               logger.info('coucou', result)
-    })
+               return result.verified
+             })
+             .catch(err => {
+               logger.error('Cannot check signature.', { err })
+               return false
+             })
 }
-function signObject (byActor: ActorModel, data: any) {
+function signJsonLDObject (byActor: ActorModel, data: any) {
  const options = {
    privateKeyPem: byActor.privateKey,
    creator: byActor.url,
@@ -50,22 +82,14 @@ function signObject (byActor: ActorModel, data: any) {
  return jsig.promises.sign(data, options)
 }
-function comparePassword (plainPassword: string, hashPassword: string) {
-  return bcryptComparePromise(plainPassword, hashPassword)
-}
-async function cryptPassword (password: string) {
-  const salt = await bcryptGenSaltPromise(BCRYPT_SALT_SIZE)
-  return bcryptHashPromise(password, salt)
-}
 // ---------------------------------------------------------------------------
 export {
-  isSignatureVerified,
+  parseHTTPSignature,
+  isHTTPSignatureVerified,
+  isJsonLDSignatureVerified,
  comparePassword,
  createPrivateAndPublicKeys,
  cryptPassword,
-  signObject
+  signJsonLDObject
 }