1 files changed, 49 insertions, 0 deletions
diff --git a/server/middlewares/secure.js b/server/middlewares/secure.js
new file mode 100644
index 000000000..bfd28316a
--- /dev/null
+++ b/server/middlewares/secure.js
@@ -0,0 +1,49 @@
+'use strict'
+var logger = require('../helpers/logger')
+var peertubeCrypto = require('../helpers/peertubeCrypto')
+var Pods = require('../models/pods')
+var secureMiddleware = {
+  decryptBody: decryptBody
+}
+function decryptBody (req, res, next) {
+  var url = req.body.signature.url
+  Pods.findByUrl(url, function (err, pod) {
+    if (err) {
+      logger.error('Cannot get signed url in decryptBody.', { error: err })
+      return res.sendStatus(500)
+    }
+    if (pod === null) {
+      logger.error('Unknown pod %s.', url)
+      return res.sendStatus(403)
+    }
+    logger.debug('Decrypting body from %s.', url)
+    var signature_ok = peertubeCrypto.checkSignature(pod.publicKey, url, req.body.signature.signature)
+    if (signature_ok === true) {
+      peertubeCrypto.decrypt(req.body.key, req.body.data, function (err, decrypted) {
+        if (err) {
+          logger.error('Cannot decrypt data.', { error: err })
+          return res.sendStatus(500)
+        }
+        req.body.data = JSON.parse(decrypted)
+        delete req.body.key
+        next()
+      })
+    } else {
+      logger.error('Signature is not okay in decryptBody for %s.', req.body.signature.url)
+      return res.sendStatus(403)
+    }
+  })
+}
+// ---------------------------------------------------------------------------
+module.exports = secureMiddleware

diff --git a/server/middlewares/secure.js b/server/middlewares/secure.js new file mode 100644 index 000000000..bfd28316a --- /dev/null +++ b/server/middlewares/secure.js
@@ -0,0 +1,49 @@
	1	'use strict'
	2
	3	var logger = require('../helpers/logger')
	4	var peertubeCrypto = require('../helpers/peertubeCrypto')
	5	var Pods = require('../models/pods')
	6
	7	var secureMiddleware = {
	8	decryptBody: decryptBody
	9	}
	10
	11	function decryptBody (req, res, next) {
	12	var url = req.body.signature.url
	13	Pods.findByUrl(url, function (err, pod) {
	14	if (err) {
	15	logger.error('Cannot get signed url in decryptBody.', { error: err })
	16	return res.sendStatus(500)
	17	}
	18
	19	if (pod === null) {
	20	logger.error('Unknown pod %s.', url)
	21	return res.sendStatus(403)
	22	}
	23
	24	logger.debug('Decrypting body from %s.', url)
	25
	26	var signature_ok = peertubeCrypto.checkSignature(pod.publicKey, url, req.body.signature.signature)
	27
	28	if (signature_ok === true) {
	29	peertubeCrypto.decrypt(req.body.key, req.body.data, function (err, decrypted) {
	30	if (err) {
	31	logger.error('Cannot decrypt data.', { error: err })
	32	return res.sendStatus(500)
	33	}
	34
	35	req.body.data = JSON.parse(decrypted)
	36	delete req.body.key
	37
	38	next()
	39	})
	40	} else {
	41	logger.error('Signature is not okay in decryptBody for %s.', req.body.signature.url)
	42	return res.sendStatus(403)
	43	}
	44	})
	45	}
	46
	47	// ---------------------------------------------------------------------------
	48
	49	module.exports = secureMiddleware