aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/middlewares/secure.js
diff options
context:
space:
mode:
Diffstat (limited to 'server/middlewares/secure.js')
-rw-r--r--server/middlewares/secure.js49
1 files changed, 49 insertions, 0 deletions
diff --git a/server/middlewares/secure.js b/server/middlewares/secure.js
new file mode 100644
index 000000000..bfd28316a
--- /dev/null
+++ b/server/middlewares/secure.js
@@ -0,0 +1,49 @@
1'use strict'
2
3var logger = require('../helpers/logger')
4var peertubeCrypto = require('../helpers/peertubeCrypto')
5var Pods = require('../models/pods')
6
7var secureMiddleware = {
8 decryptBody: decryptBody
9}
10
11function decryptBody (req, res, next) {
12 var url = req.body.signature.url
13 Pods.findByUrl(url, function (err, pod) {
14 if (err) {
15 logger.error('Cannot get signed url in decryptBody.', { error: err })
16 return res.sendStatus(500)
17 }
18
19 if (pod === null) {
20 logger.error('Unknown pod %s.', url)
21 return res.sendStatus(403)
22 }
23
24 logger.debug('Decrypting body from %s.', url)
25
26 var signature_ok = peertubeCrypto.checkSignature(pod.publicKey, url, req.body.signature.signature)
27
28 if (signature_ok === true) {
29 peertubeCrypto.decrypt(req.body.key, req.body.data, function (err, decrypted) {
30 if (err) {
31 logger.error('Cannot decrypt data.', { error: err })
32 return res.sendStatus(500)
33 }
34
35 req.body.data = JSON.parse(decrypted)
36 delete req.body.key
37
38 next()
39 })
40 } else {
41 logger.error('Signature is not okay in decryptBody for %s.', req.body.signature.url)
42 return res.sendStatus(403)
43 }
44 })
45}
46
47// ---------------------------------------------------------------------------
48
49module.exports = secureMiddleware