diff options
Diffstat (limited to 'server/middlewares/secure.ts')
-rw-r--r-- | server/middlewares/secure.ts | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/server/middlewares/secure.ts b/server/middlewares/secure.ts new file mode 100644 index 000000000..ee8545028 --- /dev/null +++ b/server/middlewares/secure.ts | |||
@@ -0,0 +1,48 @@ | |||
1 | const db = require('../initializers/database') | ||
2 | const logger = require('../helpers/logger') | ||
3 | const peertubeCrypto = require('../helpers/peertube-crypto') | ||
4 | |||
5 | function checkSignature (req, res, next) { | ||
6 | const host = req.body.signature.host | ||
7 | db.Pod.loadByHost(host, function (err, pod) { | ||
8 | if (err) { | ||
9 | logger.error('Cannot get signed host in body.', { error: err }) | ||
10 | return res.sendStatus(500) | ||
11 | } | ||
12 | |||
13 | if (pod === null) { | ||
14 | logger.error('Unknown pod %s.', host) | ||
15 | return res.sendStatus(403) | ||
16 | } | ||
17 | |||
18 | logger.debug('Checking signature from %s.', host) | ||
19 | |||
20 | let signatureShouldBe | ||
21 | // If there is data in the body the sender used it for its signature | ||
22 | // If there is no data we just use its host as signature | ||
23 | if (req.body.data) { | ||
24 | signatureShouldBe = req.body.data | ||
25 | } else { | ||
26 | signatureShouldBe = host | ||
27 | } | ||
28 | |||
29 | const signatureOk = peertubeCrypto.checkSignature(pod.publicKey, signatureShouldBe, req.body.signature.signature) | ||
30 | |||
31 | if (signatureOk === true) { | ||
32 | res.locals.secure = { | ||
33 | pod | ||
34 | } | ||
35 | |||
36 | return next() | ||
37 | } | ||
38 | |||
39 | logger.error('Signature is not okay in body for %s.', req.body.signature.host) | ||
40 | return res.sendStatus(403) | ||
41 | }) | ||
42 | } | ||
43 | |||
44 | // --------------------------------------------------------------------------- | ||
45 | |||
46 | export { | ||
47 | checkSignature | ||
48 | } | ||