diff options
Diffstat (limited to 'server/middlewares')
-rw-r--r-- | server/middlewares/secure.ts | 59 |
1 files changed, 29 insertions, 30 deletions
diff --git a/server/middlewares/secure.ts b/server/middlewares/secure.ts index f7424c9c3..5dd809f15 100644 --- a/server/middlewares/secure.ts +++ b/server/middlewares/secure.ts | |||
@@ -8,45 +8,44 @@ import { | |||
8 | } from '../helpers' | 8 | } from '../helpers' |
9 | import { PodSignature } from '../../shared' | 9 | import { PodSignature } from '../../shared' |
10 | 10 | ||
11 | function checkSignature (req: express.Request, res: express.Response, next: express.NextFunction) { | 11 | async function checkSignature (req: express.Request, res: express.Response, next: express.NextFunction) { |
12 | const signatureObject: PodSignature = req.body.signature | 12 | const signatureObject: PodSignature = req.body.signature |
13 | const host = signatureObject.host | 13 | const host = signatureObject.host |
14 | 14 | ||
15 | db.Pod.loadByHost(host) | 15 | try { |
16 | .then(pod => { | 16 | const pod = await db.Pod.loadByHost(host) |
17 | if (pod === null) { | 17 | if (pod === null) { |
18 | logger.error('Unknown pod %s.', host) | 18 | logger.error('Unknown pod %s.', host) |
19 | return res.sendStatus(403) | 19 | return res.sendStatus(403) |
20 | } | 20 | } |
21 | |||
22 | logger.debug('Checking signature from %s.', host) | ||
23 | 21 | ||
24 | let signatureShouldBe | 22 | logger.debug('Checking signature from %s.', host) |
25 | // If there is data in the body the sender used it for its signature | ||
26 | // If there is no data we just use its host as signature | ||
27 | if (req.body.data) { | ||
28 | signatureShouldBe = req.body.data | ||
29 | } else { | ||
30 | signatureShouldBe = host | ||
31 | } | ||
32 | 23 | ||
33 | const signatureOk = peertubeCryptoCheckSignature(pod.publicKey, signatureShouldBe, signatureObject.signature) | 24 | let signatureShouldBe |
25 | // If there is data in the body the sender used it for its signature | ||
26 | // If there is no data we just use its host as signature | ||
27 | if (req.body.data) { | ||
28 | signatureShouldBe = req.body.data | ||
29 | } else { | ||
30 | signatureShouldBe = host | ||
31 | } | ||
34 | 32 | ||
35 | if (signatureOk === true) { | 33 | const signatureOk = peertubeCryptoCheckSignature(pod.publicKey, signatureShouldBe, signatureObject.signature) |
36 | res.locals.secure = { | ||
37 | pod | ||
38 | } | ||
39 | 34 | ||
40 | return next() | 35 | if (signatureOk === true) { |
36 | res.locals.secure = { | ||
37 | pod | ||
41 | } | 38 | } |
42 | 39 | ||
43 | logger.error('Signature is not okay in body for %s.', signatureObject.host) | 40 | return next() |
44 | return res.sendStatus(403) | 41 | } |
45 | }) | 42 | |
46 | .catch(err => { | 43 | logger.error('Signature is not okay in body for %s.', signatureObject.host) |
47 | logger.error('Cannot get signed host in body.', { error: err.stack, signature: signatureObject.signature }) | 44 | return res.sendStatus(403) |
48 | return res.sendStatus(500) | 45 | } catch (err) { |
49 | }) | 46 | logger.error('Cannot get signed host in body.', { error: err.stack, signature: signatureObject.signature }) |
47 | return res.sendStatus(500) | ||
48 | } | ||
50 | } | 49 | } |
51 | 50 | ||
52 | // --------------------------------------------------------------------------- | 51 | // --------------------------------------------------------------------------- |