From a5fa04b0cce851f680a45055f57ed2c3d22f1c82 Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Thu, 4 Feb 2016 21:16:27 +0100 Subject: Split misc middleware --- middlewares/cache.js | 25 ++++++++++++++++++++ middlewares/index.js | 5 ++-- middlewares/misc.js | 65 --------------------------------------------------- middlewares/secure.js | 50 +++++++++++++++++++++++++++++++++++++++ 4 files changed, 78 insertions(+), 67 deletions(-) create mode 100644 middlewares/cache.js delete mode 100644 middlewares/misc.js create mode 100644 middlewares/secure.js (limited to 'middlewares') diff --git a/middlewares/cache.js b/middlewares/cache.js new file mode 100644 index 000000000..782165155 --- /dev/null +++ b/middlewares/cache.js @@ -0,0 +1,25 @@ +;(function () { + 'use strict' + + var cacheMiddleware = { + cache: cache + } + + function cache (cache) { + return function (req, res, next) { + // If we want explicitly a cache + // Or if we don't specify if we want a cache or no and we are in production + if (cache === true || (cache !== false && process.env.NODE_ENV === 'production')) { + res.setHeader('Cache-Control', 'public') + } else { + res.setHeader('Cache-Control', 'no-cache, no-store, max-age=0, must-revalidate') + } + + next() + } + } + + // --------------------------------------------------------------------------- + + module.exports = cacheMiddleware +})() diff --git a/middlewares/index.js b/middlewares/index.js index 311dfb6d2..bfe325b1e 100644 --- a/middlewares/index.js +++ b/middlewares/index.js @@ -2,8 +2,9 @@ 'use strict' var middlewares = { - misc: require('./misc'), - reqValidators: require('./reqValidators') + cache: require('./cache'), + reqValidators: require('./reqValidators'), + secure: require('./secure') } // --------------------------------------------------------------------------- diff --git a/middlewares/misc.js b/middlewares/misc.js deleted file mode 100644 index cc4e2e8a4..000000000 --- a/middlewares/misc.js +++ /dev/null @@ -1,65 +0,0 @@ -;(function () { - 'use strict' - - var fs = require('fs') - var ursa = require('ursa') - - var logger = require('../helpers/logger') - var Pods = require('../models/pods') - var utils = require('../helpers/utils') - - var miscMiddleware = { - cache: cache, - decryptBody: decryptBody - } - - function cache (cache) { - return function (req, res, next) { - // If we want explicitly a cache - // Or if we don't specify if we want a cache or no and we are in production - if (cache === true || (cache !== false && process.env.NODE_ENV === 'production')) { - res.setHeader('Cache-Control', 'public') - } else { - res.setHeader('Cache-Control', 'no-cache, no-store, max-age=0, must-revalidate') - } - - next() - } - } - - function decryptBody (req, res, next) { - var url = req.body.signature.url - Pods.findByUrl(url, function (err, pod) { - if (err) { - logger.error('Cannot get signed url in decryptBody.', { error: err }) - return res.sendStatus(500) - } - - if (pod === null) { - logger.error('Unknown pod %s.', url) - return res.sendStatus(403) - } - - logger.debug('Decrypting body from %s.', url) - - var crt = ursa.createPublicKey(pod.publicKey) - var signature_ok = crt.hashAndVerify('sha256', new Buffer(req.body.signature.url).toString('hex'), req.body.signature.signature, 'hex') - - if (signature_ok === true) { - var myKey = ursa.createPrivateKey(fs.readFileSync(utils.getCertDir() + 'peertube.key.pem')) - var decryptedKey = myKey.decrypt(req.body.key, 'hex', 'utf8') - req.body.data = JSON.parse(utils.symetricDecrypt(req.body.data, decryptedKey)) - delete req.body.key - } else { - logger.error('Signature is not okay in decryptBody for %s.', req.body.signature.url) - return res.sendStatus(403) - } - - next() - }) - } - - // --------------------------------------------------------------------------- - - module.exports = miscMiddleware -})() diff --git a/middlewares/secure.js b/middlewares/secure.js new file mode 100644 index 000000000..99ac9cdae --- /dev/null +++ b/middlewares/secure.js @@ -0,0 +1,50 @@ +;(function () { + 'use strict' + + var fs = require('fs') + var ursa = require('ursa') + + var logger = require('../helpers/logger') + var Pods = require('../models/pods') + var utils = require('../helpers/utils') + + var secureMiddleware = { + decryptBody: decryptBody + } + + function decryptBody (req, res, next) { + var url = req.body.signature.url + Pods.findByUrl(url, function (err, pod) { + if (err) { + logger.error('Cannot get signed url in decryptBody.', { error: err }) + return res.sendStatus(500) + } + + if (pod === null) { + logger.error('Unknown pod %s.', url) + return res.sendStatus(403) + } + + logger.debug('Decrypting body from %s.', url) + + var crt = ursa.createPublicKey(pod.publicKey) + var signature_ok = crt.hashAndVerify('sha256', new Buffer(req.body.signature.url).toString('hex'), req.body.signature.signature, 'hex') + + if (signature_ok === true) { + var myKey = ursa.createPrivateKey(fs.readFileSync(utils.getCertDir() + 'peertube.key.pem')) + var decryptedKey = myKey.decrypt(req.body.key, 'hex', 'utf8') + req.body.data = JSON.parse(utils.symetricDecrypt(req.body.data, decryptedKey)) + delete req.body.key + } else { + logger.error('Signature is not okay in decryptBody for %s.', req.body.signature.url) + return res.sendStatus(403) + } + + next() + }) + } + + // --------------------------------------------------------------------------- + + module.exports = secureMiddleware +})() -- cgit v1.2.3