From df66d81583e07ce049daeeef1edc6a87b57b3684 Mon Sep 17 00:00:00 2001
From: Chocobozzz <me@florianbigard.com>
Date: Tue, 23 Oct 2018 11:38:48 +0200
Subject: Add compatibility with other Linked Signature algorithms

---
 server.ts | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

(limited to 'server.ts')

diff --git a/server.ts b/server.ts
index 51aa67638..f3514cf9c 100644
--- a/server.ts
+++ b/server.ts
@@ -28,7 +28,7 @@ import { checkMissedConfig, checkFFmpeg } from './server/initializers/checker-be
 
 // Do not use barrels because we don't want to load all modules here (we need to initialize database first)
 import { logger } from './server/helpers/logger'
-import { API_VERSION, CONFIG, CACHE } from './server/initializers/constants'
+import { API_VERSION, CONFIG, CACHE, HTTP_SIGNATURE } from './server/initializers/constants'
 
 const missed = checkMissedConfig()
 if (missed.length !== 0) {
@@ -96,6 +96,7 @@ import { RemoveOldJobsScheduler } from './server/lib/schedulers/remove-old-jobs-
 import { UpdateVideosScheduler } from './server/lib/schedulers/update-videos-scheduler'
 import { YoutubeDlUpdateScheduler } from './server/lib/schedulers/youtube-dl-update-scheduler'
 import { VideosRedundancyScheduler } from './server/lib/schedulers/videos-redundancy-scheduler'
+import { isHTTPSignatureDigestValid } from './server/helpers/peertube-crypto'
 
 // ----------- Command line -----------
 
@@ -131,7 +132,11 @@ app.use(morgan('combined', {
 app.use(bodyParser.urlencoded({ extended: false }))
 app.use(bodyParser.json({
   type: [ 'application/json', 'application/*+json' ],
-  limit: '500kb'
+  limit: '500kb',
+  verify: (req: express.Request, _, buf: Buffer, encoding: string) => {
+    const valid = isHTTPSignatureDigestValid(buf, req)
+    if (valid !== true) throw new Error('Invalid digest')
+  }
 }))
 // Cookies
 app.use(cookieParser())
-- 
cgit v1.2.3