From bdfbd4f162d66c3a6bd7c312a99e0b692e830792 Mon Sep 17 00:00:00 2001
From: Chocobozzz <florian.bigard@gmail.com>
Date: Wed, 4 Jan 2017 22:23:07 +0100
Subject: Server: use crypto instead of ursa for pod signature

---
 server/helpers/requests.js | 46 ++++++++++++++++++++++++++--------------------
 1 file changed, 26 insertions(+), 20 deletions(-)

(limited to 'server/helpers/requests.js')

diff --git a/server/helpers/requests.js b/server/helpers/requests.js
index b0cda09fe..095b95e1c 100644
--- a/server/helpers/requests.js
+++ b/server/helpers/requests.js
@@ -28,31 +28,37 @@ function makeSecureRequest (params, callback) {
     url: constants.REMOTE_SCHEME.HTTP + '://' + params.toPod.host + params.path
   }
 
-  // Add data with POST requst ?
-  if (params.method === 'POST') {
-    requestParams.json = {}
-
-    // Add signature if it is specified in the params
-    if (params.sign === true) {
-      const host = constants.CONFIG.WEBSERVER.HOST
-
-      requestParams.json.signature = {
-        host,
-        signature: peertubeCrypto.sign(host)
-      }
-    }
+  if (params.method !== 'POST') {
+    return callback(new Error('Cannot make a secure request with a non POST method.'))
+  }
+
+  requestParams.json = {}
 
-    // If there are data informations
+  // Add signature if it is specified in the params
+  if (params.sign === true) {
+    const host = constants.CONFIG.WEBSERVER.HOST
+
+    let dataToSign
     if (params.data) {
-      requestParams.json.data = params.data
-      request.post(requestParams, callback)
+      dataToSign = dataToSign = params.data
     } else {
-      // No data
-      request.post(requestParams, callback)
+      // We do not have data to sign so we just take our host
+      // It is not ideal but the connection should be in HTTPS
+      dataToSign = host
     }
-  } else {
-    request.get(requestParams, callback)
+
+    requestParams.json.signature = {
+      host, // Which host we pretend to be
+      signature: peertubeCrypto.sign(dataToSign)
+    }
+  }
+
+  // If there are data informations
+  if (params.data) {
+    requestParams.json.data = params.data
   }
+
+  request.post(requestParams, callback)
 }
 
 // ---------------------------------------------------------------------------
-- 
cgit v1.2.3