Mercurial > code > home > repos > video
annotate signature_decode.mjs @ 49:1bd17c2e5517 default tip
video.py must sign video urls for serve-files.js to serve them
| author | drewp@bigasterisk.com |
|---|---|
| date | Fri, 06 Dec 2024 17:13:51 -0800 |
| parents | |
| children |
| rev | line source |
|---|---|
|
49
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
diff
changeset
|
1 import { createDecipheriv } from 'crypto'; |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
diff
changeset
|
2 import * as fs from 'fs'; |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
diff
changeset
|
3 |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
diff
changeset
|
4 const SIGNATURE_KEY = fs.readFileSync('/secret/signature_key'); |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
diff
changeset
|
5 |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
diff
changeset
|
6 function removePKCS7Padding(data) { |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
diff
changeset
|
7 const paddingLength = data.charCodeAt(data.length - 1); |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
diff
changeset
|
8 return data.slice(0, -paddingLength); |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
diff
changeset
|
9 } |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
diff
changeset
|
10 |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
diff
changeset
|
11 function decryptData(encryptedData, key) { |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
diff
changeset
|
12 const ivLength = 12; // 12 bytes for GCM |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
diff
changeset
|
13 const tagLength = 16; // 16 bytes for GCM |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
diff
changeset
|
14 const decodedData = Buffer.from(encryptedData, 'base64'); |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
diff
changeset
|
15 |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
diff
changeset
|
16 if (decodedData.length < ivLength + tagLength) { |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
diff
changeset
|
17 throw new Error('Invalid encrypted data length'); |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
diff
changeset
|
18 } |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
diff
changeset
|
19 |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
diff
changeset
|
20 const iv = decodedData.slice(0, ivLength); |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
diff
changeset
|
21 const tag = decodedData.slice(-tagLength); |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
diff
changeset
|
22 const ciphertext = decodedData.slice(ivLength, -tagLength); |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
diff
changeset
|
23 |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
diff
changeset
|
24 const decipher = createDecipheriv('aes-256-gcm', key, iv); |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
diff
changeset
|
25 decipher.setAuthTag(tag); |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
diff
changeset
|
26 let decryptedData = decipher.update(ciphertext, 'base64', 'utf8'); |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
diff
changeset
|
27 decryptedData += decipher.final('utf8'); |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
diff
changeset
|
28 return decryptedData; |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
diff
changeset
|
29 } |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
diff
changeset
|
30 |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
diff
changeset
|
31 export function decodeSig(sig) { |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
diff
changeset
|
32 const clear = decryptData(sig, SIGNATURE_KEY); |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
diff
changeset
|
33 const json = removePKCS7Padding(clear.toString('utf-8')); |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
diff
changeset
|
34 return JSON.parse(json); |
|
1bd17c2e5517
video.py must sign video urls for serve-files.js to serve them
drewp@bigasterisk.com
parents:
diff
changeset
|
35 } |