Mercurial > code > home > repos > video
comparison signature_decode.mjs @ 49:1bd17c2e5517 default tip
video.py must sign video urls for serve-files.js to serve them
| author | drewp@bigasterisk.com |
|---|---|
| date | Fri, 06 Dec 2024 17:13:51 -0800 |
| parents | |
| children |
comparison
equal
deleted
inserted
replaced
| 48:046673b1cc24 | 49:1bd17c2e5517 |
|---|---|
| 1 import { createDecipheriv } from 'crypto'; | |
| 2 import * as fs from 'fs'; | |
| 3 | |
| 4 const SIGNATURE_KEY = fs.readFileSync('/secret/signature_key'); | |
| 5 | |
| 6 function removePKCS7Padding(data) { | |
| 7 const paddingLength = data.charCodeAt(data.length - 1); | |
| 8 return data.slice(0, -paddingLength); | |
| 9 } | |
| 10 | |
| 11 function decryptData(encryptedData, key) { | |
| 12 const ivLength = 12; // 12 bytes for GCM | |
| 13 const tagLength = 16; // 16 bytes for GCM | |
| 14 const decodedData = Buffer.from(encryptedData, 'base64'); | |
| 15 | |
| 16 if (decodedData.length < ivLength + tagLength) { | |
| 17 throw new Error('Invalid encrypted data length'); | |
| 18 } | |
| 19 | |
| 20 const iv = decodedData.slice(0, ivLength); | |
| 21 const tag = decodedData.slice(-tagLength); | |
| 22 const ciphertext = decodedData.slice(ivLength, -tagLength); | |
| 23 | |
| 24 const decipher = createDecipheriv('aes-256-gcm', key, iv); | |
| 25 decipher.setAuthTag(tag); | |
| 26 let decryptedData = decipher.update(ciphertext, 'base64', 'utf8'); | |
| 27 decryptedData += decipher.final('utf8'); | |
| 28 return decryptedData; | |
| 29 } | |
| 30 | |
| 31 export function decodeSig(sig) { | |
| 32 const clear = decryptData(sig, SIGNATURE_KEY); | |
| 33 const json = removePKCS7Padding(clear.toString('utf-8')); | |
| 34 return JSON.parse(json); | |
| 35 } |