dylan.derr/Send
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

refactored server

Browse source
This commit is contained in:
Danny Coates 2018-02-06 14:31:18 -08:00
parent 6d470b8eba
commit 3fd2537311
No known key found for this signature in database
GPG key ID: 4C442633C62E00CB
36 changed files with 2944 additions and 792 deletions
Download patch file Download diff file Expand all files Collapse all files

15
server/routes/delete.js
View file

@ -1,20 +1,9 @@
const storage = require('../storage');
module.exports = async function(req, res) {
const id = req.params.id;
const ownerToken = req.body.owner_token || req.body.delete_token;
if (!ownerToken) {
res.sendStatus(404);
return;
}
try {
const err = await storage.delete(id, ownerToken);
if (!err) {
res.sendStatus(200);
}
await storage.del(req.params.id);
res.sendStatus(200);
} catch (e) {
res.sendStatus(404);
}

24
server/routes/download.js
View file

@ -1,39 +1,26 @@
const storage = require('../storage');
const mozlog = require('../log');
const log = mozlog('send.download');
const crypto = require('crypto');
module.exports = async function(req, res) {
const id = req.params.id;
try {
const auth = req.header('Authorization').split(' ')[1];
const meta = await storage.metadata(id);
const hmac = crypto.createHmac('sha256', Buffer.from(meta.auth, 'base64'));
hmac.update(Buffer.from(meta.nonce, 'base64'));
const verifyHash = hmac.digest();
if (!verifyHash.equals(Buffer.from(auth, 'base64'))) {
res.set('WWW-Authenticate', `send-v1 ${meta.nonce}`);
return res.sendStatus(401);
}
const nonce = crypto.randomBytes(16).toString('base64');
storage.setField(id, 'nonce', nonce);
const meta = req.meta;
const contentLength = await storage.length(id);
res.writeHead(200, {
'Content-Disposition': 'attachment',
'Content-Type': 'application/octet-stream',
'Content-Length': contentLength,
'X-File-Metadata': meta.metadata,
'WWW-Authenticate': `send-v1 ${nonce}`
'WWW-Authenticate': `send-v1 ${req.nonce}`
});
const file_stream = storage.get(id);
file_stream.on('end', async () => {
const dl = (+meta.dl || 0) + 1;
const dlimit = +meta.dlimit || 1;
const dl = meta.dl + 1;
const dlimit = meta.dlimit;
try {
if (dl >= dlimit) {
await storage.forceDelete(id);
await storage.del(id);
} else {
await storage.setField(id, 'dl', dl);
}
@ -41,7 +28,6 @@ module.exports = async function(req, res) {
log.info('StorageError:', id);
}
});
file_stream.pipe(res);
} catch (e) {
res.sendStatus(404);

6
server/routes/exists.js
View file

@ -1,13 +1,11 @@
const storage = require('../storage');
module.exports = async (req, res) => {
const id = req.params.id;
try {
const meta = await storage.metadata(id);
const meta = await storage.metadata(req.params.id);
res.set('WWW-Authenticate', `send-v1 ${meta.nonce}`);
res.send({
password: meta.pwd !== '0'
password: meta.pwd
});
} catch (e) {
res.sendStatus(404);

74
server/routes/index.js
View file

@ -1,41 +1,22 @@
const busboy = require('connect-busboy');
const helmet = require('helmet');
const bodyParser = require('body-parser');
const languages = require('../languages');
const storage = require('../storage');
const config = require('../config');
const auth = require('../middleware/auth');
const owner = require('../middleware/owner');
const language = require('../middleware/language');
const pages = require('./pages');
const { negotiateLanguages } = require('fluent-langneg');
const IS_DEV = config.env === 'development';
const acceptLanguages = /(([a-zA-Z]+(-[a-zA-Z0-9]+){0,2})|\*)(;q=[0-1](\.[0-9]+)?)?/g;
const langData = require('cldr-core/supplemental/likelySubtags.json');
const idregx = '([0-9a-fA-F]{10})';
const ID_REGEX = '([0-9a-fA-F]{10})';
const uploader = busboy({
limits: {
fileSize: config.max_file_size
}
});
module.exports = function(app) {
app.use(function(req, res, next) {
const header = req.headers['accept-language'] || 'en-US';
if (header.length > 255) {
req.language = 'en-US';
return next();
}
const langs = header.replace(/\s/g, '').match(acceptLanguages);
const preferred = langs
.map(l => {
const parts = l.split(';');
return {
locale: parts[0],
q: parts[1] ? parseFloat(parts[1].split('=')[1]) : 1
};
})
.sort((a, b) => b.q - a.q)
.map(x => x.locale);
req.language = negotiateLanguages(preferred, languages, {
strategy: 'lookup',
likelySubtags: langData.supplemental.likelySubtags,
defaultLocale: 'en-US'
})[0];
next();
});
app.use(helmet());
app.use(
helmet.hsts({
@ -69,34 +50,27 @@ module.exports = function(app) {
})
);
}
app.use(
busboy({
limits: {
fileSize: config.max_file_size
}
})
);
app.use(function(req, res, next) {
res.set('Pragma', 'no-cache');
res.set('Cache-Control', 'no-cache');
next();
});
app.use(bodyParser.json());
app.get('/', pages.index);
app.get('/legal', pages.legal);
app.get('/', language, pages.index);
app.get('/legal', language, pages.legal);
app.get('/jsconfig.js', require('./jsconfig'));
app.get(`/share/:id${idregx}`, pages.blank);
app.get(`/download/:id${idregx}`, pages.download);
app.get('/completed', pages.blank);
app.get('/unsupported/:reason', pages.unsupported);
app.get(`/api/download/:id${idregx}`, require('./download'));
app.get(`/api/exists/:id${idregx}`, require('./exists'));
app.get(`/api/metadata/:id${idregx}`, require('./metadata'));
app.post('/api/upload', require('./upload'));
app.post(`/api/delete/:id${idregx}`, require('./delete'));
app.post(`/api/password/:id${idregx}`, require('./password'));
app.post(`/api/params/:id${idregx}`, require('./params'));
app.post(`/api/info/:id${idregx}`, require('./info'));
app.get(`/share/:id${ID_REGEX}`, language, pages.blank);
app.get(`/download/:id${ID_REGEX}`, language, pages.download);
app.get('/completed', language, pages.blank);
app.get('/unsupported/:reason', language, pages.unsupported);
app.get(`/api/download/:id${ID_REGEX}`, auth, require('./download'));
app.get(`/api/exists/:id${ID_REGEX}`, require('./exists'));
app.get(`/api/metadata/:id${ID_REGEX}`, auth, require('./metadata'));
app.post('/api/upload', uploader, require('./upload'));
app.post(`/api/delete/:id${ID_REGEX}`, owner, require('./delete'));
app.post(`/api/password/:id${ID_REGEX}`, owner, require('./password'));
app.post(`/api/params/:id${ID_REGEX}`, owner, require('./params'));
app.post(`/api/info/:id${ID_REGEX}`, owner, require('./info'));
app.get('/__version__', function(req, res) {
res.sendFile(require.resolve('../../dist/version.json'));

16
server/routes/info.js
View file

@ -1,21 +1,11 @@
const storage = require('../storage');
module.exports = async function(req, res) {
const id = req.params.id;
const ownerToken = req.body.owner_token;
if (!ownerToken) {
return res.sendStatus(400);
}
try {
const meta = await storage.metadata(id);
if (meta.owner !== ownerToken) {
return res.sendStatus(400);
}
const ttl = await storage.ttl(id);
const ttl = await storage.ttl(req.params.id);
return res.send({
dlimit: +meta.dlimit,
dtotal: +meta.dl,
dlimit: +req.meta.dlimit,
dtotal: +req.meta.dl,
ttl
});
} catch (e) {

18
server/routes/metadata.js
View file

@ -1,28 +1,14 @@
const storage = require('../storage');
const crypto = require('crypto');
module.exports = async function(req, res) {
const id = req.params.id;
const meta = req.meta;
try {
const auth = req.header('Authorization').split(' ')[1];
const meta = await storage.metadata(id);
const hmac = crypto.createHmac('sha256', Buffer.from(meta.auth, 'base64'));
hmac.update(Buffer.from(meta.nonce, 'base64'));
const verifyHash = hmac.digest();
if (!verifyHash.equals(Buffer.from(auth, 'base64'))) {
res.set('WWW-Authenticate', `send-v1 ${meta.nonce}`);
return res.sendStatus(401);
}
const nonce = crypto.randomBytes(16).toString('base64');
storage.setField(id, 'nonce', nonce);
res.set('WWW-Authenticate', `send-v1 ${nonce}`);
const size = await storage.length(id);
const ttl = await storage.ttl(id);
res.send({
metadata: meta.metadata,
finalDownload: +meta.dl + 1 === +meta.dlimit,
finalDownload: meta.dl + 1 === meta.dlimit,
size,
ttl
});

14
server/routes/params.js
View file

@ -1,23 +1,13 @@
const storage = require('../storage');
module.exports = async function(req, res) {
const id = req.params.id;
const ownerToken = req.body.owner_token;
if (!ownerToken) {
return res.sendStatus(400);
}
module.exports = function(req, res) {
const dlimit = req.body.dlimit;
if (!dlimit || dlimit > 20) {
return res.sendStatus(400);
}
try {
const meta = await storage.metadata(id);
if (meta.owner !== ownerToken) {
return res.sendStatus(400);
}
storage.setField(id, 'dlimit', dlimit);
storage.setField(req.params.id, 'dlimit', dlimit);
res.sendStatus(200);
} catch (e) {
res.sendStatus(404);

12
server/routes/password.js
View file

@ -1,23 +1,15 @@
const storage = require('../storage');
module.exports = async function(req, res) {
module.exports = function(req, res) {
const id = req.params.id;
const ownerToken = req.body.owner_token;
if (!ownerToken) {
return res.sendStatus(404);
}
const auth = req.body.auth;
if (!auth) {
return res.sendStatus(400);
}
try {
const meta = await storage.metadata(id);
if (meta.owner !== ownerToken) {
return res.sendStatus(404);
}
storage.setField(id, 'auth', auth);
storage.setField(id, 'pwd', 1);
storage.setField(id, 'pwd', true);
res.sendStatus(200);
} catch (e) {
return res.sendStatus(404);

6
server/routes/upload.js
View file

@ -14,12 +14,8 @@ module.exports = function(req, res) {
}
const owner = crypto.randomBytes(10).toString('hex');
const meta = {
dlimit: 1,
dl: 0,
owner,
delete: owner, // delete is deprecated
metadata,
pwd: 0,
auth: auth.split(' ')[1],
nonce: crypto.randomBytes(16).toString('base64')
};
@ -47,7 +43,7 @@ module.exports = function(req, res) {
req.on('close', async err => {
try {
await storage.forceDelete(newId);
await storage.del(newId);
} catch (e) {
log.info('DeleteError:', newId);
}