dylan.derr/Send
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

big refactor

Browse source
This commit is contained in:
Danny Coates 2018-01-24 10:23:13 -08:00
parent dd448cb3ed
commit 565e47aef8
No known key found for this signature in database
GPG key ID: 4C442633C62E00CB
37 changed files with 1095 additions and 943 deletions
Download patch file Download diff file Expand all files Collapse all files

6
server/config.js
View file

@ -15,9 +15,9 @@ const conf = convict({
env: 'REDIS_HOST'
},
listen_address: {
format: 'ipaddress',
default: '0.0.0.0',
env: 'IP_ADDRESS'
format: 'ipaddress',
default: '0.0.0.0',
env: 'IP_ADDRESS'
},
listen_port: {
format: 'port',

2
server/prod.js
View file

@ -24,4 +24,4 @@ app.use(
app.use(pages.notfound);
app.listen(config.listen_port,config.listen_address);
app.listen(config.listen_port, config.listen_address);

2
server/routes/pages.js
View file

@ -35,7 +35,7 @@ module.exports = {
routes.toString(
`/download/${req.params.id}`,
Object.assign(state(req), {
fileInfo: { nonce, pwd: +pwd }
fileInfo: { nonce, requiresPassword: +pwd }
})
)
)

26
server/routes/password.js
View file

@ -1,5 +1,4 @@
const storage = require('../storage');
const crypto = require('crypto');
function validateID(route_id) {
return route_id.match(/^[0-9a-fA-F]{10}$/) !== null;
@ -10,27 +9,24 @@ module.exports = async function(req, res) {
if (!validateID(id)) {
return res.sendStatus(404);
}
if (!req.body.auth) {
const ownerToken = req.body.owner_token;
if (!ownerToken) {
return res.sendStatus(404);
}
const auth = req.body.auth;
if (!auth) {
return res.sendStatus(400);
}
try {
const auth = req.header('Authorization').split(' ')[1];
const meta = await storage.metadata(id);
const hmac = crypto.createHmac('sha256', Buffer.from(meta.auth, 'base64'));
hmac.update(Buffer.from(meta.nonce, 'base64'));
const verifyHash = hmac.digest();
if (!verifyHash.equals(Buffer.from(auth, 'base64'))) {
res.set('WWW-Authenticate', `send-v1 ${meta.nonce}`);
return res.sendStatus(401);
if (meta.owner !== ownerToken) {
return res.sendStatus(404);
}
storage.setField(id, 'auth', auth);
storage.setField(id, 'pwd', 1);
res.sendStatus(200);
} catch (e) {
return res.sendStatus(404);
}
const nonce = crypto.randomBytes(16).toString('base64');
storage.setField(id, 'nonce', nonce);
res.set('WWW-Authenticate', `send-v1 ${nonce}`);
storage.setField(id, 'auth', req.body.auth);
storage.setField(id, 'pwd', 1);
res.sendStatus(200);
};