added fxa auth to /ws

2018-08-31 14:20:15 -07:00 · 2018-08-31 14:20:15 -07:00 · 85185d048c
commit 85185d048c
parent fb7176d989
8 changed files with 89 additions and 92 deletions
--- a/server/routes/ws.js
+++ b/server/routes/ws.js
@ -5,7 +5,7 @@ const mozlog = require('../log');
 const Limiter = require('../limiter');
 const Parser = require('../streamparser');
 const wsStream = require('websocket-stream/stream');
-// const fxa = require('./fxa');
+const fxa = require('./fxa');

 const log = mozlog('send.upload');

@ -24,22 +24,27 @@ module.exports = function(ws, req) {
      const owner = crypto.randomBytes(10).toString('hex');

      const fileInfo = JSON.parse(message);
-      const timeLimit = fileInfo.timeLimit;
+      const timeLimit = fileInfo.timeLimit || config.default_expire_seconds;
+      const dlimit = fileInfo.dlimit || 1;
      const metadata = fileInfo.fileMetadata;
      const auth = fileInfo.authorization;
-      const user = '1'; //await fxa.verify(fileInfo.bearer); // TODO
+      const user = await fxa.verify(fileInfo.bearer);
      const maxFileSize = user
        ? config.max_file_size
        : config.anon_max_file_size;
      const maxExpireSeconds = user
        ? config.max_expire_seconds
        : config.anon_max_expire_seconds;
+      const maxDownloads = user
+        ? config.max_downloads
+        : config.anon_max_downloads;

      if (
        !metadata ||
        !auth ||
        timeLimit <= 0 ||
-        timeLimit > maxExpireSeconds
+        timeLimit > maxExpireSeconds ||
+        dlimit > maxDownloads
      ) {
        ws.send(
          JSON.stringify({
@ -52,6 +57,7 @@ module.exports = function(ws, req) {
      const meta = {
        owner,
        metadata,
+        dlimit,
        auth: auth.split(' ')[1],
        nonce: crypto.randomBytes(16).toString('base64')
      };
@ -59,6 +65,14 @@ module.exports = function(ws, req) {
      const protocol = config.env === 'production' ? 'https' : req.protocol;
      const url = `${protocol}://${req.get('host')}/download/${newId}/`;

+      ws.send(
+        JSON.stringify({
+          url,
+          ownerToken: meta.owner,
+          id: newId
+        })
+      );
+
      const limiter = new Limiter(maxFileSize);
      const parser = new Parser();
      fileStream = wsStream(ws, { binary: true })
@ -74,14 +88,7 @@ module.exports = function(ws, req) {
        // TODO: we should handle cancelled uploads differently
        // in order to avoid having to check socket state and clean
        // up storage, possibly with an exception that we can catch.
-        ws.send(
-          JSON.stringify({
-            url,
-            owner: meta.owner,
-            id: newId,
-            authentication: `send-v1 ${meta.nonce}`
-          })
-        );
+        ws.send(JSON.stringify({ ok: true }));
      }
    } catch (e) {
      log.error('upload', e);