dylan.derr/Send
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

extracted server id validation

Browse source
This commit is contained in:
Danny Coates 2018-02-05 16:36:44 -08:00
parent 807c44f057
commit aae61f9451
No known key found for this signature in database
GPG key ID: 4C442633C62E00CB
15 changed files with 83 additions and 388 deletions
Download patch file Download diff file Expand all files Collapse all files

9
server/routes/delete.js
View file

@ -1,17 +1,8 @@
const storage = require('../storage');
function validateID(route_id) {
return route_id.match(/^[0-9a-fA-F]{10}$/) !== null;
}
module.exports = async function(req, res) {
const id = req.params.id;
if (!validateID(id)) {
res.sendStatus(404);
return;
}
const ownerToken = req.body.owner_token || req.body.delete_token;
if (!ownerToken) {

7
server/routes/download.js
View file

@ -3,15 +3,8 @@ const mozlog = require('../log');
const log = mozlog('send.download');
const crypto = require('crypto');
function validateID(route_id) {
return route_id.match(/^[0-9a-fA-F]{10}$/) !== null;
}
module.exports = async function(req, res) {
const id = req.params.id;
if (!validateID(id)) {
return res.sendStatus(404);
}
try {
const auth = req.header('Authorization').split(' ')[1];

7
server/routes/exists.js
View file

@ -1,14 +1,7 @@
const storage = require('../storage');
function validateID(route_id) {
return route_id.match(/^[0-9a-fA-F]{10}$/) !== null;
}
module.exports = async (req, res) => {
const id = req.params.id;
if (!validateID(id)) {
return res.sendStatus(404);
}
try {
const meta = await storage.metadata(id);

2
server/routes/index.js
View file

@ -5,6 +5,7 @@ const languages = require('../languages');
const storage = require('../storage');
const config = require('../config');
const pages = require('./pages');
const validation = require('../validation');
const { negotiateLanguages } = require('fluent-langneg');
const IS_DEV = config.env === 'development';
const acceptLanguages = /(([a-zA-Z]+(-[a-zA-Z0-9]+){0,2})|\*)(;q=[0-1](\.[0-9]+)?)?/g;
@ -81,6 +82,7 @@ module.exports = function(app) {
next();
});
app.use(bodyParser.json());
app.use(validation.middleware);
app.get('/', pages.index);
app.get('/legal', pages.legal);
app.get('/jsconfig.js', require('./jsconfig'));

7
server/routes/info.js
View file

@ -1,14 +1,7 @@
const storage = require('../storage');
function validateID(route_id) {
return route_id.match(/^[0-9a-fA-F]{10}$/) !== null;
}
module.exports = async function(req, res) {
const id = req.params.id;
if (!validateID(id)) {
return res.sendStatus(404);
}
const ownerToken = req.body.owner_token;
if (!ownerToken) {
return res.sendStatus(400);

7
server/routes/metadata.js
View file

@ -1,15 +1,8 @@
const storage = require('../storage');
const crypto = require('crypto');
function validateID(route_id) {
return route_id.match(/^[0-9a-fA-F]{10}$/) !== null;
}
module.exports = async function(req, res) {
const id = req.params.id;
if (!validateID(id)) {
return res.sendStatus(404);
}
try {
const auth = req.header('Authorization').split(' ')[1];

7
server/routes/pages.js
View file

@ -2,10 +2,6 @@ const routes = require('../../app/routes');
const storage = require('../storage');
const state = require('../state');
function validateID(route_id) {
return route_id.match(/^[0-9a-fA-F]{10}$/) !== null;
}
function stripEvents(str) {
// For CSP we need to remove all the event handler placeholders.
// It's ok, app.js will add them when it attaches to the DOM.
@ -23,9 +19,6 @@ module.exports = {
download: async function(req, res, next) {
const id = req.params.id;
if (!validateID(id)) {
return next();
}
try {
const { nonce, pwd } = await storage.metadata(id);

7
server/routes/params.js
View file

@ -1,14 +1,7 @@
const storage = require('../storage');
function validateID(route_id) {
return route_id.match(/^[0-9a-fA-F]{10}$/) !== null;
}
module.exports = async function(req, res) {
const id = req.params.id;
if (!validateID(id)) {
return res.sendStatus(404);
}
const ownerToken = req.body.owner_token;
if (!ownerToken) {
return res.sendStatus(400);

7
server/routes/password.js
View file

@ -1,14 +1,7 @@
const storage = require('../storage');
function validateID(route_id) {
return route_id.match(/^[0-9a-fA-F]{10}$/) !== null;
}
module.exports = async function(req, res) {
const id = req.params.id;
if (!validateID(id)) {
return res.sendStatus(404);
}
const ownerToken = req.body.owner_token;
if (!ownerToken) {
return res.sendStatus(404);

12
server/validation.js Normal file
View file

@ -0,0 +1,12 @@
function validateID(route_id) {
return route_id.match(/^[0-9a-fA-F]{10}$/) !== null;
}
module.exports = {
middleware: function(req, res, next) {
if (req.params.id && !validateID(req.params.id)) {
return res.sendStatus(404);
}
next();
}
};