refactored upload away from multipart forms to binary data

2018-05-31 14:06:25 -07:00 · 2018-05-31 14:06:25 -07:00 · af7a262ef0
commit af7a262ef0
parent 196d4211b6
9 changed files with 56 additions and 93 deletions
--- a/server/routes/index.js
+++ b/server/routes/index.js
@ -1,5 +1,4 @@
 const express = require('express');
-const busboy = require('connect-busboy');
 const helmet = require('helmet');
 const storage = require('../storage');
 const config = require('../config');
@ -10,11 +9,6 @@ const pages = require('./pages');

 const IS_DEV = config.env === 'development';
 const ID_REGEX = '([0-9a-fA-F]{10})';
-const uploader = busboy({
-  limits: {
-    fileSize: config.max_file_size
-  }
-});

 module.exports = function(app) {
  app.use(helmet());
@ -62,7 +56,7 @@ module.exports = function(app) {
  app.get(`/api/download/:id${ID_REGEX}`, auth, require('./download'));
  app.get(`/api/exists/:id${ID_REGEX}`, require('./exists'));
  app.get(`/api/metadata/:id${ID_REGEX}`, auth, require('./metadata'));
-  app.post('/api/upload', uploader, require('./upload'));
+  app.post('/api/upload', require('./upload'));
  app.post(`/api/delete/:id${ID_REGEX}`, owner, require('./delete'));
  app.post(`/api/password/:id${ID_REGEX}`, owner, require('./password'));
  app.post(`/api/params/:id${ID_REGEX}`, owner, require('./params'));
--- a/server/routes/upload.js
+++ b/server/routes/upload.js
@ -2,10 +2,11 @@ const crypto = require('crypto');
 const storage = require('../storage');
 const config = require('../config');
 const mozlog = require('../log');
+const Limiter = require('../limiter');

 const log = mozlog('send.upload');

-module.exports = function(req, res) {
+module.exports = async function(req, res) {
  const newId = crypto.randomBytes(5).toString('hex');
  const metadata = req.header('X-File-Metadata');
  const auth = req.header('Authorization');
@ -19,33 +20,24 @@ module.exports = function(req, res) {
    auth: auth.split(' ')[1],
    nonce: crypto.randomBytes(16).toString('base64')
  };
-  req.pipe(req.busboy);

-  req.busboy.on('file', async (fieldname, file) => {
-    try {
-      await storage.set(newId, file, meta);
-      const protocol = config.env === 'production' ? 'https' : req.protocol;
-      const url = `${protocol}://${req.get('host')}/download/${newId}/`;
-      res.set('WWW-Authenticate', `send-v1 ${meta.nonce}`);
-      res.json({
-        url,
-        owner: meta.owner,
-        id: newId
-      });
-    } catch (e) {
-      log.error('upload', e);
-      if (e.message === 'limit') {
-        return res.sendStatus(413);
-      }
-      res.sendStatus(500);
+  try {
+    const limiter = new Limiter(config.max_file_size);
+    const fileStream = req.pipe(limiter);
+    await storage.set(newId, fileStream, meta);
+    const protocol = config.env === 'production' ? 'https' : req.protocol;
+    const url = `${protocol}://${req.get('host')}/download/${newId}/`;
+    res.set('WWW-Authenticate', `send-v1 ${meta.nonce}`);
+    res.json({
+      url,
+      owner: meta.owner,
+      id: newId
+    });
+  } catch (e) {
+    if (e.message === 'limit') {
+      return res.sendStatus(413);
    }
-  });
-
-  req.on('close', async err => {
-    try {
-      await storage.del(newId);
-    } catch (e) {
-      log.info('DeleteError:', newId);
-    }
-  });
+    log.error('upload', e);
+    res.sendStatus(500);
+  }
 };