dylan.derr/Send
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add optional password to the download url

Browse source
This commit is contained in:
Danny Coates 2017-08-31 09:43:36 -07:00
parent 837747f8f7
commit bc24a069da
No known key found for this signature in database
GPG key ID: 4C442633C62E00CB
28 changed files with 805 additions and 241 deletions
Download patch file Download diff file Expand all files Collapse all files

16
server/routes/download.js
View file

@ -1,6 +1,7 @@
const storage = require('../storage');
const mozlog = require('../log');
const log = mozlog('send.download');
const crypto = require('crypto');
function validateID(route_id) {
return route_id.match(/^[0-9a-fA-F]{10}$/) !== null;
@ -13,13 +14,24 @@ module.exports = async function(req, res) {
}
try {
const auth = req.header('Authorization').split(' ')[1];
const meta = await storage.metadata(id);
const hmac = crypto.createHmac('sha256', Buffer.from(meta.auth, 'base64'));
hmac.update(Buffer.from(meta.nonce, 'base64'));
const verifyHash = hmac.digest();
const nonce = crypto.randomBytes(16).toString('base64');
storage.setField(id, 'nonce', nonce);
if (!verifyHash.equals(Buffer.from(auth, 'base64'))) {
res.set('WWW-Authenticate', `send-v1 ${nonce}`);
return res.sendStatus(401);
}
const contentLength = await storage.length(id);
res.writeHead(200, {
'Content-Disposition': `attachment; filename=${meta.filename}`,
'Content-Disposition': 'attachment',
'Content-Type': 'application/octet-stream',
'Content-Length': contentLength,
'X-File-Metadata': JSON.stringify(meta)
'X-File-Metadata': meta.metadata,
'WWW-Authenticate': `send-v1 ${nonce}`
});
const file_stream = storage.get(id);