dylan.derr/Send
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

added fxa auth to /params

Browse source
This commit is contained in:
Danny Coates 2018-08-31 10:59:26 -07:00
parent 718d74fa50
commit fb7176d989
No known key found for this signature in database
GPG key ID: 4C442633C62E00CB
7 changed files with 41 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

7
server/routes/index.js
View file

@ -87,7 +87,12 @@ module.exports = function(app) {
app.post('/api/upload', auth.fxa, require('./upload'));
app.post(`/api/delete/:id${ID_REGEX}`, auth.owner, require('./delete'));
app.post(`/api/password/:id${ID_REGEX}`, auth.owner, require('./password'));
app.post(`/api/params/:id${ID_REGEX}`, auth.owner, require('./params'));
app.post(
`/api/params/:id${ID_REGEX}`,
auth.owner,
auth.fxa,
require('./params')
);
app.post(`/api/info/:id${ID_REGEX}`, auth.owner, require('./info'));
app.get('/__version__', function(req, res) {

4
server/routes/params.js
View file

@ -2,9 +2,9 @@ const config = require('../config');
const storage = require('../storage');
module.exports = function(req, res) {
const max = req.user ? config.max_downloads : config.anon_max_downloads;
const dlimit = req.body.dlimit;
// TODO: fxa auth
if (!dlimit || dlimit > config.max_downloads) {
if (!dlimit || dlimit > max) {
return res.sendStatus(400);
}