drop.chapril.org-firefoxsend/server/routes/download.js

const storage = require('../storage');
const mozlog = require('../log');
const log = mozlog('send.download');
const crypto = require('crypto');

module.exports = async function(req, res) {
  const id = req.params.id;

  try {
    const auth = req.header('Authorization').split(' ')[1];
    const meta = await storage.metadata(id);
    const hmac = crypto.createHmac('sha256', Buffer.from(meta.auth, 'base64'));
    hmac.update(Buffer.from(meta.nonce, 'base64'));
    const verifyHash = hmac.digest();
    if (!verifyHash.equals(Buffer.from(auth, 'base64'))) {
      res.set('WWW-Authenticate', `send-v1 ${meta.nonce}`);
      return res.sendStatus(401);
    }
    const nonce = crypto.randomBytes(16).toString('base64');
    storage.setField(id, 'nonce', nonce);
    const contentLength = await storage.length(id);
    res.writeHead(200, {
      'Content-Disposition': 'attachment',
      'Content-Type': 'application/octet-stream',
      'Content-Length': contentLength,
      'X-File-Metadata': meta.metadata,
      'WWW-Authenticate': `send-v1 ${nonce}`
    });
    const file_stream = storage.get(id);

    file_stream.on('end', async () => {
      const dl = (+meta.dl || 0) + 1;
      const dlimit = +meta.dlimit || 1;
      try {
        if (dl >= dlimit) {
          await storage.forceDelete(id);
        } else {
          await storage.setField(id, 'dl', dl);
        }
      } catch (e) {
        log.info('StorageError:', id);
      }
    });

    file_stream.pipe(res);
  } catch (e) {
    res.sendStatus(404);
  }
};
a few changes to make A/B testing easier 2017-08-24 23:54:02 +02:00			`const storage = require('../storage');`
			`const mozlog = require('../log');`
			`const log = mozlog('send.download');`
Add optional password to the download url 2017-08-31 18:43:36 +02:00			`const crypto = require('crypto');`
a few changes to make A/B testing easier 2017-08-24 23:54:02 +02:00
			`module.exports = async function(req, res) {`
			`const id = req.params.id;`

			`try {`
Add optional password to the download url 2017-08-31 18:43:36 +02:00			`const auth = req.header('Authorization').split(' ')[1];`
a few changes to make A/B testing easier 2017-08-24 23:54:02 +02:00			`const meta = await storage.metadata(id);`
Add optional password to the download url 2017-08-31 18:43:36 +02:00			`const hmac = crypto.createHmac('sha256', Buffer.from(meta.auth, 'base64'));`
			`hmac.update(Buffer.from(meta.nonce, 'base64'));`
			`const verifyHash = hmac.digest();`
			`if (!verifyHash.equals(Buffer.from(auth, 'base64'))) {`
Added multiple download option 2017-11-30 22:41:09 +01:00			res.set('WWW-Authenticate', `send-v1 ${meta.nonce}`);
Add optional password to the download url 2017-08-31 18:43:36 +02:00			`return res.sendStatus(401);`
			`}`
Added multiple download option 2017-11-30 22:41:09 +01:00			`const nonce = crypto.randomBytes(16).toString('base64');`
			`storage.setField(id, 'nonce', nonce);`
a few changes to make A/B testing easier 2017-08-24 23:54:02 +02:00			`const contentLength = await storage.length(id);`
			`res.writeHead(200, {`
Add optional password to the download url 2017-08-31 18:43:36 +02:00			`'Content-Disposition': 'attachment',`
a few changes to make A/B testing easier 2017-08-24 23:54:02 +02:00			`'Content-Type': 'application/octet-stream',`
			`'Content-Length': contentLength,`
Add optional password to the download url 2017-08-31 18:43:36 +02:00			`'X-File-Metadata': meta.metadata,`
			'WWW-Authenticate': `send-v1 ${nonce}`
a few changes to make A/B testing easier 2017-08-24 23:54:02 +02:00			`});`
			`const file_stream = storage.get(id);`

			`file_stream.on('end', async () => {`
Added multiple download option 2017-11-30 22:41:09 +01:00			`const dl = (+meta.dl \|\| 0) + 1;`
			`const dlimit = +meta.dlimit \|\| 1;`
a few changes to make A/B testing easier 2017-08-24 23:54:02 +02:00			`try {`
Added multiple download option 2017-11-30 22:41:09 +01:00			`if (dl >= dlimit) {`
			`await storage.forceDelete(id);`
			`} else {`
			`await storage.setField(id, 'dl', dl);`
			`}`
a few changes to make A/B testing easier 2017-08-24 23:54:02 +02:00			`} catch (e) {`
Added multiple download option 2017-11-30 22:41:09 +01:00			`log.info('StorageError:', id);`
a few changes to make A/B testing easier 2017-08-24 23:54:02 +02:00			`}`
			`});`

			`file_stream.pipe(res);`
			`} catch (e) {`
			`res.sendStatus(404);`
			`}`
			`};`