2017-08-24 23:54:02 +02:00
|
|
|
const routes = require('../../app/routes');
|
|
|
|
const storage = require('../storage');
|
|
|
|
const state = require('../state');
|
|
|
|
|
|
|
|
function validateID(route_id) {
|
|
|
|
return route_id.match(/^[0-9a-fA-F]{10}$/) !== null;
|
|
|
|
}
|
|
|
|
|
|
|
|
function stripEvents(str) {
|
|
|
|
// For CSP we need to remove all the event handler placeholders.
|
|
|
|
// It's ok, app.js will add them when it attaches to the DOM.
|
|
|
|
return str.replace(/\son\w+=""/g, '');
|
|
|
|
}
|
|
|
|
|
|
|
|
module.exports = {
|
|
|
|
index: function(req, res) {
|
|
|
|
res.send(stripEvents(routes.toString('/', state(req))));
|
|
|
|
},
|
|
|
|
|
|
|
|
blank: function(req, res) {
|
|
|
|
res.send(stripEvents(routes.toString('/blank', state(req))));
|
|
|
|
},
|
|
|
|
|
|
|
|
download: async function(req, res, next) {
|
|
|
|
const id = req.params.id;
|
|
|
|
if (!validateID(id)) {
|
|
|
|
return next();
|
|
|
|
}
|
|
|
|
|
|
|
|
try {
|
2017-08-31 18:43:36 +02:00
|
|
|
const { nonce, pwd } = await storage.metadata(id);
|
|
|
|
res.set('WWW-Authenticate', `send-v1 ${nonce}`);
|
2017-08-24 23:54:02 +02:00
|
|
|
res.send(
|
|
|
|
stripEvents(
|
|
|
|
routes.toString(
|
|
|
|
`/download/${req.params.id}`,
|
|
|
|
Object.assign(state(req), {
|
2018-01-24 19:23:13 +01:00
|
|
|
fileInfo: { nonce, requiresPassword: +pwd }
|
2017-08-24 23:54:02 +02:00
|
|
|
})
|
|
|
|
)
|
|
|
|
)
|
|
|
|
);
|
|
|
|
} catch (e) {
|
|
|
|
next();
|
|
|
|
}
|
|
|
|
},
|
|
|
|
|
|
|
|
unsupported: function(req, res) {
|
|
|
|
res.send(
|
|
|
|
stripEvents(
|
|
|
|
routes.toString(
|
|
|
|
`/unsupported/${req.params.reason}`,
|
|
|
|
Object.assign(state(req), { fira: true })
|
|
|
|
)
|
|
|
|
)
|
|
|
|
);
|
|
|
|
},
|
|
|
|
|
|
|
|
legal: function(req, res) {
|
|
|
|
res.send(stripEvents(routes.toString('/legal', state(req))));
|
|
|
|
},
|
|
|
|
|
|
|
|
notfound: function(req, res) {
|
|
|
|
res.status(404).send(stripEvents(routes.toString('/404', state(req))));
|
|
|
|
}
|
|
|
|
};
|