2018-06-21 02:05:33 +02:00
|
|
|
const crypto = require('crypto');
|
|
|
|
const storage = require('../storage');
|
|
|
|
const config = require('../config');
|
|
|
|
const mozlog = require('../log');
|
|
|
|
const Limiter = require('../limiter');
|
2018-09-14 17:00:33 +02:00
|
|
|
const fxa = require('../fxa');
|
2019-02-12 20:50:06 +01:00
|
|
|
const { statUploadEvent } = require('../amplitude');
|
2019-03-06 19:31:50 +01:00
|
|
|
const { encryptedSize } = require('../../app/utils');
|
2018-06-21 02:05:33 +02:00
|
|
|
|
2019-08-06 23:12:22 +02:00
|
|
|
const { Transform } = require('stream');
|
2018-11-22 22:21:39 +01:00
|
|
|
|
2018-06-21 02:05:33 +02:00
|
|
|
const log = mozlog('send.upload');
|
|
|
|
|
2018-08-08 00:40:17 +02:00
|
|
|
module.exports = function(ws, req) {
|
2018-06-21 02:05:33 +02:00
|
|
|
let fileStream;
|
|
|
|
|
2018-06-21 22:57:53 +02:00
|
|
|
ws.on('close', e => {
|
2018-06-22 22:17:23 +02:00
|
|
|
if (e !== 1000 && fileStream !== undefined) {
|
|
|
|
fileStream.destroy();
|
2018-06-21 22:57:53 +02:00
|
|
|
}
|
|
|
|
});
|
2018-06-21 02:05:33 +02:00
|
|
|
|
2018-06-25 19:57:52 +02:00
|
|
|
ws.once('message', async function(message) {
|
2018-06-21 22:57:53 +02:00
|
|
|
try {
|
2019-03-26 17:32:44 +01:00
|
|
|
const newId = crypto.randomBytes(8).toString('hex');
|
2018-06-25 19:57:52 +02:00
|
|
|
const owner = crypto.randomBytes(10).toString('hex');
|
2018-06-21 02:05:33 +02:00
|
|
|
|
2018-06-25 19:57:52 +02:00
|
|
|
const fileInfo = JSON.parse(message);
|
2018-08-31 23:20:15 +02:00
|
|
|
const timeLimit = fileInfo.timeLimit || config.default_expire_seconds;
|
|
|
|
const dlimit = fileInfo.dlimit || 1;
|
2018-06-25 19:57:52 +02:00
|
|
|
const metadata = fileInfo.fileMetadata;
|
|
|
|
const auth = fileInfo.authorization;
|
2018-08-31 23:20:15 +02:00
|
|
|
const user = await fxa.verify(fileInfo.bearer);
|
2018-08-08 00:40:17 +02:00
|
|
|
const maxFileSize = user
|
|
|
|
? config.max_file_size
|
|
|
|
: config.anon_max_file_size;
|
|
|
|
const maxExpireSeconds = user
|
|
|
|
? config.max_expire_seconds
|
|
|
|
: config.anon_max_expire_seconds;
|
2018-08-31 23:20:15 +02:00
|
|
|
const maxDownloads = user
|
|
|
|
? config.max_downloads
|
|
|
|
: config.anon_max_downloads;
|
2018-06-21 02:05:33 +02:00
|
|
|
|
2020-07-25 03:11:50 +02:00
|
|
|
if (config.fxa_required && !user) {
|
|
|
|
ws.send(
|
|
|
|
JSON.stringify({
|
|
|
|
error: 401
|
|
|
|
})
|
|
|
|
);
|
|
|
|
return ws.close();
|
|
|
|
}
|
2018-08-08 20:07:09 +02:00
|
|
|
if (
|
|
|
|
!metadata ||
|
|
|
|
!auth ||
|
|
|
|
timeLimit <= 0 ||
|
2018-08-31 23:20:15 +02:00
|
|
|
timeLimit > maxExpireSeconds ||
|
|
|
|
dlimit > maxDownloads
|
2018-08-08 20:07:09 +02:00
|
|
|
) {
|
2018-06-21 02:05:33 +02:00
|
|
|
ws.send(
|
|
|
|
JSON.stringify({
|
2018-06-25 19:57:52 +02:00
|
|
|
error: 400
|
2018-06-21 02:05:33 +02:00
|
|
|
})
|
|
|
|
);
|
2018-06-25 19:57:52 +02:00
|
|
|
return ws.close();
|
2018-06-21 02:05:33 +02:00
|
|
|
}
|
2018-06-25 19:57:52 +02:00
|
|
|
|
|
|
|
const meta = {
|
|
|
|
owner,
|
|
|
|
metadata,
|
2018-08-31 23:20:15 +02:00
|
|
|
dlimit,
|
2018-06-25 19:57:52 +02:00
|
|
|
auth: auth.split(' ')[1],
|
|
|
|
nonce: crypto.randomBytes(16).toString('base64')
|
|
|
|
};
|
|
|
|
|
|
|
|
const protocol = config.env === 'production' ? 'https' : req.protocol;
|
|
|
|
const url = `${protocol}://${req.get('host')}/download/${newId}/`;
|
|
|
|
|
2018-08-31 23:20:15 +02:00
|
|
|
ws.send(
|
|
|
|
JSON.stringify({
|
|
|
|
url,
|
|
|
|
ownerToken: meta.owner,
|
|
|
|
id: newId
|
|
|
|
})
|
|
|
|
);
|
2019-03-06 19:31:50 +01:00
|
|
|
const limiter = new Limiter(encryptedSize(maxFileSize));
|
2019-08-06 23:12:22 +02:00
|
|
|
const eof = new Transform({
|
|
|
|
transform: function(chunk, encoding, callback) {
|
2018-11-22 22:21:39 +01:00
|
|
|
if (chunk.length === 1 && chunk[0] === 0) {
|
|
|
|
this.push(null);
|
|
|
|
} else {
|
2019-08-06 23:12:22 +02:00
|
|
|
this.push(chunk);
|
2018-11-22 22:21:39 +01:00
|
|
|
}
|
|
|
|
callback();
|
|
|
|
}
|
|
|
|
});
|
2019-08-06 23:12:22 +02:00
|
|
|
const wsStream = ws.constructor.createWebSocketStream(ws);
|
2018-11-22 22:21:39 +01:00
|
|
|
|
2019-08-06 23:12:22 +02:00
|
|
|
fileStream = wsStream.pipe(eof).pipe(limiter); // limiter needs to be the last in the chain
|
2018-11-22 22:21:39 +01:00
|
|
|
|
2018-08-08 20:07:09 +02:00
|
|
|
await storage.set(newId, fileStream, meta, timeLimit);
|
2018-06-25 19:57:52 +02:00
|
|
|
|
2018-06-25 23:01:08 +02:00
|
|
|
if (ws.readyState === 1) {
|
|
|
|
// if the socket is closed by a cancelled upload the stream
|
|
|
|
// ends without an error so we need to check the state
|
|
|
|
// before sending a reply.
|
2018-06-25 20:52:29 +02:00
|
|
|
|
2018-06-25 23:01:08 +02:00
|
|
|
// TODO: we should handle cancelled uploads differently
|
|
|
|
// in order to avoid having to check socket state and clean
|
|
|
|
// up storage, possibly with an exception that we can catch.
|
2018-08-31 23:20:15 +02:00
|
|
|
ws.send(JSON.stringify({ ok: true }));
|
2019-02-12 20:50:06 +01:00
|
|
|
statUploadEvent({
|
|
|
|
id: newId,
|
|
|
|
ip: req.ip,
|
|
|
|
owner,
|
|
|
|
dlimit,
|
|
|
|
timeLimit,
|
|
|
|
anonymous: !user,
|
2019-05-03 18:25:12 +02:00
|
|
|
size: limiter.length,
|
|
|
|
agent: req.ua.browser.name || req.ua.ua.substring(0, 6)
|
2019-02-12 20:50:06 +01:00
|
|
|
});
|
2018-06-25 23:01:08 +02:00
|
|
|
}
|
2018-06-21 22:57:53 +02:00
|
|
|
} catch (e) {
|
|
|
|
log.error('upload', e);
|
2018-06-25 23:01:08 +02:00
|
|
|
if (ws.readyState === 1) {
|
|
|
|
ws.send(
|
|
|
|
JSON.stringify({
|
|
|
|
error: e === 'limit' ? 413 : 500
|
|
|
|
})
|
|
|
|
);
|
|
|
|
}
|
2018-06-21 22:57:53 +02:00
|
|
|
}
|
2019-08-06 23:12:22 +02:00
|
|
|
ws.close();
|
2018-06-21 22:57:53 +02:00
|
|
|
});
|
2018-06-21 02:05:33 +02:00
|
|
|
};
|