id is now independent on iv
This commit is contained in:
parent
a11b4b677c
commit
1ce24f7e08
@ -36,7 +36,8 @@ class FileReceiver extends EventEmitter {
|
|||||||
resolve({
|
resolve({
|
||||||
data: this.result,
|
data: this.result,
|
||||||
aad: meta.aad,
|
aad: meta.aad,
|
||||||
filename: meta.filename
|
filename: meta.filename,
|
||||||
|
iv: meta.iv
|
||||||
});
|
});
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -62,13 +63,11 @@ class FileReceiver extends EventEmitter {
|
|||||||
['encrypt', 'decrypt']
|
['encrypt', 'decrypt']
|
||||||
)
|
)
|
||||||
]).then(([fdata, key]) => {
|
]).then(([fdata, key]) => {
|
||||||
const salt = this.salt;
|
|
||||||
|
|
||||||
return Promise.all([
|
return Promise.all([
|
||||||
window.crypto.subtle.decrypt(
|
window.crypto.subtle.decrypt(
|
||||||
{
|
{
|
||||||
name: 'AES-GCM',
|
name: 'AES-GCM',
|
||||||
iv: salt,
|
iv: hexToArray(fdata.iv),
|
||||||
additionalData: hexToArray(fdata.aad)
|
additionalData: hexToArray(fdata.aad)
|
||||||
},
|
},
|
||||||
key,
|
key,
|
||||||
|
@ -137,7 +137,7 @@ app.post('/delete/:id', (req, res) => {
|
|||||||
});
|
});
|
||||||
|
|
||||||
app.post('/upload/:id', (req, res, next) => {
|
app.post('/upload/:id', (req, res, next) => {
|
||||||
if (!validateID(req.params.id)) {
|
if (!validateIV(req.params.id)) {
|
||||||
res.sendStatus(404);
|
res.sendStatus(404);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
@ -148,9 +148,9 @@ app.post('/upload/:id', (req, res, next) => {
|
|||||||
req.busboy.on('file', (fieldname, file, filename) => {
|
req.busboy.on('file', (fieldname, file, filename) => {
|
||||||
log.info('Uploading:', req.params.id);
|
log.info('Uploading:', req.params.id);
|
||||||
|
|
||||||
storage.set(req.params.id, file, filename, meta).then(delete_token => {
|
storage.set(req.params.id, file, filename, meta).then(([delete_token, new_id]) => {
|
||||||
const protocol = conf.env === 'production' ? 'https' : req.protocol;
|
const protocol = conf.env === 'production' ? 'https' : req.protocol;
|
||||||
const url = `${protocol}://${req.get('host')}/download/${req.params.id}/`;
|
const url = `${protocol}://${req.get('host')}/download/${new_id}/`;
|
||||||
res.json({
|
res.json({
|
||||||
url,
|
url,
|
||||||
delete: delete_token
|
delete: delete_token
|
||||||
@ -176,5 +176,9 @@ app.listen(conf.listen_port, () => {
|
|||||||
});
|
});
|
||||||
|
|
||||||
const validateID = route_id => {
|
const validateID = route_id => {
|
||||||
|
return route_id.match(/^[0-9a-fA-F]{10}$/) !== null;
|
||||||
|
};
|
||||||
|
|
||||||
|
const validateIV = route_id => {
|
||||||
return route_id.match(/^[0-9a-fA-F]{24}$/) !== null;
|
return route_id.match(/^[0-9a-fA-F]{24}$/) !== null;
|
||||||
};
|
};
|
||||||
|
@ -118,18 +118,20 @@ function localGet(id) {
|
|||||||
|
|
||||||
function localSet(id, file, filename, meta) {
|
function localSet(id, file, filename, meta) {
|
||||||
return new Promise((resolve, reject) => {
|
return new Promise((resolve, reject) => {
|
||||||
const fstream = fs.createWriteStream(path.join(__dirname, '../static', id));
|
const new_id = crypto.randomBytes(5).toString('hex');
|
||||||
|
const fstream = fs.createWriteStream(path.join(__dirname, '../static', new_id));
|
||||||
file.pipe(fstream);
|
file.pipe(fstream);
|
||||||
fstream.on('close', () => {
|
fstream.on('close', () => {
|
||||||
meta.delete = crypto.randomBytes(10).toString('hex');
|
meta.delete = crypto.randomBytes(10).toString('hex');
|
||||||
redis_client.hmset(id, meta);
|
meta.id = id;
|
||||||
|
redis_client.hmset(new_id, meta);
|
||||||
redis_client.expire(id, 86400000);
|
redis_client.expire(id, 86400000);
|
||||||
log.info('localSet:', 'Upload Finished of ' + id);
|
log.info('localSet:', 'Upload Finished of ' + new_id);
|
||||||
resolve(meta.delete);
|
resolve([meta.delete, new_id]);
|
||||||
});
|
});
|
||||||
|
|
||||||
fstream.on('error', () => {
|
fstream.on('error', () => {
|
||||||
log.error('localSet:', 'Failed upload of ' + id);
|
log.error('localSet:', 'Failed upload of ' + new_id);
|
||||||
reject();
|
reject();
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
@ -194,9 +196,10 @@ function awsGet(id) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
function awsSet(id, file, filename, meta) {
|
function awsSet(id, file, filename, meta) {
|
||||||
|
const new_id = crypto.randomBytes(5).toString('hex');
|
||||||
const params = {
|
const params = {
|
||||||
Bucket: conf.s3_bucket,
|
Bucket: conf.s3_bucket,
|
||||||
Key: id,
|
Key: new_id,
|
||||||
Body: file
|
Body: file
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -207,12 +210,12 @@ function awsSet(id, file, filename, meta) {
|
|||||||
reject();
|
reject();
|
||||||
} else {
|
} else {
|
||||||
meta.delete = crypto.randomBytes(10).toString('hex');
|
meta.delete = crypto.randomBytes(10).toString('hex');
|
||||||
|
meta.id = id;
|
||||||
redis_client.hmset(id, meta);
|
redis_client.hmset(new_id, meta);
|
||||||
|
|
||||||
redis_client.expire(id, 86400000);
|
redis_client.expire(id, 86400000);
|
||||||
log.info('awsUploadFinish', 'Upload Finished of ' + filename);
|
log.info('awsUploadFinish', 'Upload Finished of ' + filename);
|
||||||
resolve(meta.delete);
|
resolve([meta.delete, new_id]);
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
@ -113,8 +113,9 @@ describe('Testing Set using aws', function() {
|
|||||||
s3Stub.upload.callsArgWith(1, null, {});
|
s3Stub.upload.callsArgWith(1, null, {});
|
||||||
return storage
|
return storage
|
||||||
.set('123', {}, 'Filename.moz', {})
|
.set('123', {}, 'Filename.moz', {})
|
||||||
.then(deleteKey => {
|
.then(([deleteKey, id]) => {
|
||||||
assert.equal(deleteKey, buf.toString('hex'));
|
assert.equal(deleteKey, buf.toString('hex'));
|
||||||
|
assert.notEqual(id, null);
|
||||||
assert.notEqual(deleteKey, null);
|
assert.notEqual(deleteKey, null);
|
||||||
assert(expire.calledOnce);
|
assert(expire.calledOnce);
|
||||||
assert(expire.calledWith('123', 86400000));
|
assert(expire.calledWith('123', 86400000));
|
||||||
|
Loading…
Reference in New Issue
Block a user