id is now independent on iv
This commit is contained in:
parent
a11b4b677c
commit
1ce24f7e08
@ -36,7 +36,8 @@ class FileReceiver extends EventEmitter {
|
||||
resolve({
|
||||
data: this.result,
|
||||
aad: meta.aad,
|
||||
filename: meta.filename
|
||||
filename: meta.filename,
|
||||
iv: meta.iv
|
||||
});
|
||||
};
|
||||
|
||||
@ -62,13 +63,11 @@ class FileReceiver extends EventEmitter {
|
||||
['encrypt', 'decrypt']
|
||||
)
|
||||
]).then(([fdata, key]) => {
|
||||
const salt = this.salt;
|
||||
|
||||
return Promise.all([
|
||||
window.crypto.subtle.decrypt(
|
||||
{
|
||||
name: 'AES-GCM',
|
||||
iv: salt,
|
||||
iv: hexToArray(fdata.iv),
|
||||
additionalData: hexToArray(fdata.aad)
|
||||
},
|
||||
key,
|
||||
|
@ -137,7 +137,7 @@ app.post('/delete/:id', (req, res) => {
|
||||
});
|
||||
|
||||
app.post('/upload/:id', (req, res, next) => {
|
||||
if (!validateID(req.params.id)) {
|
||||
if (!validateIV(req.params.id)) {
|
||||
res.sendStatus(404);
|
||||
return;
|
||||
}
|
||||
@ -148,9 +148,9 @@ app.post('/upload/:id', (req, res, next) => {
|
||||
req.busboy.on('file', (fieldname, file, filename) => {
|
||||
log.info('Uploading:', req.params.id);
|
||||
|
||||
storage.set(req.params.id, file, filename, meta).then(delete_token => {
|
||||
storage.set(req.params.id, file, filename, meta).then(([delete_token, new_id]) => {
|
||||
const protocol = conf.env === 'production' ? 'https' : req.protocol;
|
||||
const url = `${protocol}://${req.get('host')}/download/${req.params.id}/`;
|
||||
const url = `${protocol}://${req.get('host')}/download/${new_id}/`;
|
||||
res.json({
|
||||
url,
|
||||
delete: delete_token
|
||||
@ -176,5 +176,9 @@ app.listen(conf.listen_port, () => {
|
||||
});
|
||||
|
||||
const validateID = route_id => {
|
||||
return route_id.match(/^[0-9a-fA-F]{10}$/) !== null;
|
||||
};
|
||||
|
||||
const validateIV = route_id => {
|
||||
return route_id.match(/^[0-9a-fA-F]{24}$/) !== null;
|
||||
};
|
||||
|
@ -118,18 +118,20 @@ function localGet(id) {
|
||||
|
||||
function localSet(id, file, filename, meta) {
|
||||
return new Promise((resolve, reject) => {
|
||||
const fstream = fs.createWriteStream(path.join(__dirname, '../static', id));
|
||||
const new_id = crypto.randomBytes(5).toString('hex');
|
||||
const fstream = fs.createWriteStream(path.join(__dirname, '../static', new_id));
|
||||
file.pipe(fstream);
|
||||
fstream.on('close', () => {
|
||||
meta.delete = crypto.randomBytes(10).toString('hex');
|
||||
redis_client.hmset(id, meta);
|
||||
meta.id = id;
|
||||
redis_client.hmset(new_id, meta);
|
||||
redis_client.expire(id, 86400000);
|
||||
log.info('localSet:', 'Upload Finished of ' + id);
|
||||
resolve(meta.delete);
|
||||
log.info('localSet:', 'Upload Finished of ' + new_id);
|
||||
resolve([meta.delete, new_id]);
|
||||
});
|
||||
|
||||
fstream.on('error', () => {
|
||||
log.error('localSet:', 'Failed upload of ' + id);
|
||||
log.error('localSet:', 'Failed upload of ' + new_id);
|
||||
reject();
|
||||
});
|
||||
});
|
||||
@ -194,9 +196,10 @@ function awsGet(id) {
|
||||
}
|
||||
|
||||
function awsSet(id, file, filename, meta) {
|
||||
const new_id = crypto.randomBytes(5).toString('hex');
|
||||
const params = {
|
||||
Bucket: conf.s3_bucket,
|
||||
Key: id,
|
||||
Key: new_id,
|
||||
Body: file
|
||||
};
|
||||
|
||||
@ -207,12 +210,12 @@ function awsSet(id, file, filename, meta) {
|
||||
reject();
|
||||
} else {
|
||||
meta.delete = crypto.randomBytes(10).toString('hex');
|
||||
|
||||
redis_client.hmset(id, meta);
|
||||
meta.id = id;
|
||||
redis_client.hmset(new_id, meta);
|
||||
|
||||
redis_client.expire(id, 86400000);
|
||||
log.info('awsUploadFinish', 'Upload Finished of ' + filename);
|
||||
resolve(meta.delete);
|
||||
resolve([meta.delete, new_id]);
|
||||
}
|
||||
});
|
||||
});
|
||||
|
@ -113,8 +113,9 @@ describe('Testing Set using aws', function() {
|
||||
s3Stub.upload.callsArgWith(1, null, {});
|
||||
return storage
|
||||
.set('123', {}, 'Filename.moz', {})
|
||||
.then(deleteKey => {
|
||||
.then(([deleteKey, id]) => {
|
||||
assert.equal(deleteKey, buf.toString('hex'));
|
||||
assert.notEqual(id, null);
|
||||
assert.notEqual(deleteKey, null);
|
||||
assert(expire.calledOnce);
|
||||
assert(expire.calledWith('123', 86400000));
|
||||
|
Loading…
Reference in New Issue
Block a user