Chapril/drop.chapril.org-firefoxsend
Chapril/drop.chapril.org-firefoxsend
24
1
Fork 0
Code Issues Releases Activity

added fxa auth to /ws

Browse Source
This commit is contained in:
Danny Coates 2018-08-31 14:20:15 -07:00
parent fb7176d989
commit 85185d048c
No known key found for this signature in database
GPG Key ID: 4C442633C62E00CB
8 changed files with 89 additions and 92 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
app/api.js
View File

@ -113,17 +113,13 @@ function asyncInitWebSocket(server) {
function listenForResponse(ws, canceller) { function listenForResponse(ws, canceller) {
return new Promise((resolve, reject) => { return new Promise((resolve, reject) => {
ws.addEventListener('message', function(msg) { function handleMessage(msg) {
try { try {
const response = JSON.parse(msg.data); const response = JSON.parse(msg.data);
if (response.error) { if (response.error) {
throw new Error(response.error); throw new Error(response.error);
} else { } else {
resolve({ resolve(response);
url: response.url,
id: response.id,
ownerToken: response.owner
});
} }
} catch (e) { } catch (e) {
ws.close(); ws.close();
@ -131,7 +127,8 @@ function listenForResponse(ws, canceller) {
canceller.error = e; canceller.error = e;
reject(e); reject(e);
} }
}); }
ws.addEventListener('message', handleMessage, { once: true });
}); });
} }
@ -140,6 +137,7 @@ async function upload(
metadata, metadata,
verifierB64, verifierB64,
timeLimit, timeLimit,
dlimit,
bearerToken, bearerToken,
onprogress, onprogress,
canceller canceller
@ -160,12 +158,14 @@ async function upload(
fileMetadata: metadataHeader, fileMetadata: metadataHeader,
authorization: `send-v1 ${verifierB64}`, authorization: `send-v1 ${verifierB64}`,
bearer: bearerToken, bearer: bearerToken,
timeLimit timeLimit,
dlimit
}; };
const uploadInfoResponse = listenForResponse(ws, canceller);
const responsePromise = listenForResponse(ws, canceller);
ws.send(JSON.stringify(fileMeta)); ws.send(JSON.stringify(fileMeta));
const uploadInfo = await uploadInfoResponse;
const completedResponse = listenForResponse(ws, canceller);
const reader = stream.getReader(); const reader = stream.getReader();
let state = await reader.read(); let state = await reader.read();
@ -188,9 +188,9 @@ async function upload(
const footer = new Uint8Array([0]); const footer = new Uint8Array([0]);
ws.send(footer); ws.send(footer);
const response = await responsePromise; //promise only fufills if response is good await completedResponse;
ws.close(); ws.close();
return response; return uploadInfo;
} catch (e) { } catch (e) {
ws.close(4000); ws.close(4000);
throw e; throw e;
@ -202,6 +202,7 @@ export function uploadWs(
metadata, metadata,
verifierB64, verifierB64,
timeLimit, timeLimit,
dlimit,
bearerToken, bearerToken,
onprogress onprogress
) { ) {
@ -218,6 +219,7 @@ export function uploadWs(
metadata, metadata,
verifierB64, verifierB64,
timeLimit, timeLimit,
dlimit,
bearerToken, bearerToken,
onprogress, onprogress,
canceller canceller
@ -244,7 +246,6 @@ async function downloadS(id, keychain, signal) {
if (response.status !== 200) { if (response.status !== 200) {
throw new Error(response.status); throw new Error(response.status);
} }
//const fileSize = response.headers.get('Content-Length');
return response.body; return response.body;
} }

20
app/fileManager.js
View File

@ -52,7 +52,7 @@ export default function(state, emitter) {
emitter.on('logout', () => { emitter.on('logout', () => {
state.user.logout(); state.user.logout();
render(); emitter.emit('pushState', '/');
}); });
emitter.on('changeLimit', async ({ file, value }) => { emitter.on('changeLimit', async ({ file, value }) => {
@ -107,7 +107,7 @@ export default function(state, emitter) {
render(); render();
}); });
emitter.on('upload', async ({ type, dlCount, password }) => { emitter.on('upload', async ({ type, dlimit, password }) => {
if (!state.archive) return; if (!state.archive) return;
if (state.storage.files.length >= LIMITS.MAX_ARCHIVES_PER_USER) { if (state.storage.files.length >= LIMITS.MAX_ARCHIVES_PER_USER) {
return alert( return alert(
@ -118,11 +118,7 @@ export default function(state, emitter) {
} }
const size = state.archive.size; const size = state.archive.size;
if (!state.timeLimit) state.timeLimit = DEFAULTS.EXPIRE_SECONDS; if (!state.timeLimit) state.timeLimit = DEFAULTS.EXPIRE_SECONDS;
const sender = new FileSender( const sender = new FileSender();
state.archive,
state.timeLimit,
state.user.bearerToken
);
sender.on('progress', updateProgress); sender.on('progress', updateProgress);
sender.on('encrypting', render); sender.on('encrypting', render);
@ -136,17 +132,21 @@ export default function(state, emitter) {
try { try {
metrics.startedUpload({ size, type }); metrics.startedUpload({ size, type });
const ownedFile = await sender.upload(); const ownedFile = await sender.upload(
state.archive,
state.timeLimit,
dlimit,
state.user.bearerToken
);
ownedFile.type = type; ownedFile.type = type;
state.storage.totalUploads += 1; state.storage.totalUploads += 1;
metrics.completedUpload(ownedFile); metrics.completedUpload(ownedFile);
state.storage.addFile(ownedFile); state.storage.addFile(ownedFile);
// TODO integrate password and limit into /upload request // TODO integrate password into /upload request
if (password) { if (password) {
emitter.emit('password', { password, file: ownedFile }); emitter.emit('password', { password, file: ownedFile });
} }
emitter.emit('changeLimit', { file: ownedFile, value: dlCount });
const cancelBtn = document.getElementById('cancel-upload'); const cancelBtn = document.getElementById('cancel-upload');
if (cancelBtn) { if (cancelBtn) {

50
app/fileSender.js
View File

@ -7,11 +7,8 @@ import { uploadWs } from './api';
import { encryptedSize } from './ece'; import { encryptedSize } from './ece';
export default class FileSender extends Nanobus { export default class FileSender extends Nanobus {
constructor(file, timeLimit, bearerToken) { constructor() {
super('FileSender'); super('FileSender');
this.timeLimit = timeLimit || DEFAULTS.EXPIRE_SECONDS;
this.bearerToken = bearerToken;
this.file = file;
this.keychain = new Keychain(); this.keychain = new Keychain();
this.reset(); this.reset();
} }
@ -45,39 +42,30 @@ export default class FileSender extends Nanobus {
} }
} }
readFile() { async upload(
return new Promise((resolve, reject) => { file,
const reader = new FileReader(); timeLimit = DEFAULTS.EXPIRE_SECONDS,
reader.readAsArrayBuffer(this.file); dlimit = 1,
// TODO: progress? bearerToken
reader.onload = function(event) { ) {
const plaintext = new Uint8Array(this.result);
resolve(plaintext);
};
reader.onerror = function(err) {
reject(err);
};
});
}
async upload() {
const start = Date.now(); const start = Date.now();
if (this.cancelled) { if (this.cancelled) {
throw new Error(0); throw new Error(0);
} }
this.msg = 'encryptingFile'; this.msg = 'encryptingFile';
this.emit('encrypting'); this.emit('encrypting');
const totalSize = encryptedSize(this.file.size); const totalSize = encryptedSize(file.size);
const encStream = await this.keychain.encryptStream(this.file.stream); const encStream = await this.keychain.encryptStream(file.stream);
const metadata = await this.keychain.encryptMetadata(this.file); const metadata = await this.keychain.encryptMetadata(file);
const authKeyB64 = await this.keychain.authKeyB64(); const authKeyB64 = await this.keychain.authKeyB64();
this.uploadRequest = uploadWs( this.uploadRequest = uploadWs(
encStream, encStream,
metadata, metadata,
authKeyB64, authKeyB64,
this.timeLimit, timeLimit,
this.bearerToken, dlimit,
bearerToken,
p => { p => {
this.progress = [p, totalSize]; this.progress = [p, totalSize];
this.emit('progress'); this.emit('progress');
@ -100,17 +88,17 @@ export default class FileSender extends Nanobus {
const ownedFile = new OwnedFile({ const ownedFile = new OwnedFile({
id: result.id, id: result.id,
url: `${result.url}#${secretKey}`, url: `${result.url}#${secretKey}`,
name: this.file.name, name: file.name,
size: this.file.size, size: file.size,
manifest: this.file.manifest, manifest: file.manifest,
time: time, time: time,
speed: this.file.size / (time / 1000), speed: file.size / (time / 1000),
createdAt: Date.now(), createdAt: Date.now(),
expiresAt: Date.now() + this.timeLimit * 1000, expiresAt: Date.now() + timeLimit * 1000,
secretKey: secretKey, secretKey: secretKey,
nonce: this.keychain.nonce, nonce: this.keychain.nonce,
ownerToken: result.ownerToken, ownerToken: result.ownerToken,
timeLimit: this.timeLimit timeLimit: timeLimit
}); });
return ownedFile; return ownedFile;

2
app/pages/welcome/index.js
View File

@ -129,7 +129,7 @@ module.exports = function(state, emit) {
emit('upload', { emit('upload', {
type: 'click', type: 'click',
dlCount: state.downloadCount || 1, dlimit: state.downloadCount || 1,
password: state.password password: state.password
}); });
} }

31
server/routes/ws.js
View File

@ -5,7 +5,7 @@ const mozlog = require('../log');
const Limiter = require('../limiter'); const Limiter = require('../limiter');
const Parser = require('../streamparser'); const Parser = require('../streamparser');
const wsStream = require('websocket-stream/stream'); const wsStream = require('websocket-stream/stream');
// const fxa = require('./fxa'); const fxa = require('./fxa');
const log = mozlog('send.upload'); const log = mozlog('send.upload');
@ -24,22 +24,27 @@ module.exports = function(ws, req) {
const owner = crypto.randomBytes(10).toString('hex'); const owner = crypto.randomBytes(10).toString('hex');
const fileInfo = JSON.parse(message); const fileInfo = JSON.parse(message);
const timeLimit = fileInfo.timeLimit; const timeLimit = fileInfo.timeLimit || config.default_expire_seconds;
const dlimit = fileInfo.dlimit || 1;
const metadata = fileInfo.fileMetadata; const metadata = fileInfo.fileMetadata;
const auth = fileInfo.authorization; const auth = fileInfo.authorization;
const user = '1'; //await fxa.verify(fileInfo.bearer); // TODO const user = await fxa.verify(fileInfo.bearer);
const maxFileSize = user const maxFileSize = user
? config.max_file_size ? config.max_file_size
: config.anon_max_file_size; : config.anon_max_file_size;
const maxExpireSeconds = user const maxExpireSeconds = user
? config.max_expire_seconds ? config.max_expire_seconds
: config.anon_max_expire_seconds; : config.anon_max_expire_seconds;
const maxDownloads = user
? config.max_downloads
: config.anon_max_downloads;
if ( if (
!metadata || !metadata ||
!auth || !auth ||
timeLimit <= 0 || timeLimit <= 0 ||
timeLimit > maxExpireSeconds timeLimit > maxExpireSeconds ||
dlimit > maxDownloads
) { ) {
ws.send( ws.send(
JSON.stringify({ JSON.stringify({
@ -52,6 +57,7 @@ module.exports = function(ws, req) {
const meta = { const meta = {
owner, owner,
metadata, metadata,
dlimit,
auth: auth.split(' ')[1], auth: auth.split(' ')[1],
nonce: crypto.randomBytes(16).toString('base64') nonce: crypto.randomBytes(16).toString('base64')
}; };
@ -59,6 +65,14 @@ module.exports = function(ws, req) {
const protocol = config.env === 'production' ? 'https' : req.protocol; const protocol = config.env === 'production' ? 'https' : req.protocol;
const url = `${protocol}://${req.get('host')}/download/${newId}/`; const url = `${protocol}://${req.get('host')}/download/${newId}/`;
ws.send(
JSON.stringify({
url,
ownerToken: meta.owner,
id: newId
})
);
const limiter = new Limiter(maxFileSize); const limiter = new Limiter(maxFileSize);
const parser = new Parser(); const parser = new Parser();
fileStream = wsStream(ws, { binary: true }) fileStream = wsStream(ws, { binary: true })
@ -74,14 +88,7 @@ module.exports = function(ws, req) {
// TODO: we should handle cancelled uploads differently // TODO: we should handle cancelled uploads differently
// in order to avoid having to check socket state and clean // in order to avoid having to check socket state and clean
// up storage, possibly with an exception that we can catch. // up storage, possibly with an exception that we can catch.
ws.send( ws.send(JSON.stringify({ ok: true }));
JSON.stringify({
url,
owner: meta.owner,
id: newId,
authentication: `send-v1 ${meta.nonce}`
})
);
} }
} catch (e) { } catch (e) {
log.error('upload', e); log.error('upload', e);

1
test/frontend/tests/api-tests.js
View File

@ -24,6 +24,7 @@ describe('API', function() {
meta, meta,
verifierB64, verifierB64,
DEFAULTS.EXPIRE_SECONDS, DEFAULTS.EXPIRE_SECONDS,
1,
null, null,
p p
); );

4
test/frontend/tests/fileSender-tests.js
View File

@ -10,8 +10,8 @@ const archive = new Archive([blob]);
describe('FileSender', function() { describe('FileSender', function() {
describe('upload', function() { describe('upload', function() {
it('returns an OwnedFile on success', async function() { it('returns an OwnedFile on success', async function() {
const fs = new FileSender(archive); const fs = new FileSender();
const file = await fs.upload(); const file = await fs.upload(archive);
assert.ok(file.id); assert.ok(file.id);
assert.equal(file.name, archive.name); assert.equal(file.name, archive.name);
}); });

44
test/frontend/tests/workflow-tests.js
View File

@ -18,8 +18,8 @@ navigator.serviceWorker.register('/serviceWorker.js');
describe('Upload / Download flow', function() { describe('Upload / Download flow', function() {
this.timeout(0); this.timeout(0);
it('can only download once by default', async function() { it('can only download once by default', async function() {
const fs = new FileSender(archive); const fs = new FileSender();
const file = await fs.upload(); const file = await fs.upload(archive);
const fr = new FileReceiver({ const fr = new FileReceiver({
secretKey: file.toJSON().secretKey, secretKey: file.toJSON().secretKey,
id: file.id, id: file.id,
@ -38,8 +38,8 @@ describe('Upload / Download flow', function() {
}); });
it('downloads with the correct password', async function() { it('downloads with the correct password', async function() {
const fs = new FileSender(archive); const fs = new FileSender();
const file = await fs.upload(); const file = await fs.upload(archive);
await file.setPassword('magic'); await file.setPassword('magic');
const fr = new FileReceiver({ const fr = new FileReceiver({
secretKey: file.toJSON().secretKey, secretKey: file.toJSON().secretKey,
@ -55,8 +55,8 @@ describe('Upload / Download flow', function() {
}); });
it('blocks invalid passwords from downloading', async function() { it('blocks invalid passwords from downloading', async function() {
const fs = new FileSender(archive); const fs = new FileSender();
const file = await fs.upload(); const file = await fs.upload(archive);
await file.setPassword('magic'); await file.setPassword('magic');
const fr = new FileReceiver({ const fr = new FileReceiver({
secretKey: file.toJSON().secretKey, secretKey: file.toJSON().secretKey,
@ -83,8 +83,8 @@ describe('Upload / Download flow', function() {
}); });
it('retries a bad nonce', async function() { it('retries a bad nonce', async function() {
const fs = new FileSender(archive); const fs = new FileSender();
const file = await fs.upload(); const file = await fs.upload(archive);
const fr = new FileReceiver({ const fr = new FileReceiver({
secretKey: file.toJSON().secretKey, secretKey: file.toJSON().secretKey,
id: file.id, id: file.id,
@ -96,8 +96,8 @@ describe('Upload / Download flow', function() {
}); });
it('can cancel the upload', async function() { it('can cancel the upload', async function() {
const fs = new FileSender(archive); const fs = new FileSender();
const up = fs.upload(); const up = fs.upload(archive);
fs.cancel(); // before encrypting fs.cancel(); // before encrypting
try { try {
await up; await up;
@ -108,7 +108,7 @@ describe('Upload / Download flow', function() {
fs.reset(); fs.reset();
fs.once('encrypting', () => fs.cancel()); fs.once('encrypting', () => fs.cancel());
try { try {
await fs.upload(); await fs.upload(archive);
assert.fail('not cancelled 2'); assert.fail('not cancelled 2');
} catch (e) { } catch (e) {
assert.equal(e.message, '0'); assert.equal(e.message, '0');
@ -116,7 +116,7 @@ describe('Upload / Download flow', function() {
fs.reset(); fs.reset();
fs.once('progress', () => fs.cancel()); fs.once('progress', () => fs.cancel());
try { try {
await fs.upload(); await fs.upload(archive);
assert.fail('not cancelled 3'); assert.fail('not cancelled 3');
} catch (e) { } catch (e) {
assert.equal(e.message, '0'); assert.equal(e.message, '0');
@ -124,8 +124,8 @@ describe('Upload / Download flow', function() {
}); });
it('can cancel the download', async function() { it('can cancel the download', async function() {
const fs = new FileSender(archive); const fs = new FileSender();
const file = await fs.upload(); const file = await fs.upload(archive);
const fr = new FileReceiver({ const fr = new FileReceiver({
secretKey: file.toJSON().secretKey, secretKey: file.toJSON().secretKey,
id: file.id, id: file.id,
@ -144,8 +144,8 @@ describe('Upload / Download flow', function() {
it('can increase download count on download', async function() { it('can increase download count on download', async function() {
this.timeout(0); this.timeout(0);
const fs = new FileSender(archive); const fs = new FileSender();
const file = await fs.upload(); const file = await fs.upload(archive);
const fr = new FileReceiver({ const fr = new FileReceiver({
secretKey: file.toJSON().secretKey, secretKey: file.toJSON().secretKey,
id: file.id, id: file.id,
@ -159,8 +159,8 @@ describe('Upload / Download flow', function() {
}); });
it('does not increase download count when download cancelled', async function() { it('does not increase download count when download cancelled', async function() {
const fs = new FileSender(archive); const fs = new FileSender();
const file = await fs.upload(); const file = await fs.upload(archive);
const fr = new FileReceiver({ const fr = new FileReceiver({
secretKey: file.toJSON().secretKey, secretKey: file.toJSON().secretKey,
id: file.id, id: file.id,
@ -180,8 +180,8 @@ describe('Upload / Download flow', function() {
}); });
it('can allow multiple downloads', async function() { it('can allow multiple downloads', async function() {
const fs = new FileSender(archive); const fs = new FileSender();
const file = await fs.upload(); const file = await fs.upload(archive);
const fr = new FileReceiver({ const fr = new FileReceiver({
secretKey: file.toJSON().secretKey, secretKey: file.toJSON().secretKey,
id: file.id, id: file.id,
@ -206,8 +206,8 @@ describe('Upload / Download flow', function() {
}); });
it('can delete the file before download', async function() { it('can delete the file before download', async function() {
const fs = new FileSender(archive); const fs = new FileSender();
const file = await fs.upload(); const file = await fs.upload(archive);
const fr = new FileReceiver({ const fr = new FileReceiver({
secretKey: file.toJSON().secretKey, secretKey: file.toJSON().secretKey,
id: file.id, id: file.id,