added hmac auth to report route
This commit is contained in:
parent
2f6119e2f1
commit
d9cbe058ab
19
app/api.js
19
app/api.js
@ -61,7 +61,10 @@ async function fetchWithAuth(url, params, keychain) {
|
||||
const result = {};
|
||||
params = params || {};
|
||||
const h = await keychain.authHeader();
|
||||
params.headers = new Headers({ Authorization: h });
|
||||
params.headers = new Headers({
|
||||
Authorization: h,
|
||||
'Content-Type': 'application/json'
|
||||
});
|
||||
const response = await fetch(url, params);
|
||||
result.response = response;
|
||||
result.ok = response.ok;
|
||||
@ -439,15 +442,19 @@ export async function getConstants() {
|
||||
throw new Error(response.status);
|
||||
}
|
||||
|
||||
export async function reportLink(id, key, reason) {
|
||||
const response = await fetch(
|
||||
export async function reportLink(id, keychain, reason) {
|
||||
const result = await fetchWithAuthAndRetry(
|
||||
getApiUrl(`/api/report/${id}`),
|
||||
post({ key, reason })
|
||||
{
|
||||
method: 'POST',
|
||||
body: JSON.stringify({ reason })
|
||||
},
|
||||
keychain
|
||||
);
|
||||
|
||||
if (response.ok) {
|
||||
if (result.ok) {
|
||||
return;
|
||||
}
|
||||
|
||||
throw new Error(response.status);
|
||||
throw new Error(result.response.status);
|
||||
}
|
||||
|
@ -1,6 +1,5 @@
|
||||
import FileSender from './fileSender';
|
||||
import FileReceiver from './fileReceiver';
|
||||
import { reportLink } from './api';
|
||||
import { copyToClipboard, delay, openLinksInNewTab, percent } from './utils';
|
||||
import * as metrics from './metrics';
|
||||
import { bytes, locale } from './utils';
|
||||
@ -315,13 +314,7 @@ export default function(state, emitter) {
|
||||
|
||||
emitter.on('report', async ({ reason }) => {
|
||||
try {
|
||||
const file = state.fileInfo;
|
||||
if (!file) {
|
||||
// TODO
|
||||
emitter.emit('pushState', '/error');
|
||||
return render();
|
||||
}
|
||||
await reportLink(file.id, file.secretKey, reason);
|
||||
await state.transfer.reportLink(reason);
|
||||
render();
|
||||
} catch (err) {
|
||||
console.error(err);
|
||||
|
@ -1,7 +1,7 @@
|
||||
import Nanobus from 'nanobus';
|
||||
import Keychain from './keychain';
|
||||
import { delay, bytes, streamToArrayBuffer } from './utils';
|
||||
import { downloadFile, metadata, getApiUrl } from './api';
|
||||
import { downloadFile, metadata, getApiUrl, reportLink } from './api';
|
||||
import { blobStream } from './streams';
|
||||
import Zip from './zip';
|
||||
|
||||
@ -53,6 +53,10 @@ export default class FileReceiver extends Nanobus {
|
||||
this.state = 'ready';
|
||||
}
|
||||
|
||||
async reportLink(reason) {
|
||||
await reportLink(this.fileInfo.id, this.keychain, reason);
|
||||
}
|
||||
|
||||
sendMessageToSw(msg) {
|
||||
return new Promise((resolve, reject) => {
|
||||
const channel = new MessageChannel();
|
||||
|
@ -9,7 +9,7 @@ import contentDisposition from 'content-disposition';
|
||||
let noSave = false;
|
||||
const map = new Map();
|
||||
const IMAGES = /.*\.(png|svg|jpg)$/;
|
||||
const VERSIONED_ASSET = /\.[A-Fa-f0-9]{8}\.(js|css|png|svg|jpg)$/;
|
||||
const VERSIONED_ASSET = /\.[A-Fa-f0-9]{8}\.(js|css|png|svg|jpg)(#\w+)?$/;
|
||||
const DOWNLOAD_URL = /\/api\/download\/([A-Fa-f0-9]{4,})/;
|
||||
const FONT = /\.woff2?$/;
|
||||
|
||||
|
@ -127,7 +127,7 @@ module.exports = function(app) {
|
||||
require('./params')
|
||||
);
|
||||
app.post(`/api/info/:id${ID_REGEX}`, auth.owner, require('./info'));
|
||||
app.post(`/api/report/:id${ID_REGEX}`, require('./report'));
|
||||
app.post(`/api/report/:id${ID_REGEX}`, auth.hmac, require('./report'));
|
||||
app.post('/api/metrics', require('./metrics'));
|
||||
app.get('/__version__', function(req, res) {
|
||||
// eslint-disable-next-line node/no-missing-require
|
||||
|
@ -1,38 +1,21 @@
|
||||
const storage = require('../storage');
|
||||
const Keychain = require('../keychain');
|
||||
const { statReportEvent } = require('../amplitude');
|
||||
|
||||
module.exports = async function(req, res) {
|
||||
try {
|
||||
const id = req.params.id;
|
||||
const meta = await storage.metadata(id);
|
||||
if (meta.flagged) {
|
||||
return res.sendStatus(200);
|
||||
}
|
||||
try {
|
||||
const key = req.body.key;
|
||||
const keychain = new Keychain(key);
|
||||
const metadata = await keychain.decryptMetadata(
|
||||
Buffer.from(meta.metadata, 'base64')
|
||||
);
|
||||
if (metadata.manifest) {
|
||||
storage.flag(id, key);
|
||||
statReportEvent({
|
||||
id,
|
||||
ip: req.ip,
|
||||
owner: meta.owner,
|
||||
reason: req.body.reason,
|
||||
download_limit: meta.dlimit,
|
||||
download_count: meta.dl,
|
||||
agent: req.ua.browser.name || req.ua.ua.substring(0, 6)
|
||||
});
|
||||
return res.sendStatus(200);
|
||||
}
|
||||
res.sendStatus(400);
|
||||
} catch (e) {
|
||||
console.error(e);
|
||||
res.sendStatus(400);
|
||||
}
|
||||
storage.flag(id);
|
||||
statReportEvent({
|
||||
id,
|
||||
ip: req.ip,
|
||||
owner: meta.owner,
|
||||
reason: req.body.reason,
|
||||
download_limit: meta.dlimit,
|
||||
download_count: meta.dl,
|
||||
agent: req.ua.browser.name || req.ua.ua.substring(0, 6)
|
||||
});
|
||||
res.sendStatus(200);
|
||||
} catch (e) {
|
||||
res.sendStatus(404);
|
||||
}
|
||||
|
@ -80,14 +80,16 @@ class DB {
|
||||
}
|
||||
|
||||
async kill(id) {
|
||||
const { filePath } = await this.getPrefixedInfo(id);
|
||||
this.storage.del(filePath);
|
||||
this.redis.hset(id, 'dead', 1);
|
||||
const { filePath, dead } = await this.getPrefixedInfo(id);
|
||||
if (!dead) {
|
||||
this.storage.del(filePath);
|
||||
this.redis.hset(id, 'dead', 1);
|
||||
}
|
||||
}
|
||||
|
||||
async flag(id, key) {
|
||||
async flag(id) {
|
||||
await this.kill(id);
|
||||
this.redis.hmset(id, { flagged: 1, key });
|
||||
this.redis.hset(id, 'flagged', 1);
|
||||
}
|
||||
|
||||
async del(id) {
|
||||
|
Loading…
Reference in New Issue
Block a user