added fxa auth to /params

2018-08-31 10:59:26 -07:00 · 2018-08-31 10:59:26 -07:00 · fb7176d989
parent 718d74fa50
commit fb7176d989
7 changed files with 41 additions and 18 deletions
--- a/app/api.js
+++ b/app/api.js
@ -1,12 +1,16 @@
 import { arrayToB64, b64ToArray, delay } from './utils';
 import { ECE_RECORD_SIZE } from './ece';

-function post(obj) {
+function post(obj, bearerToken) {
+  const h = {
+    'Content-Type': 'application/json'
+  };
+  if (bearerToken) {
+    h['Authentication'] = `Bearer ${bearerToken}`;
+  }
  return {
    method: 'POST',
-    headers: new Headers({
-      'Content-Type': 'application/json'
-    }),
+    headers: new Headers(h),
    body: JSON.stringify(obj)
  };
 }
@ -43,13 +47,16 @@ export async function del(id, owner_token) {
  return response.ok;
 }

-export async function setParams(id, owner_token, params) {
+export async function setParams(id, owner_token, bearerToken, params) {
  const response = await fetch(
    `/api/params/${id}`,
-    post({
-      owner_token,
-      dlimit: params.dlimit
-    })
+    post(
+      {
+        owner_token,
+        dlimit: params.dlimit
+      },
+      bearerToken
+    )
  );
  return response.ok;
 }
--- a/app/fileManager.js
+++ b/app/fileManager.js
@ -56,7 +56,11 @@ export default function(state, emitter) {
  });

  emitter.on('changeLimit', async ({ file, value }) => {
-    await file.changeLimit(value);
+    const ok = await file.changeLimit(value, state.user);
+    if (!ok) {
+      // TODO
+      return;
+    }
    state.storage.writeFile(file);
    metrics.changedDownloadLimit(file);
  });
@ -138,6 +142,7 @@ export default function(state, emitter) {
      metrics.completedUpload(ownedFile);

      state.storage.addFile(ownedFile);
+      // TODO integrate password and limit into /upload request
      if (password) {
        emitter.emit('password', { password, file: ownedFile });
      }
--- a/app/ownedFile.js
+++ b/app/ownedFile.js
@ -48,10 +48,10 @@ export default class OwnedFile {
    return del(this.id, this.ownerToken);
  }

-  changeLimit(dlimit) {
+  changeLimit(dlimit, user = {}) {
    if (this.dlimit !== dlimit) {
      this.dlimit = dlimit;
-      return setParams(this.id, this.ownerToken, { dlimit });
+      return setParams(this.id, this.ownerToken, user.bearerToken, { dlimit });
    }
    return Promise.resolve(true);
  }
--- a/app/pages/welcome/index.js
+++ b/app/pages/welcome/index.js
@ -129,7 +129,7 @@ module.exports = function(state, emit) {

    emit('upload', {
      type: 'click',
-      dlCount: state.downloadCount,
+      dlCount: state.downloadCount || 1,
      password: state.password
    });
  }
--- a/public/locales/en-US/send.ftl
+++ b/public/locales/en-US/send.ftl
@ -84,8 +84,14 @@ errorPageHeader = Something went wrong!
 errorPageMessage = There has been an error uploading the file.
 errorPageLink = Send another file
 fileTooBig = That file is too big to upload. It should be less than { $size }.
-tooManyFiles = Only { $count } files can be uploaded at a time.
-tooManyArchives = Only { $count } archives are allowed.
+# count will always be > 10
+tooManyFiles = { $count ->
+    *[other] Only { $count } files can be uploaded at a time.
+}
+# count will always be > 10
+tooManyArchives = { $count ->
+    *[other] Only { $count } archives are allowed.
+}
 linkExpiredAlt = Link expired
 expiredPageHeader = This link has expired or never existed in the first place!
 notSupportedHeader = Your browser is not supported.
--- a/server/routes/index.js
+++ b/server/routes/index.js
@ -87,7 +87,12 @@ module.exports = function(app) {
  app.post('/api/upload', auth.fxa, require('./upload'));
  app.post(`/api/delete/:id${ID_REGEX}`, auth.owner, require('./delete'));
  app.post(`/api/password/:id${ID_REGEX}`, auth.owner, require('./password'));
-  app.post(`/api/params/:id${ID_REGEX}`, auth.owner, require('./params'));
+  app.post(
+    `/api/params/:id${ID_REGEX}`,
+    auth.owner,
+    auth.fxa,
+    require('./params')
+  );
  app.post(`/api/info/:id${ID_REGEX}`, auth.owner, require('./info'));

  app.get('/__version__', function(req, res) {
--- a/server/routes/params.js
+++ b/server/routes/params.js
@ -2,9 +2,9 @@ const config = require('../config');
 const storage = require('../storage');

 module.exports = function(req, res) {
+  const max = req.user ? config.max_downloads : config.anon_max_downloads;
  const dlimit = req.body.dlimit;
-  // TODO: fxa auth
-  if (!dlimit || dlimit > config.max_downloads) {
+  if (!dlimit || dlimit > max) {
    return res.sendStatus(400);
  }