added fxa auth to /params

This commit is contained in:
Danny Coates 2018-08-31 10:59:26 -07:00
parent 718d74fa50
commit fb7176d989
No known key found for this signature in database
GPG Key ID: 4C442633C62E00CB
7 changed files with 41 additions and 18 deletions

View File

@ -1,12 +1,16 @@
import { arrayToB64, b64ToArray, delay } from './utils'; import { arrayToB64, b64ToArray, delay } from './utils';
import { ECE_RECORD_SIZE } from './ece'; import { ECE_RECORD_SIZE } from './ece';
function post(obj) { function post(obj, bearerToken) {
const h = {
'Content-Type': 'application/json'
};
if (bearerToken) {
h['Authentication'] = `Bearer ${bearerToken}`;
}
return { return {
method: 'POST', method: 'POST',
headers: new Headers({ headers: new Headers(h),
'Content-Type': 'application/json'
}),
body: JSON.stringify(obj) body: JSON.stringify(obj)
}; };
} }
@ -43,13 +47,16 @@ export async function del(id, owner_token) {
return response.ok; return response.ok;
} }
export async function setParams(id, owner_token, params) { export async function setParams(id, owner_token, bearerToken, params) {
const response = await fetch( const response = await fetch(
`/api/params/${id}`, `/api/params/${id}`,
post({ post(
owner_token, {
dlimit: params.dlimit owner_token,
}) dlimit: params.dlimit
},
bearerToken
)
); );
return response.ok; return response.ok;
} }

View File

@ -56,7 +56,11 @@ export default function(state, emitter) {
}); });
emitter.on('changeLimit', async ({ file, value }) => { emitter.on('changeLimit', async ({ file, value }) => {
await file.changeLimit(value); const ok = await file.changeLimit(value, state.user);
if (!ok) {
// TODO
return;
}
state.storage.writeFile(file); state.storage.writeFile(file);
metrics.changedDownloadLimit(file); metrics.changedDownloadLimit(file);
}); });
@ -138,6 +142,7 @@ export default function(state, emitter) {
metrics.completedUpload(ownedFile); metrics.completedUpload(ownedFile);
state.storage.addFile(ownedFile); state.storage.addFile(ownedFile);
// TODO integrate password and limit into /upload request
if (password) { if (password) {
emitter.emit('password', { password, file: ownedFile }); emitter.emit('password', { password, file: ownedFile });
} }

View File

@ -48,10 +48,10 @@ export default class OwnedFile {
return del(this.id, this.ownerToken); return del(this.id, this.ownerToken);
} }
changeLimit(dlimit) { changeLimit(dlimit, user = {}) {
if (this.dlimit !== dlimit) { if (this.dlimit !== dlimit) {
this.dlimit = dlimit; this.dlimit = dlimit;
return setParams(this.id, this.ownerToken, { dlimit }); return setParams(this.id, this.ownerToken, user.bearerToken, { dlimit });
} }
return Promise.resolve(true); return Promise.resolve(true);
} }

View File

@ -129,7 +129,7 @@ module.exports = function(state, emit) {
emit('upload', { emit('upload', {
type: 'click', type: 'click',
dlCount: state.downloadCount, dlCount: state.downloadCount || 1,
password: state.password password: state.password
}); });
} }

View File

@ -84,8 +84,14 @@ errorPageHeader = Something went wrong!
errorPageMessage = There has been an error uploading the file. errorPageMessage = There has been an error uploading the file.
errorPageLink = Send another file errorPageLink = Send another file
fileTooBig = That file is too big to upload. It should be less than { $size }. fileTooBig = That file is too big to upload. It should be less than { $size }.
tooManyFiles = Only { $count } files can be uploaded at a time. # count will always be > 10
tooManyArchives = Only { $count } archives are allowed. tooManyFiles = { $count ->
*[other] Only { $count } files can be uploaded at a time.
}
# count will always be > 10
tooManyArchives = { $count ->
*[other] Only { $count } archives are allowed.
}
linkExpiredAlt = Link expired linkExpiredAlt = Link expired
expiredPageHeader = This link has expired or never existed in the first place! expiredPageHeader = This link has expired or never existed in the first place!
notSupportedHeader = Your browser is not supported. notSupportedHeader = Your browser is not supported.

View File

@ -87,7 +87,12 @@ module.exports = function(app) {
app.post('/api/upload', auth.fxa, require('./upload')); app.post('/api/upload', auth.fxa, require('./upload'));
app.post(`/api/delete/:id${ID_REGEX}`, auth.owner, require('./delete')); app.post(`/api/delete/:id${ID_REGEX}`, auth.owner, require('./delete'));
app.post(`/api/password/:id${ID_REGEX}`, auth.owner, require('./password')); app.post(`/api/password/:id${ID_REGEX}`, auth.owner, require('./password'));
app.post(`/api/params/:id${ID_REGEX}`, auth.owner, require('./params')); app.post(
`/api/params/:id${ID_REGEX}`,
auth.owner,
auth.fxa,
require('./params')
);
app.post(`/api/info/:id${ID_REGEX}`, auth.owner, require('./info')); app.post(`/api/info/:id${ID_REGEX}`, auth.owner, require('./info'));
app.get('/__version__', function(req, res) { app.get('/__version__', function(req, res) {

View File

@ -2,9 +2,9 @@ const config = require('../config');
const storage = require('../storage'); const storage = require('../storage');
module.exports = function(req, res) { module.exports = function(req, res) {
const max = req.user ? config.max_downloads : config.anon_max_downloads;
const dlimit = req.body.dlimit; const dlimit = req.body.dlimit;
// TODO: fxa auth if (!dlimit || dlimit > max) {
if (!dlimit || dlimit > config.max_downloads) {
return res.sendStatus(400); return res.sendStatus(400);
} }