drop.chapril.org-firefoxsend/server/routes/pages.js
2017-10-10 10:45:10 -07:00

67 lines
1.6 KiB
JavaScript

const routes = require('../../app/routes');
const storage = require('../storage');
const state = require('../state');
function validateID(route_id) {
return route_id.match(/^[0-9a-fA-F]{10}$/) !== null;
}
function stripEvents(str) {
// For CSP we need to remove all the event handler placeholders.
// It's ok, app.js will add them when it attaches to the DOM.
return str.replace(/\son\w+=""/g, '');
}
module.exports = {
index: function(req, res) {
res.send(stripEvents(routes.toString('/', state(req))));
},
blank: function(req, res) {
res.send(stripEvents(routes.toString('/blank', state(req))));
},
download: async function(req, res, next) {
const id = req.params.id;
if (!validateID(id)) {
return next();
}
try {
const { nonce, pwd } = await storage.metadata(id);
res.set('WWW-Authenticate', `send-v1 ${nonce}`);
res.send(
stripEvents(
routes.toString(
`/download/${req.params.id}`,
Object.assign(state(req), {
fileInfo: { nonce, pwd: +pwd }
})
)
)
);
} catch (e) {
next();
}
},
unsupported: function(req, res) {
res.send(
stripEvents(
routes.toString(
`/unsupported/${req.params.reason}`,
Object.assign(state(req), { fira: true })
)
)
);
},
legal: function(req, res) {
res.send(stripEvents(routes.toString('/legal', state(req))));
},
notfound: function(req, res) {
res.status(404).send(stripEvents(routes.toString('/404', state(req))));
}
};