send/server/routes/ws.js

135 lines
3.7 KiB
JavaScript
Raw Normal View History

2018-06-21 00:05:33 +00:00
const crypto = require('crypto');
const storage = require('../storage');
const config = require('../config');
const mozlog = require('../log');
const Limiter = require('../limiter');
const fxa = require('../fxa');
2019-02-12 19:50:06 +00:00
const { statUploadEvent } = require('../amplitude');
const { encryptedSize } = require('../../app/utils');
2018-06-21 00:05:33 +00:00
const { Transform } = require('stream');
2018-06-21 00:05:33 +00:00
const log = mozlog('send.upload');
2018-08-07 22:40:17 +00:00
module.exports = function(ws, req) {
2018-06-21 00:05:33 +00:00
let fileStream;
2018-06-21 20:57:53 +00:00
ws.on('close', e => {
2018-06-22 20:17:23 +00:00
if (e !== 1000 && fileStream !== undefined) {
fileStream.destroy();
2018-06-21 20:57:53 +00:00
}
});
2018-06-21 00:05:33 +00:00
2018-06-25 17:57:52 +00:00
ws.once('message', async function(message) {
2018-06-21 20:57:53 +00:00
try {
2019-03-26 16:32:44 +00:00
const newId = crypto.randomBytes(8).toString('hex');
2018-06-25 17:57:52 +00:00
const owner = crypto.randomBytes(10).toString('hex');
2018-06-21 00:05:33 +00:00
2018-06-25 17:57:52 +00:00
const fileInfo = JSON.parse(message);
2018-08-31 21:20:15 +00:00
const timeLimit = fileInfo.timeLimit || config.default_expire_seconds;
const dlimit = fileInfo.dlimit || 1;
2018-06-25 17:57:52 +00:00
const metadata = fileInfo.fileMetadata;
const auth = fileInfo.authorization;
2018-08-31 21:20:15 +00:00
const user = await fxa.verify(fileInfo.bearer);
2018-08-07 22:40:17 +00:00
const maxFileSize = user
? config.max_file_size
: config.anon_max_file_size;
const maxExpireSeconds = user
? config.max_expire_seconds
: config.anon_max_expire_seconds;
2018-08-31 21:20:15 +00:00
const maxDownloads = user
? config.max_downloads
: config.anon_max_downloads;
2018-06-21 00:05:33 +00:00
if (config.fxa_required && !user) {
ws.send(
JSON.stringify({
error: 401
})
);
return ws.close();
}
2018-08-08 18:07:09 +00:00
if (
!metadata ||
!auth ||
timeLimit <= 0 ||
2018-08-31 21:20:15 +00:00
timeLimit > maxExpireSeconds ||
dlimit > maxDownloads
2018-08-08 18:07:09 +00:00
) {
2018-06-21 00:05:33 +00:00
ws.send(
JSON.stringify({
2018-06-25 17:57:52 +00:00
error: 400
2018-06-21 00:05:33 +00:00
})
);
2018-06-25 17:57:52 +00:00
return ws.close();
2018-06-21 00:05:33 +00:00
}
2018-06-25 17:57:52 +00:00
const meta = {
owner,
metadata,
2018-08-31 21:20:15 +00:00
dlimit,
2018-06-25 17:57:52 +00:00
auth: auth.split(' ')[1],
nonce: crypto.randomBytes(16).toString('base64')
};
const protocol = config.env === 'production' ? 'https' : req.protocol;
const url = `${protocol}://${req.get('host')}/download/${newId}/`;
2018-08-31 21:20:15 +00:00
ws.send(
JSON.stringify({
url,
ownerToken: meta.owner,
id: newId
})
);
const limiter = new Limiter(encryptedSize(maxFileSize));
const eof = new Transform({
transform: function(chunk, encoding, callback) {
if (chunk.length === 1 && chunk[0] === 0) {
this.push(null);
} else {
this.push(chunk);
}
callback();
}
});
const wsStream = ws.constructor.createWebSocketStream(ws);
fileStream = wsStream.pipe(eof).pipe(limiter); // limiter needs to be the last in the chain
2018-08-08 18:07:09 +00:00
await storage.set(newId, fileStream, meta, timeLimit);
2018-06-25 17:57:52 +00:00
2018-06-25 21:01:08 +00:00
if (ws.readyState === 1) {
// if the socket is closed by a cancelled upload the stream
// ends without an error so we need to check the state
// before sending a reply.
2018-06-25 18:52:29 +00:00
2018-06-25 21:01:08 +00:00
// TODO: we should handle cancelled uploads differently
// in order to avoid having to check socket state and clean
// up storage, possibly with an exception that we can catch.
2018-08-31 21:20:15 +00:00
ws.send(JSON.stringify({ ok: true }));
2019-02-12 19:50:06 +00:00
statUploadEvent({
id: newId,
ip: req.ip,
owner,
dlimit,
timeLimit,
anonymous: !user,
2019-05-03 16:25:12 +00:00
size: limiter.length,
agent: req.ua.browser.name || req.ua.ua.substring(0, 6)
2019-02-12 19:50:06 +00:00
});
2018-06-25 21:01:08 +00:00
}
2018-06-21 20:57:53 +00:00
} catch (e) {
log.error('upload', e);
2018-06-25 21:01:08 +00:00
if (ws.readyState === 1) {
ws.send(
JSON.stringify({
error: e === 'limit' ? 413 : 500
})
);
}
2018-06-21 20:57:53 +00:00
}
ws.close();
2018-06-21 20:57:53 +00:00
});
2018-06-21 00:05:33 +00:00
};