added fxa auth to /params

This commit is contained in:
Danny Coates 2018-08-31 10:59:26 -07:00
parent 718d74fa50
commit fb7176d989
No known key found for this signature in database
GPG key ID: 4C442633C62E00CB
7 changed files with 41 additions and 18 deletions

View file

@ -1,12 +1,16 @@
import { arrayToB64, b64ToArray, delay } from './utils';
import { ECE_RECORD_SIZE } from './ece';
function post(obj) {
function post(obj, bearerToken) {
const h = {
'Content-Type': 'application/json'
};
if (bearerToken) {
h['Authentication'] = `Bearer ${bearerToken}`;
}
return {
method: 'POST',
headers: new Headers({
'Content-Type': 'application/json'
}),
headers: new Headers(h),
body: JSON.stringify(obj)
};
}
@ -43,13 +47,16 @@ export async function del(id, owner_token) {
return response.ok;
}
export async function setParams(id, owner_token, params) {
export async function setParams(id, owner_token, bearerToken, params) {
const response = await fetch(
`/api/params/${id}`,
post({
owner_token,
dlimit: params.dlimit
})
post(
{
owner_token,
dlimit: params.dlimit
},
bearerToken
)
);
return response.ok;
}

View file

@ -56,7 +56,11 @@ export default function(state, emitter) {
});
emitter.on('changeLimit', async ({ file, value }) => {
await file.changeLimit(value);
const ok = await file.changeLimit(value, state.user);
if (!ok) {
// TODO
return;
}
state.storage.writeFile(file);
metrics.changedDownloadLimit(file);
});
@ -138,6 +142,7 @@ export default function(state, emitter) {
metrics.completedUpload(ownedFile);
state.storage.addFile(ownedFile);
// TODO integrate password and limit into /upload request
if (password) {
emitter.emit('password', { password, file: ownedFile });
}

View file

@ -48,10 +48,10 @@ export default class OwnedFile {
return del(this.id, this.ownerToken);
}
changeLimit(dlimit) {
changeLimit(dlimit, user = {}) {
if (this.dlimit !== dlimit) {
this.dlimit = dlimit;
return setParams(this.id, this.ownerToken, { dlimit });
return setParams(this.id, this.ownerToken, user.bearerToken, { dlimit });
}
return Promise.resolve(true);
}

View file

@ -129,7 +129,7 @@ module.exports = function(state, emit) {
emit('upload', {
type: 'click',
dlCount: state.downloadCount,
dlCount: state.downloadCount || 1,
password: state.password
});
}

View file

@ -84,8 +84,14 @@ errorPageHeader = Something went wrong!
errorPageMessage = There has been an error uploading the file.
errorPageLink = Send another file
fileTooBig = That file is too big to upload. It should be less than { $size }.
tooManyFiles = Only { $count } files can be uploaded at a time.
tooManyArchives = Only { $count } archives are allowed.
# count will always be > 10
tooManyFiles = { $count ->
*[other] Only { $count } files can be uploaded at a time.
}
# count will always be > 10
tooManyArchives = { $count ->
*[other] Only { $count } archives are allowed.
}
linkExpiredAlt = Link expired
expiredPageHeader = This link has expired or never existed in the first place!
notSupportedHeader = Your browser is not supported.

View file

@ -87,7 +87,12 @@ module.exports = function(app) {
app.post('/api/upload', auth.fxa, require('./upload'));
app.post(`/api/delete/:id${ID_REGEX}`, auth.owner, require('./delete'));
app.post(`/api/password/:id${ID_REGEX}`, auth.owner, require('./password'));
app.post(`/api/params/:id${ID_REGEX}`, auth.owner, require('./params'));
app.post(
`/api/params/:id${ID_REGEX}`,
auth.owner,
auth.fxa,
require('./params')
);
app.post(`/api/info/:id${ID_REGEX}`, auth.owner, require('./info'));
app.get('/__version__', function(req, res) {

View file

@ -2,9 +2,9 @@ const config = require('../config');
const storage = require('../storage');
module.exports = function(req, res) {
const max = req.user ? config.max_downloads : config.anon_max_downloads;
const dlimit = req.body.dlimit;
// TODO: fxa auth
if (!dlimit || dlimit > config.max_downloads) {
if (!dlimit || dlimit > max) {
return res.sendStatus(400);
}