updated authentication for publish api

2017-12-15 10:26:51 -08:00 · 2017-12-15 10:26:51 -08:00 · 94c2fcca4c
commit 94c2fcca4c
parent 604d3d91e5
3 changed files with 6 additions and 7 deletions
--- a/auth/authentication.js
+++ b/auth/authentication.js
@ -34,9 +34,9 @@ module.exports = {
          });
    });
  },
-  authenticateOrSkip (skipAuth, channelName, channelPassword) {
+  authenticateIfNoUserToken (channelName, channelPassword, user) {
    return new Promise((resolve, reject) => {
-      if (skipAuth) {
+      if (user) {
        return resolve(true);
      }
      return resolve(module.exports.authenticateChannelCredentials(channelName, channelPassword));
--- a/helpers/publishHelpers.js
+++ b/helpers/publishHelpers.js
@ -68,7 +68,6 @@ module.exports = {
      // ensure it is the same channel and get the password
      if (user) {
        channelName = user.channelName;
-        channelPassword = user.channelPassword;
      } ;
      // add the @ if the channel name is missing it
      if (channelName.indexOf('@') !== 0) {
--- a/routes/api-routes.js
+++ b/routes/api-routes.js
@ -7,7 +7,7 @@ const { checkClaimNameAvailability, checkChannelAvailability, publish } = requir
 const { getClaimList, resolveUri, getClaim } = require('../helpers/lbryApi.js');
 const { createPublishParams, parsePublishApiRequestBody, parsePublishApiRequestFiles, parsePublishApiChannel } = require('../helpers/publishHelpers.js');
 const errorHandlers = require('../helpers/errorHandlers.js');
-const { authenticateOrSkip } = require('../auth/authentication.js');
+const { authenticateIfNoUserToken } = require('../auth/authentication.js');

 function addGetResultsToFileData (fileInfo, getResult) {
  fileInfo.fileName = getResult.file_name;
@ -125,20 +125,20 @@ module.exports = (app) => {
  });
  // route to run a publish request on the daemon
  app.post('/api/claim-publish', multipartMiddleware, ({ body, files, ip, originalUrl, user }, res) => {
-    let  name, fileName, filePath, fileType, nsfw, license, title, description, thumbnail, anonymous, channelName, channelPassword;
+    let  name, fileName, filePath, fileType, nsfw, license, title, description, thumbnail, channelName, channelPassword;
    // validate the body and files of the request
    try {
      // validateApiPublishRequest(body, files);
      ({name, nsfw, license, title, description, thumbnail} = parsePublishApiRequestBody(body));
      ({fileName, filePath, fileType} = parsePublishApiRequestFiles(files));
-      ({anonymous, channelName, channelPassword} = parsePublishApiChannel(body, user));
+      ({channelName, channelPassword} = parsePublishApiChannel(body, user));
    } catch (error) {
      logger.debug('publish request rejected, insufficient request parameters');
      return res.status(400).json({success: false, message: error.message});
    }
    logger.debug(`/api/publish > name: ${name}, license: ${license} title: "${title}" description: "${description}" channelName: "${channelName}" channelPassword: "${channelPassword}" nsfw: "${nsfw}"`);
    // check channel authorization
-    authenticateOrSkip(anonymous, channelName, channelPassword)
+    authenticateIfNoUserToken(channelName, channelPassword, user)
    .then(authenticated => {
      if (!authenticated) {
        throw new Error('Authentication failed, you do not have access to that channel');