updated authentication for publish api

This commit is contained in:
bill bittner 2017-12-15 10:26:51 -08:00
parent 604d3d91e5
commit 94c2fcca4c
3 changed files with 6 additions and 7 deletions

View file

@ -34,9 +34,9 @@ module.exports = {
});
});
},
authenticateOrSkip (skipAuth, channelName, channelPassword) {
authenticateIfNoUserToken (channelName, channelPassword, user) {
return new Promise((resolve, reject) => {
if (skipAuth) {
if (user) {
return resolve(true);
}
return resolve(module.exports.authenticateChannelCredentials(channelName, channelPassword));

View file

@ -68,7 +68,6 @@ module.exports = {
// ensure it is the same channel and get the password
if (user) {
channelName = user.channelName;
channelPassword = user.channelPassword;
} ;
// add the @ if the channel name is missing it
if (channelName.indexOf('@') !== 0) {

View file

@ -7,7 +7,7 @@ const { checkClaimNameAvailability, checkChannelAvailability, publish } = requir
const { getClaimList, resolveUri, getClaim } = require('../helpers/lbryApi.js');
const { createPublishParams, parsePublishApiRequestBody, parsePublishApiRequestFiles, parsePublishApiChannel } = require('../helpers/publishHelpers.js');
const errorHandlers = require('../helpers/errorHandlers.js');
const { authenticateOrSkip } = require('../auth/authentication.js');
const { authenticateIfNoUserToken } = require('../auth/authentication.js');
function addGetResultsToFileData (fileInfo, getResult) {
fileInfo.fileName = getResult.file_name;
@ -125,20 +125,20 @@ module.exports = (app) => {
});
// route to run a publish request on the daemon
app.post('/api/claim-publish', multipartMiddleware, ({ body, files, ip, originalUrl, user }, res) => {
let name, fileName, filePath, fileType, nsfw, license, title, description, thumbnail, anonymous, channelName, channelPassword;
let name, fileName, filePath, fileType, nsfw, license, title, description, thumbnail, channelName, channelPassword;
// validate the body and files of the request
try {
// validateApiPublishRequest(body, files);
({name, nsfw, license, title, description, thumbnail} = parsePublishApiRequestBody(body));
({fileName, filePath, fileType} = parsePublishApiRequestFiles(files));
({anonymous, channelName, channelPassword} = parsePublishApiChannel(body, user));
({channelName, channelPassword} = parsePublishApiChannel(body, user));
} catch (error) {
logger.debug('publish request rejected, insufficient request parameters');
return res.status(400).json({success: false, message: error.message});
}
logger.debug(`/api/publish > name: ${name}, license: ${license} title: "${title}" description: "${description}" channelName: "${channelName}" channelPassword: "${channelPassword}" nsfw: "${nsfw}"`);
// check channel authorization
authenticateOrSkip(anonymous, channelName, channelPassword)
authenticateIfNoUserToken(channelName, channelPassword, user)
.then(authenticated => {
if (!authenticated) {
throw new Error('Authentication failed, you do not have access to that channel');