LBRYCommunity/spee.ch
1
0
Fork 0
Code Issues 95 Pull requests 2 Projects Releases 4 Packages Wiki Activity

updated authentication for publish api

Browse source
This commit is contained in:
bill bittner 2017-12-15 10:26:51 -08:00
parent 604d3d91e5
commit 94c2fcca4c
3 changed files with 6 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
auth/authentication.js
View file

@ -34,9 +34,9 @@ module.exports = {
}); });
}); });
}, },
authenticateOrSkip (skipAuth, channelName, channelPassword) { authenticateIfNoUserToken (channelName, channelPassword, user) {
return new Promise((resolve, reject) => { return new Promise((resolve, reject) => {
if (skipAuth) { if (user) {
return resolve(true); return resolve(true);
} }
return resolve(module.exports.authenticateChannelCredentials(channelName, channelPassword)); return resolve(module.exports.authenticateChannelCredentials(channelName, channelPassword));

1
helpers/publishHelpers.js
View file

@ -68,7 +68,6 @@ module.exports = {
// ensure it is the same channel and get the password // ensure it is the same channel and get the password
if (user) { if (user) {
channelName = user.channelName; channelName = user.channelName;
channelPassword = user.channelPassword;
} ; } ;
// add the @ if the channel name is missing it // add the @ if the channel name is missing it
if (channelName.indexOf('@') !== 0) { if (channelName.indexOf('@') !== 0) {

8
routes/api-routes.js
View file

@ -7,7 +7,7 @@ const { checkClaimNameAvailability, checkChannelAvailability, publish } = requir
const { getClaimList, resolveUri, getClaim } = require('../helpers/lbryApi.js'); const { getClaimList, resolveUri, getClaim } = require('../helpers/lbryApi.js');
const { createPublishParams, parsePublishApiRequestBody, parsePublishApiRequestFiles, parsePublishApiChannel } = require('../helpers/publishHelpers.js'); const { createPublishParams, parsePublishApiRequestBody, parsePublishApiRequestFiles, parsePublishApiChannel } = require('../helpers/publishHelpers.js');
const errorHandlers = require('../helpers/errorHandlers.js'); const errorHandlers = require('../helpers/errorHandlers.js');
const { authenticateOrSkip } = require('../auth/authentication.js'); const { authenticateIfNoUserToken } = require('../auth/authentication.js');
function addGetResultsToFileData (fileInfo, getResult) { function addGetResultsToFileData (fileInfo, getResult) {
fileInfo.fileName = getResult.file_name; fileInfo.fileName = getResult.file_name;
@ -125,20 +125,20 @@ module.exports = (app) => {
}); });
// route to run a publish request on the daemon // route to run a publish request on the daemon
app.post('/api/claim-publish', multipartMiddleware, ({ body, files, ip, originalUrl, user }, res) => { app.post('/api/claim-publish', multipartMiddleware, ({ body, files, ip, originalUrl, user }, res) => {
let name, fileName, filePath, fileType, nsfw, license, title, description, thumbnail, anonymous, channelName, channelPassword; let name, fileName, filePath, fileType, nsfw, license, title, description, thumbnail, channelName, channelPassword;
// validate the body and files of the request // validate the body and files of the request
try { try {
// validateApiPublishRequest(body, files); // validateApiPublishRequest(body, files);
({name, nsfw, license, title, description, thumbnail} = parsePublishApiRequestBody(body)); ({name, nsfw, license, title, description, thumbnail} = parsePublishApiRequestBody(body));
({fileName, filePath, fileType} = parsePublishApiRequestFiles(files)); ({fileName, filePath, fileType} = parsePublishApiRequestFiles(files));
({anonymous, channelName, channelPassword} = parsePublishApiChannel(body, user)); ({channelName, channelPassword} = parsePublishApiChannel(body, user));
} catch (error) { } catch (error) {
logger.debug('publish request rejected, insufficient request parameters'); logger.debug('publish request rejected, insufficient request parameters');
return res.status(400).json({success: false, message: error.message}); return res.status(400).json({success: false, message: error.message});
} }
logger.debug(`/api/publish > name: ${name}, license: ${license} title: "${title}" description: "${description}" channelName: "${channelName}" channelPassword: "${channelPassword}" nsfw: "${nsfw}"`); logger.debug(`/api/publish > name: ${name}, license: ${license} title: "${title}" description: "${description}" channelName: "${channelName}" channelPassword: "${channelPassword}" nsfw: "${nsfw}"`);
// check channel authorization // check channel authorization
authenticateOrSkip(anonymous, channelName, channelPassword) authenticateIfNoUserToken(channelName, channelPassword, user)
.then(authenticated => { .then(authenticated => {
if (!authenticated) { if (!authenticated) {
throw new Error('Authentication failed, you do not have access to that channel'); throw new Error('Authentication failed, you do not have access to that channel');