updating channel check functions
This commit is contained in:
bill bittner
parent
75fac0e594
commit
aafade848e
3 changed files with 30 additions and 33 deletions
|
|
@ -57,27 +57,12 @@ module.exports = {
|
|||
};
|
||||
},
|
||||
parsePublishApiChannel ({channelName, channelPassword}, user) {
|
||||
// anonymous if no channel name provided
|
||||
let anonymous = (channelName === null || channelName === undefined || channelName === '');
|
||||
// if a channel name is provided, get password from the user token
|
||||
if (user) {
|
||||
channelName = user.channelName || null;
|
||||
} else {
|
||||
channelName = channelName || null;
|
||||
}
|
||||
channelPassword = channelPassword || null;
|
||||
let skipAuth = false;
|
||||
// case 1: publish from spee.ch, client logged in
|
||||
if (user) {
|
||||
skipAuth = true;
|
||||
if (anonymous) {
|
||||
channelName = null;
|
||||
}
|
||||
// case 2: publish from api or spee.ch, client not logged in
|
||||
} else {
|
||||
if (anonymous) {
|
||||
skipAuth = true;
|
||||
channelName = null;
|
||||
}
|
||||
}
|
||||
channelPassword = user.channelPassword;
|
||||
} ;
|
||||
// cleanse channel name
|
||||
if (channelName) {
|
||||
if (channelName.indexOf('@') !== 0) {
|
||||
|
|
@ -85,9 +70,9 @@ module.exports = {
|
|||
}
|
||||
}
|
||||
return {
|
||||
anonymous,
|
||||
channelName,
|
||||
channelPassword,
|
||||
skipAuth,
|
||||
};
|
||||
},
|
||||
validateFileTypeAndSize (file) {
|
||||
|
|
|
|||
|
|
@ -73,21 +73,20 @@ module.exports = (app) => {
|
|||
});
|
||||
// route to run a publish request on the daemon
|
||||
app.post('/api/publish', multipartMiddleware, ({ body, files, ip, originalUrl, user }, res) => {
|
||||
let name, fileName, filePath, fileType, nsfw, license, title, description, thumbnail, skipAuth, channelName, channelPassword;
|
||||
let name, fileName, filePath, fileType, nsfw, license, title, description, thumbnail, anonymous, channelName, channelPassword;
|
||||
// validate the body and files of the request
|
||||
try {
|
||||
// validateApiPublishRequest(body, files);
|
||||
({name, nsfw, license, title, description, thumbnail} = parsePublishApiRequestBody(body));
|
||||
({fileName, filePath, fileType} = parsePublishApiRequestFiles(files));
|
||||
({channelName, channelPassword, skipAuth} = parsePublishApiChannel(body, user));
|
||||
({anonymous, channelName, channelPassword} = parsePublishApiChannel(body, user));
|
||||
} catch (error) {
|
||||
logger.debug('publish request rejected, insufficient request parameters');
|
||||
return res.status(400).json({success: false, message: error.message});
|
||||
}
|
||||
|
||||
logger.debug(`/api/publish > name: ${name}, license: ${license} title: "${title}" description: "${description}" channelName: "${channelName}" channelPassword: "${channelPassword}" nsfw: "${nsfw}"`);
|
||||
// check channel authorization
|
||||
authenticateOrSkip(skipAuth, channelName, channelPassword)
|
||||
authenticateOrSkip(anonymous, channelName, channelPassword)
|
||||
.then(authenticated => {
|
||||
if (!authenticated) {
|
||||
throw new Error('Authentication failed, you do not have access to that channel');
|
||||
|
|
|
|||
|
|
@ -1,14 +1,6 @@
|
|||
const assert = require('assert');
|
||||
|
||||
describe('Array', function () {
|
||||
describe('indexOf()', function () {
|
||||
it('should return -1 when the value is not present', function () {
|
||||
assert.equal(-1, [1, 2, 3].indexOf(4));
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
describe('controllers', function () {
|
||||
describe('api', function () {
|
||||
describe('api/publish', function () {
|
||||
describe('publishHelpers.js', function () {
|
||||
const publishHelpers = require('../helpers/publishHelpers.js');
|
||||
|
|
@ -71,6 +63,27 @@ describe('controllers', function () {
|
|||
assert.doesNotThrow(publishHelpers.parsePublishApiRequestFiles.bind(this, filesNoProblems), Error);
|
||||
});
|
||||
});
|
||||
|
||||
describe('#parsePublishApiChannel()', function () {
|
||||
it('should return a channel name if one is provided', function () {
|
||||
// assert.throws(publishHelpers.parsePublishApiRequestFiles.bind(this, null), Error);
|
||||
});
|
||||
it('should return a password if one is provided', function () {
|
||||
// assert.throws(publishHelpers.parsePublishApiRequestFiles.bind(this, filesNoFile), Error);
|
||||
});
|
||||
it('should return a channel name if one is provided in req.user', function () {
|
||||
// assert.throws(publishHelpers.parsePublishApiRequestFiles.bind(this, filesTooBig), Error);
|
||||
});
|
||||
it('should return a password if one is provided in req.user', function () {
|
||||
// assert.throws(publishHelpers.parsePublishApiRequestFiles.bind(this, filesNoProblems), Error);
|
||||
});
|
||||
it('should return anonymous === true if meant to be anonymous even if req.user is filled', function () {
|
||||
// assert.throws(publishHelpers.parsePublishApiRequestFiles.bind(this, filesNoProblems), Error);
|
||||
});
|
||||
it('should return anonymous === false a channel is provided', function () {
|
||||
// assert.throws(publishHelpers.parsePublishApiRequestFiles.bind(this, filesNoProblems), Error);
|
||||
});
|
||||
});
|
||||
});
|
||||
});
|
||||
});
|
||||
|
|
|
|||
Loading…
Reference in a new issue