updating channel check functions

This commit is contained in:
bill bittner 2017-12-11 11:22:59 -08:00
parent 75fac0e594
commit aafade848e
3 changed files with 30 additions and 33 deletions

View file

@ -57,27 +57,12 @@ module.exports = {
}; };
}, },
parsePublishApiChannel ({channelName, channelPassword}, user) { parsePublishApiChannel ({channelName, channelPassword}, user) {
// anonymous if no channel name provided
let anonymous = (channelName === null || channelName === undefined || channelName === ''); let anonymous = (channelName === null || channelName === undefined || channelName === '');
// if a channel name is provided, get password from the user token
if (user) { if (user) {
channelName = user.channelName || null; channelPassword = user.channelPassword;
} else { } ;
channelName = channelName || null;
}
channelPassword = channelPassword || null;
let skipAuth = false;
// case 1: publish from spee.ch, client logged in
if (user) {
skipAuth = true;
if (anonymous) {
channelName = null;
}
// case 2: publish from api or spee.ch, client not logged in
} else {
if (anonymous) {
skipAuth = true;
channelName = null;
}
}
// cleanse channel name // cleanse channel name
if (channelName) { if (channelName) {
if (channelName.indexOf('@') !== 0) { if (channelName.indexOf('@') !== 0) {
@ -85,9 +70,9 @@ module.exports = {
} }
} }
return { return {
anonymous,
channelName, channelName,
channelPassword, channelPassword,
skipAuth,
}; };
}, },
validateFileTypeAndSize (file) { validateFileTypeAndSize (file) {

View file

@ -73,21 +73,20 @@ module.exports = (app) => {
}); });
// route to run a publish request on the daemon // route to run a publish request on the daemon
app.post('/api/publish', multipartMiddleware, ({ body, files, ip, originalUrl, user }, res) => { app.post('/api/publish', multipartMiddleware, ({ body, files, ip, originalUrl, user }, res) => {
let name, fileName, filePath, fileType, nsfw, license, title, description, thumbnail, skipAuth, channelName, channelPassword; let name, fileName, filePath, fileType, nsfw, license, title, description, thumbnail, anonymous, channelName, channelPassword;
// validate the body and files of the request // validate the body and files of the request
try { try {
// validateApiPublishRequest(body, files); // validateApiPublishRequest(body, files);
({name, nsfw, license, title, description, thumbnail} = parsePublishApiRequestBody(body)); ({name, nsfw, license, title, description, thumbnail} = parsePublishApiRequestBody(body));
({fileName, filePath, fileType} = parsePublishApiRequestFiles(files)); ({fileName, filePath, fileType} = parsePublishApiRequestFiles(files));
({channelName, channelPassword, skipAuth} = parsePublishApiChannel(body, user)); ({anonymous, channelName, channelPassword} = parsePublishApiChannel(body, user));
} catch (error) { } catch (error) {
logger.debug('publish request rejected, insufficient request parameters'); logger.debug('publish request rejected, insufficient request parameters');
return res.status(400).json({success: false, message: error.message}); return res.status(400).json({success: false, message: error.message});
} }
logger.debug(`/api/publish > name: ${name}, license: ${license} title: "${title}" description: "${description}" channelName: "${channelName}" channelPassword: "${channelPassword}" nsfw: "${nsfw}"`); logger.debug(`/api/publish > name: ${name}, license: ${license} title: "${title}" description: "${description}" channelName: "${channelName}" channelPassword: "${channelPassword}" nsfw: "${nsfw}"`);
// check channel authorization // check channel authorization
authenticateOrSkip(skipAuth, channelName, channelPassword) authenticateOrSkip(anonymous, channelName, channelPassword)
.then(authenticated => { .then(authenticated => {
if (!authenticated) { if (!authenticated) {
throw new Error('Authentication failed, you do not have access to that channel'); throw new Error('Authentication failed, you do not have access to that channel');

View file

@ -1,14 +1,6 @@
const assert = require('assert'); const assert = require('assert');
describe('Array', function () { describe('api', function () {
describe('indexOf()', function () {
it('should return -1 when the value is not present', function () {
assert.equal(-1, [1, 2, 3].indexOf(4));
});
});
});
describe('controllers', function () {
describe('api/publish', function () { describe('api/publish', function () {
describe('publishHelpers.js', function () { describe('publishHelpers.js', function () {
const publishHelpers = require('../helpers/publishHelpers.js'); const publishHelpers = require('../helpers/publishHelpers.js');
@ -71,6 +63,27 @@ describe('controllers', function () {
assert.doesNotThrow(publishHelpers.parsePublishApiRequestFiles.bind(this, filesNoProblems), Error); assert.doesNotThrow(publishHelpers.parsePublishApiRequestFiles.bind(this, filesNoProblems), Error);
}); });
}); });
describe('#parsePublishApiChannel()', function () {
it('should return a channel name if one is provided', function () {
// assert.throws(publishHelpers.parsePublishApiRequestFiles.bind(this, null), Error);
});
it('should return a password if one is provided', function () {
// assert.throws(publishHelpers.parsePublishApiRequestFiles.bind(this, filesNoFile), Error);
});
it('should return a channel name if one is provided in req.user', function () {
// assert.throws(publishHelpers.parsePublishApiRequestFiles.bind(this, filesTooBig), Error);
});
it('should return a password if one is provided in req.user', function () {
// assert.throws(publishHelpers.parsePublishApiRequestFiles.bind(this, filesNoProblems), Error);
});
it('should return anonymous === true if meant to be anonymous even if req.user is filled', function () {
// assert.throws(publishHelpers.parsePublishApiRequestFiles.bind(this, filesNoProblems), Error);
});
it('should return anonymous === false a channel is provided', function () {
// assert.throws(publishHelpers.parsePublishApiRequestFiles.bind(this, filesNoProblems), Error);
});
});
}); });
}); });
}); });