updating channel check functions
This commit is contained in:
bill bittner
parent
75fac0e594
commit
aafade848e
3 changed files with 30 additions and 33 deletions
|
|
@ -57,27 +57,12 @@ module.exports = {
|
||||||
};
|
};
|
||||||
},
|
},
|
||||||
parsePublishApiChannel ({channelName, channelPassword}, user) {
|
parsePublishApiChannel ({channelName, channelPassword}, user) {
|
||||||
|
// anonymous if no channel name provided
|
||||||
let anonymous = (channelName === null || channelName === undefined || channelName === '');
|
let anonymous = (channelName === null || channelName === undefined || channelName === '');
|
||||||
|
// if a channel name is provided, get password from the user token
|
||||||
if (user) {
|
if (user) {
|
||||||
channelName = user.channelName || null;
|
channelPassword = user.channelPassword;
|
||||||
} else {
|
} ;
|
||||||
channelName = channelName || null;
|
|
||||||
}
|
|
||||||
channelPassword = channelPassword || null;
|
|
||||||
let skipAuth = false;
|
|
||||||
// case 1: publish from spee.ch, client logged in
|
|
||||||
if (user) {
|
|
||||||
skipAuth = true;
|
|
||||||
if (anonymous) {
|
|
||||||
channelName = null;
|
|
||||||
}
|
|
||||||
// case 2: publish from api or spee.ch, client not logged in
|
|
||||||
} else {
|
|
||||||
if (anonymous) {
|
|
||||||
skipAuth = true;
|
|
||||||
channelName = null;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
// cleanse channel name
|
// cleanse channel name
|
||||||
if (channelName) {
|
if (channelName) {
|
||||||
if (channelName.indexOf('@') !== 0) {
|
if (channelName.indexOf('@') !== 0) {
|
||||||
|
|
@ -85,9 +70,9 @@ module.exports = {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return {
|
return {
|
||||||
|
anonymous,
|
||||||
channelName,
|
channelName,
|
||||||
channelPassword,
|
channelPassword,
|
||||||
skipAuth,
|
|
||||||
};
|
};
|
||||||
},
|
},
|
||||||
validateFileTypeAndSize (file) {
|
validateFileTypeAndSize (file) {
|
||||||
|
|
|
||||||
|
|
@ -73,21 +73,20 @@ module.exports = (app) => {
|
||||||
});
|
});
|
||||||
// route to run a publish request on the daemon
|
// route to run a publish request on the daemon
|
||||||
app.post('/api/publish', multipartMiddleware, ({ body, files, ip, originalUrl, user }, res) => {
|
app.post('/api/publish', multipartMiddleware, ({ body, files, ip, originalUrl, user }, res) => {
|
||||||
let name, fileName, filePath, fileType, nsfw, license, title, description, thumbnail, skipAuth, channelName, channelPassword;
|
let name, fileName, filePath, fileType, nsfw, license, title, description, thumbnail, anonymous, channelName, channelPassword;
|
||||||
// validate the body and files of the request
|
// validate the body and files of the request
|
||||||
try {
|
try {
|
||||||
// validateApiPublishRequest(body, files);
|
// validateApiPublishRequest(body, files);
|
||||||
({name, nsfw, license, title, description, thumbnail} = parsePublishApiRequestBody(body));
|
({name, nsfw, license, title, description, thumbnail} = parsePublishApiRequestBody(body));
|
||||||
({fileName, filePath, fileType} = parsePublishApiRequestFiles(files));
|
({fileName, filePath, fileType} = parsePublishApiRequestFiles(files));
|
||||||
({channelName, channelPassword, skipAuth} = parsePublishApiChannel(body, user));
|
({anonymous, channelName, channelPassword} = parsePublishApiChannel(body, user));
|
||||||
} catch (error) {
|
} catch (error) {
|
||||||
logger.debug('publish request rejected, insufficient request parameters');
|
logger.debug('publish request rejected, insufficient request parameters');
|
||||||
return res.status(400).json({success: false, message: error.message});
|
return res.status(400).json({success: false, message: error.message});
|
||||||
}
|
}
|
||||||
|
|
||||||
logger.debug(`/api/publish > name: ${name}, license: ${license} title: "${title}" description: "${description}" channelName: "${channelName}" channelPassword: "${channelPassword}" nsfw: "${nsfw}"`);
|
logger.debug(`/api/publish > name: ${name}, license: ${license} title: "${title}" description: "${description}" channelName: "${channelName}" channelPassword: "${channelPassword}" nsfw: "${nsfw}"`);
|
||||||
// check channel authorization
|
// check channel authorization
|
||||||
authenticateOrSkip(skipAuth, channelName, channelPassword)
|
authenticateOrSkip(anonymous, channelName, channelPassword)
|
||||||
.then(authenticated => {
|
.then(authenticated => {
|
||||||
if (!authenticated) {
|
if (!authenticated) {
|
||||||
throw new Error('Authentication failed, you do not have access to that channel');
|
throw new Error('Authentication failed, you do not have access to that channel');
|
||||||
|
|
|
||||||
|
|
@ -1,14 +1,6 @@
|
||||||
const assert = require('assert');
|
const assert = require('assert');
|
||||||
|
|
||||||
describe('Array', function () {
|
describe('api', function () {
|
||||||
describe('indexOf()', function () {
|
|
||||||
it('should return -1 when the value is not present', function () {
|
|
||||||
assert.equal(-1, [1, 2, 3].indexOf(4));
|
|
||||||
});
|
|
||||||
});
|
|
||||||
});
|
|
||||||
|
|
||||||
describe('controllers', function () {
|
|
||||||
describe('api/publish', function () {
|
describe('api/publish', function () {
|
||||||
describe('publishHelpers.js', function () {
|
describe('publishHelpers.js', function () {
|
||||||
const publishHelpers = require('../helpers/publishHelpers.js');
|
const publishHelpers = require('../helpers/publishHelpers.js');
|
||||||
|
|
@ -71,6 +63,27 @@ describe('controllers', function () {
|
||||||
assert.doesNotThrow(publishHelpers.parsePublishApiRequestFiles.bind(this, filesNoProblems), Error);
|
assert.doesNotThrow(publishHelpers.parsePublishApiRequestFiles.bind(this, filesNoProblems), Error);
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
|
describe('#parsePublishApiChannel()', function () {
|
||||||
|
it('should return a channel name if one is provided', function () {
|
||||||
|
// assert.throws(publishHelpers.parsePublishApiRequestFiles.bind(this, null), Error);
|
||||||
|
});
|
||||||
|
it('should return a password if one is provided', function () {
|
||||||
|
// assert.throws(publishHelpers.parsePublishApiRequestFiles.bind(this, filesNoFile), Error);
|
||||||
|
});
|
||||||
|
it('should return a channel name if one is provided in req.user', function () {
|
||||||
|
// assert.throws(publishHelpers.parsePublishApiRequestFiles.bind(this, filesTooBig), Error);
|
||||||
|
});
|
||||||
|
it('should return a password if one is provided in req.user', function () {
|
||||||
|
// assert.throws(publishHelpers.parsePublishApiRequestFiles.bind(this, filesNoProblems), Error);
|
||||||
|
});
|
||||||
|
it('should return anonymous === true if meant to be anonymous even if req.user is filled', function () {
|
||||||
|
// assert.throws(publishHelpers.parsePublishApiRequestFiles.bind(this, filesNoProblems), Error);
|
||||||
|
});
|
||||||
|
it('should return anonymous === false a channel is provided', function () {
|
||||||
|
// assert.throws(publishHelpers.parsePublishApiRequestFiles.bind(this, filesNoProblems), Error);
|
||||||
|
});
|
||||||
|
});
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue