changed 'claim' to 'name' and added validation

This commit is contained in:
bill bittner 2017-06-26 19:26:37 -07:00
parent 9867969a65
commit ae5711837a
3 changed files with 50 additions and 14 deletions

View file

@ -44,14 +44,18 @@ spee.ch is a single-serving site that reads and publishes images to and from the
* /api/publish
* request parameters:
* body (form-data):
* claim: string (optional, defults to the file's name sans extension)
* license: string (optional, defaults to "No License Provided")
* nsfw: string ("on"/"off") or boolean (true/false). (optional, defaults `true`)
* name: string (optional)
* defaults to the file's name, sans extension
* names can only contain the following characters: `A-Z`, `a-z`, `_`, or `-`
* license: string (optional)
* defaults to "No License Provided"
* only "Public Domain" or "Creative Commons" licenses are allowed
* nsfw: string or boolean (optional)
* defaults `true`
* nsfw can be a string ("on"/"off") or boolean (`true`/`false`)
* files:
* (the `files` object submitted must use "file1" or "null" as the key for the file's value object)
* the `files` object submitted must use "speech" or "null" as the key for the file's value object
* a successfull request will return the transaction details resulting from your published claim in JSON format
## bugs
If you find a bug or experience a problem, please report your issue here on github and find us in the lbry slack!

View file

@ -7,12 +7,16 @@ module.exports = {
createPublishParams (name, filePath, license, nsfw) {
logger.debug(`Creating Publish Parameters for "${name}"`);
// ensure nsfw is a boolean
if (nsfw.toLowerCase === 'true') {
nsfw = true;
} else if (nsfw.toLowerCase === 'on') {
nsfw = true;
} else {
if (nsfw.toLowerCase === 'false') {
nsfw = false;
} else if (nsfw.toLowerCase === 'off') {
nsfw = false;
} else if (nsfw === 0) {
nsfw = false;
} else if (nsfw === '0') {
nsfw = false;
} else {
nsfw = true;
}
const publishParams = {
name,

View file

@ -34,14 +34,42 @@ module.exports = app => {
// route to run a publish request on the daemon
app.post('/api/publish', multipartMiddleware, ({ originalUrl, body, files }, res) => {
logger.debug(`POST request on ${originalUrl}`);
const file = files.thumbnail || files.null;
// validate that a file was provided (note: need to validate it is not a potentially harmful file type)
const file = files.speech || files.null;
if (!file) {
res.status(400).send('error: No file was submitted or the key used was incorrect. Files posted through this route must use a key of "thumbnail" or null');
res.status(400).send('Error: No file was submitted or the key used was incorrect. Files posted through this route must use a key of "speech" or null');
return;
}
const name = body.claim || file.name.substring(0, file.name.indexOf('.'));
// validate name
const name = body.name || file.name.substring(0, file.name.indexOf('.'));
const invalidCharacters = /[^\w,-]/.exec(name);
if (invalidCharacters) {
res.status(400).send('Error: The name you provided is not allowed. Please use A-Z, a-z, 0-9, "_" and "-" only.');
return;
}
// validate license
const license = body.license || 'No License Provided';
if ((license.indexOf('Public Domain') === -1) && (license.indexOf('Creative Commons') === -1)) {
res.status(400).send('Error: Only posts with a license of "Public Domain" or "Creative Commons" are eligible for publishing through spee.ch');
return;
}
const nsfw = body.nsfw || true;
switch (nsfw) {
case true:
case false:
case 'true':
case 'false':
case 'on':
case 'off':
case 0:
case '0':
case 1:
case '1':
break;
default:
res.status(400).send('Error: NSFW value was not accepted. NSFW must be set to either true, false, "on", or "off"');
return;
}
const fileName = file.name;
const filePath = file.path;
const fileType = file.type;