changed 'claim' to 'name' and added validation
This commit is contained in:
bill bittner
parent
9867969a65
commit
ae5711837a
3 changed files with 50 additions and 14 deletions
16
README.md
16
README.md
|
|
@ -44,14 +44,18 @@ spee.ch is a single-serving site that reads and publishes images to and from the
|
||||||
* /api/publish
|
* /api/publish
|
||||||
* request parameters:
|
* request parameters:
|
||||||
* body (form-data):
|
* body (form-data):
|
||||||
* claim: string (optional, defults to the file's name sans extension)
|
* name: string (optional)
|
||||||
* license: string (optional, defaults to "No License Provided")
|
* defaults to the file's name, sans extension
|
||||||
* nsfw: string ("on"/"off") or boolean (true/false). (optional, defaults `true`)
|
* names can only contain the following characters: `A-Z`, `a-z`, `_`, or `-`
|
||||||
|
* license: string (optional)
|
||||||
|
* defaults to "No License Provided"
|
||||||
|
* only "Public Domain" or "Creative Commons" licenses are allowed
|
||||||
|
* nsfw: string or boolean (optional)
|
||||||
|
* defaults `true`
|
||||||
|
* nsfw can be a string ("on"/"off") or boolean (`true`/`false`)
|
||||||
* files:
|
* files:
|
||||||
* (the `files` object submitted must use "file1" or "null" as the key for the file's value object)
|
* the `files` object submitted must use "speech" or "null" as the key for the file's value object
|
||||||
* a successfull request will return the transaction details resulting from your published claim in JSON format
|
* a successfull request will return the transaction details resulting from your published claim in JSON format
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
## bugs
|
## bugs
|
||||||
If you find a bug or experience a problem, please report your issue here on github and find us in the lbry slack!
|
If you find a bug or experience a problem, please report your issue here on github and find us in the lbry slack!
|
||||||
|
|
|
||||||
|
|
@ -7,12 +7,16 @@ module.exports = {
|
||||||
createPublishParams (name, filePath, license, nsfw) {
|
createPublishParams (name, filePath, license, nsfw) {
|
||||||
logger.debug(`Creating Publish Parameters for "${name}"`);
|
logger.debug(`Creating Publish Parameters for "${name}"`);
|
||||||
// ensure nsfw is a boolean
|
// ensure nsfw is a boolean
|
||||||
if (nsfw.toLowerCase === 'true') {
|
if (nsfw.toLowerCase === 'false') {
|
||||||
nsfw = true;
|
|
||||||
} else if (nsfw.toLowerCase === 'on') {
|
|
||||||
nsfw = true;
|
|
||||||
} else {
|
|
||||||
nsfw = false;
|
nsfw = false;
|
||||||
|
} else if (nsfw.toLowerCase === 'off') {
|
||||||
|
nsfw = false;
|
||||||
|
} else if (nsfw === 0) {
|
||||||
|
nsfw = false;
|
||||||
|
} else if (nsfw === '0') {
|
||||||
|
nsfw = false;
|
||||||
|
} else {
|
||||||
|
nsfw = true;
|
||||||
}
|
}
|
||||||
const publishParams = {
|
const publishParams = {
|
||||||
name,
|
name,
|
||||||
|
|
|
||||||
|
|
@ -34,14 +34,42 @@ module.exports = app => {
|
||||||
// route to run a publish request on the daemon
|
// route to run a publish request on the daemon
|
||||||
app.post('/api/publish', multipartMiddleware, ({ originalUrl, body, files }, res) => {
|
app.post('/api/publish', multipartMiddleware, ({ originalUrl, body, files }, res) => {
|
||||||
logger.debug(`POST request on ${originalUrl}`);
|
logger.debug(`POST request on ${originalUrl}`);
|
||||||
const file = files.thumbnail || files.null;
|
// validate that a file was provided (note: need to validate it is not a potentially harmful file type)
|
||||||
|
const file = files.speech || files.null;
|
||||||
if (!file) {
|
if (!file) {
|
||||||
res.status(400).send('error: No file was submitted or the key used was incorrect. Files posted through this route must use a key of "thumbnail" or null');
|
res.status(400).send('Error: No file was submitted or the key used was incorrect. Files posted through this route must use a key of "speech" or null');
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
const name = body.claim || file.name.substring(0, file.name.indexOf('.'));
|
// validate name
|
||||||
|
const name = body.name || file.name.substring(0, file.name.indexOf('.'));
|
||||||
|
const invalidCharacters = /[^\w,-]/.exec(name);
|
||||||
|
if (invalidCharacters) {
|
||||||
|
res.status(400).send('Error: The name you provided is not allowed. Please use A-Z, a-z, 0-9, "_" and "-" only.');
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
// validate license
|
||||||
const license = body.license || 'No License Provided';
|
const license = body.license || 'No License Provided';
|
||||||
|
if ((license.indexOf('Public Domain') === -1) && (license.indexOf('Creative Commons') === -1)) {
|
||||||
|
res.status(400).send('Error: Only posts with a license of "Public Domain" or "Creative Commons" are eligible for publishing through spee.ch');
|
||||||
|
return;
|
||||||
|
}
|
||||||
const nsfw = body.nsfw || true;
|
const nsfw = body.nsfw || true;
|
||||||
|
switch (nsfw) {
|
||||||
|
case true:
|
||||||
|
case false:
|
||||||
|
case 'true':
|
||||||
|
case 'false':
|
||||||
|
case 'on':
|
||||||
|
case 'off':
|
||||||
|
case 0:
|
||||||
|
case '0':
|
||||||
|
case 1:
|
||||||
|
case '1':
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
res.status(400).send('Error: NSFW value was not accepted. NSFW must be set to either true, false, "on", or "off"');
|
||||||
|
return;
|
||||||
|
}
|
||||||
const fileName = file.name;
|
const fileName = file.name;
|
||||||
const filePath = file.path;
|
const filePath = file.path;
|
||||||
const fileType = file.type;
|
const fileType = file.type;
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue