412 blocked content #428

Merged
bones7242 merged 13 commits from 412-blocked_content into master 2018-05-01 01:07:59 +02:00
13 changed files with 90 additions and 91 deletions
Showing only changes of commit 060af3a957 - Show all commits

View file

@ -1,74 +0,0 @@
const logger = require('winston');
const db = require('../models');
module.exports = {
authenticateUser (channelName, channelId, channelPassword, user) {
// case: no channelName or channel Id are provided (anonymous), regardless of whether user token is provided
if (!channelName && !channelId) {
return {
channelName : null,
channelClaimId: null,
};
}
// case: channelName or channel Id are provided with user token
if (user) {
if (channelName && channelName !== user.channelName) {
throw new Error('the provided channel name does not match user credentials');
}
if (channelId && channelId !== user.channelClaimId) {
throw new Error('the provided channel id does not match user credentials');
}
return {
channelName : user.channelName,
channelClaimId: user.channelClaimId,
};
}
// case: channelName or channel Id are provided with password instead of user token
if (!channelPassword) throw new Error('no channel password provided');
return module.exports.authenticateChannelCredentials(channelName, channelId, channelPassword);
},
authenticateChannelCredentials (channelName, channelId, userPassword) {
return new Promise((resolve, reject) => {
// hoisted variables
let channelData;
// build the params for finding the channel
let channelFindParams = {};
if (channelName) channelFindParams['channelName'] = channelName;
if (channelId) channelFindParams['channelClaimId'] = channelId;
// find the channel
db.Channel
.findOne({
where: channelFindParams,
})
.then(channel => {
if (!channel) {
logger.debug('no channel found');
throw new Error('Authentication failed, you do not have access to that channel');
}
channelData = channel.get();
logger.debug('channel data:', channelData);
return db.User.findOne({
where: { userName: channelData.channelName.substring(1) },
});
})
.then(user => {
if (!user) {
logger.debug('no user found');
throw new Error('Authentication failed, you do not have access to that channel');
}
return user.comparePassword(userPassword);
})
.then(isMatch => {
if (!isMatch) {
logger.debug('incorrect password');
throw new Error('Authentication failed, you do not have access to that channel');
}
logger.debug('...password was a match...');
resolve(channelData);
})
.catch(error => {
reject(error);
});
});
},
};

View file

@ -0,0 +1,75 @@
const logger = require('winston');
const db = require('../../../../models/index');
const authenticateChannelCredentials = (channelName, channelId, userPassword) => {
return new Promise((resolve, reject) => {
// hoisted variables
let channelData;
// build the params for finding the channel
let channelFindParams = {};
if (channelName) channelFindParams['channelName'] = channelName;
if (channelId) channelFindParams['channelClaimId'] = channelId;
// find the channel
db.Channel
.findOne({
where: channelFindParams,
})
.then(channel => {
if (!channel) {
logger.debug('no channel found');
throw new Error('Authentication failed, you do not have access to that channel');
}
channelData = channel.get();
logger.debug('channel data:', channelData);
return db.User.findOne({
where: { userName: channelData.channelName.substring(1) },
});
})
.then(user => {
if (!user) {
logger.debug('no user found');
throw new Error('Authentication failed, you do not have access to that channel');
}
return user.comparePassword(userPassword);
})
.then(isMatch => {
if (!isMatch) {
logger.debug('incorrect password');
throw new Error('Authentication failed, you do not have access to that channel');
}
logger.debug('...password was a match...');
resolve(channelData);
})
.catch(error => {
reject(error);
});
});
};
const authenticateUser = (channelName, channelId, channelPassword, user) => {
// case: no channelName or channel Id are provided (anonymous), regardless of whether user token is provided
if (!channelName && !channelId) {
return {
channelName : null,
channelClaimId: null,
};
}
// case: channelName or channel Id are provided with user token
if (user) {
if (channelName && channelName !== user.channelName) {
throw new Error('the provided channel name does not match user credentials');
}
if (channelId && channelId !== user.channelClaimId) {
throw new Error('the provided channel id does not match user credentials');
}
return {
channelName : user.channelName,
channelClaimId: user.channelClaimId,
};
}
// case: channelName or channel Id are provided with password instead of user token
if (!channelPassword) throw new Error('no channel password provided');
return authenticateChannelCredentials(channelName, channelId, channelPassword);
};
module.exports = authenticateUser;

View file

@ -1,13 +1,17 @@
const { details: { host } } = require('../../../../../config/siteConfig.js'); const { details: { host } } = require('../../../../../config/siteConfig.js');
const { authenticateUser } = require('../../../../auth/authentication.js');
const { sendGATimingEvent } = require('../../../../utils/googleAnalytics.js'); const { sendGATimingEvent } = require('../../../../utils/googleAnalytics.js');
const { handleErrorResponse } = require('../../../utils/errorHandlers.js'); const { handleErrorResponse } = require('../../../utils/errorHandlers.js');
const checkClaimAvailability = require('../utils/checkClaimAvailability.js');
const publish = require('./publish.js'); const publish = require('./publish.js');
const createBasicPublishParams = require('./createBasicPublishParams.js'); const createBasicPublishParams = require('./createBasicPublishParams.js');
const createThumbnailPublishParams = require('./createThumbnailPublishParams.js'); const createThumbnailPublishParams = require('./createThumbnailPublishParams.js');
const parsePublishApiRequestBody = require('./parsePublishApiRequestBody.js'); const parsePublishApiRequestBody = require('./parsePublishApiRequestBody.js');
const parsePublishApiRequestFiles = require('./parsePublishApiRequestFiles.js'); const parsePublishApiRequestFiles = require('./parsePublishApiRequestFiles.js');
const checkClaimAvailability = require('../utils/checkClaimAvailability.js'); const authenticateUser = require('./authentication.js');
/* /*

View file

@ -5,7 +5,7 @@ const lbryUri = require('../utils/lbryUri.js');
const determineResponseType = require('../utils/determineResponseType.js'); const determineResponseType = require('../utils/determineResponseType.js');
const getClaimIdAndServeAsset = require('../utils/getClaimIdAndServeAsset.js'); const getClaimIdAndServeAsset = require('../utils/getClaimIdAndServeAsset.js');
const flipClaimNameAndIdForBackwardsCompatibility = require('../utils/flipClaimNameAndIdForBackwardsCompatibility.js'); const flipClaimNameAndId = require('../utils/flipClaimNameAndId.js');
const logRequestData = require('../utils/logRequestData.js'); const logRequestData = require('../utils/logRequestData.js');
const SERVE = 'SERVE'; const SERVE = 'SERVE';
@ -46,8 +46,9 @@ const serverAssetByIdentifierAndClaim = (req, res) => {
} catch (error) { } catch (error) {
return res.status(400).json({success: false, message: error.message}); return res.status(400).json({success: false, message: error.message});
} }
// for backwards compatability, flip claim name and claim id if necessary
if (!isChannel) { if (!isChannel) {
[claimId, claimName] = flipClaimNameAndIdForBackwardsCompatibility(claimId, claimName); [claimId, claimName] = flipClaimNameAndId(claimId, claimName);
} }
// log the request data for debugging // log the request data for debugging
logRequestData(responseType, claimName, channelName, claimId); logRequestData(responseType, claimName, channelName, claimId);

View file

@ -10,8 +10,8 @@ function isValidShortIdOrClaimId (input) {
return (isValidClaimId(input) || isValidShortId(input)); return (isValidClaimId(input) || isValidShortId(input));
}; };
const flipClaimNameAndIdForBackwardsCompatibility = (identifier, name) => { const flipClaimNameAndId = (identifier, name) => {
// this is a patch for backwards compatability with '/name/claim_id' url format // this is a patch for backwards compatability with '/name/claimId' url format
if (isValidShortIdOrClaimId(name) && !isValidShortIdOrClaimId(identifier)) { if (isValidShortIdOrClaimId(name) && !isValidShortIdOrClaimId(identifier)) {
const tempName = name; const tempName = name;
name = identifier; name = identifier;
@ -20,4 +20,4 @@ const flipClaimNameAndIdForBackwardsCompatibility = (identifier, name) => {
return [identifier, name]; return [identifier, name];
}; };
module.exports = flipClaimNameAndIdForBackwardsCompatibility; module.exports = flipClaimNameAndId;

View file

@ -1,4 +1,4 @@
const speechPassport = require('../../speechPassport/index'); const speechPassport = require('../../../speechPassport/index');
const login = (req, res, next) => { const login = (req, res, next) => {
speechPassport.authenticate('local-login', (err, user, info) => { speechPassport.authenticate('local-login', (err, user, info) => {

View file

@ -1,7 +0,0 @@
const handlePageRender = require('../../render/build/handlePageRender.js');
const sendReactApp = (req, res) => {
handlePageRender(req, res);
};
module.exports = sendReactApp;

View file

@ -1,4 +1,4 @@
const handlePageRequest = require('../../controllers/fallback/sendReactApp'); const handlePageRequest = require('../../controllers/pages/sendReactApp');
module.exports = (app) => { module.exports = (app) => {
app.get('*', handlePageRequest); app.get('*', handlePageRequest);

View file

@ -1,6 +1,6 @@
const handlePageRequest = require('../../controllers/pages/sendReactApp'); const handlePageRequest = require('../../controllers/pages/sendReactApp');
const handleEmbedRequest = require('../../controllers/pages/sendEmbedPage'); const handleEmbedRequest = require('../../controllers/pages/sendEmbedPage');
const redirect = require('../../controllers/pages/redirect'); const redirect = require('../../controllers/utils/redirect');
module.exports = (app) => { module.exports = (app) => {
app.get('/', handlePageRequest); app.get('/', handlePageRequest);