Tor middleware #499
|
|
@ -35,17 +35,6 @@ const claimPublish = ({ body, files, headers, ip, originalUrl, user, tor }, res)
|
|||
message: disabledMessage
|
||||
});
|
||||
}
|
||||
// check for tor
|
||||
logger.debug('tor:', tor);
|
||||
if (tor) {
|
||||
logger.info('Tor publish request blocked:', ip);
|
||||
const failureResponse = {
|
||||
success: 'false',
|
||||
message: 'Unfortunately this api route is not currently available for tor users. We are working on a solution that will allow tor users to use this endpoint in the future.',
|
||||
};
|
||||
return res.status(403).json(failureResponse);
|
||||
}
|
||||
|
||||
// define variables
|
||||
let channelName, channelId, channelPassword, description, fileName, filePath, fileType, gaStartTime, license, name, nsfw, thumbnail, thumbnailFileName, thumbnailFilePath, thumbnailFileType, title;
|
||||
// record the start time of the request
|
||||
|
|
|
|||
|
|
@ -13,8 +13,16 @@ const torCheck = (req, res, next) => {
|
|||
Yeah, I think that would be the better way to handle it. That way the middleware can be placed on any route and response is handled from the middleware, rather than having to handle in all the routes. Yeah, I think that would be the better way to handle it. That way the middleware can be placed on any route and response is handled from the middleware, rather than having to handle in all the routes.
Maybe you should just stop the request here? Not sure, if there are other routes in that may be blocked in the future it will be simpler to add. If it's gonna be only the /publish route then this is probably fine. Maybe you should just stop the request here? Not sure, if there are other routes in that may be blocked in the future it will be simpler to add. If it's gonna be only the /publish route then this is probably fine.
Yeah, I think that would be the better way to handle it. That way the middleware can be placed on any route and response is handled from the middleware, rather than having to handle in all the routes. Yeah, I think that would be the better way to handle it. That way the middleware can be placed on any route and response is handled from the middleware, rather than having to handle in all the routes.
|
||||
})
|
||||
.then(result => {
|
||||
logger.debug('tor check results:', result);
|
||||
req['tor'] = (result.length >= 1); // add this to the req object
|
||||
|
Maybe you should just stop the request here? Not sure, if there are other routes in that may be blocked in the future it will be simpler to add. If it's gonna be only the /publish route then this is probably fine. Maybe you should just stop the request here? Not sure, if there are other routes in that may be blocked in the future it will be simpler to add. If it's gonna be only the /publish route then this is probably fine.
Yeah, I think that would be the better way to handle it. That way the middleware can be placed on any route and response is handled from the middleware, rather than having to handle in all the routes. Yeah, I think that would be the better way to handle it. That way the middleware can be placed on any route and response is handled from the middleware, rather than having to handle in all the routes.
|
||||
next();
|
||||
|
Maybe you should just stop the request here? Not sure, if there are other routes in that may be blocked in the future it will be simpler to add. If it's gonna be only the /publish route then this is probably fine. Maybe you should just stop the request here? Not sure, if there are other routes in that may be blocked in the future it will be simpler to add. If it's gonna be only the /publish route then this is probably fine.
Yeah, I think that would be the better way to handle it. That way the middleware can be placed on any route and response is handled from the middleware, rather than having to handle in all the routes. Yeah, I think that would be the better way to handle it. That way the middleware can be placed on any route and response is handled from the middleware, rather than having to handle in all the routes.
|
||||
if (result.length >= 1) {
|
||||
|
Maybe you should just stop the request here? Not sure, if there are other routes in that may be blocked in the future it will be simpler to add. If it's gonna be only the /publish route then this is probably fine. Maybe you should just stop the request here? Not sure, if there are other routes in that may be blocked in the future it will be simpler to add. If it's gonna be only the /publish route then this is probably fine.
Yeah, I think that would be the better way to handle it. That way the middleware can be placed on any route and response is handled from the middleware, rather than having to handle in all the routes. Yeah, I think that would be the better way to handle it. That way the middleware can be placed on any route and response is handled from the middleware, rather than having to handle in all the routes.
|
||||
logger.info('Tor request blocked:', ip);
|
||||
|
Maybe you should just stop the request here? Not sure, if there are other routes in that may be blocked in the future it will be simpler to add. If it's gonna be only the /publish route then this is probably fine. Maybe you should just stop the request here? Not sure, if there are other routes in that may be blocked in the future it will be simpler to add. If it's gonna be only the /publish route then this is probably fine.
Yeah, I think that would be the better way to handle it. That way the middleware can be placed on any route and response is handled from the middleware, rather than having to handle in all the routes. Yeah, I think that would be the better way to handle it. That way the middleware can be placed on any route and response is handled from the middleware, rather than having to handle in all the routes.
|
||||
const failureResponse = {
|
||||
|
Maybe you should just stop the request here? Not sure, if there are other routes in that may be blocked in the future it will be simpler to add. If it's gonna be only the /publish route then this is probably fine. Maybe you should just stop the request here? Not sure, if there are other routes in that may be blocked in the future it will be simpler to add. If it's gonna be only the /publish route then this is probably fine.
Yeah, I think that would be the better way to handle it. That way the middleware can be placed on any route and response is handled from the middleware, rather than having to handle in all the routes. Yeah, I think that would be the better way to handle it. That way the middleware can be placed on any route and response is handled from the middleware, rather than having to handle in all the routes.
|
||||
success: false,
|
||||
|
Maybe you should just stop the request here? Not sure, if there are other routes in that may be blocked in the future it will be simpler to add. If it's gonna be only the /publish route then this is probably fine. Maybe you should just stop the request here? Not sure, if there are other routes in that may be blocked in the future it will be simpler to add. If it's gonna be only the /publish route then this is probably fine.
Yeah, I think that would be the better way to handle it. That way the middleware can be placed on any route and response is handled from the middleware, rather than having to handle in all the routes. Yeah, I think that would be the better way to handle it. That way the middleware can be placed on any route and response is handled from the middleware, rather than having to handle in all the routes.
|
||||
message: 'Unfortunately this api route is not currently available for tor users. We are working on a solution that will allow tor users to use this endpoint in the future.',
|
||||
|
Maybe you should just stop the request here? Not sure, if there are other routes in that may be blocked in the future it will be simpler to add. If it's gonna be only the /publish route then this is probably fine. Maybe you should just stop the request here? Not sure, if there are other routes in that may be blocked in the future it will be simpler to add. If it's gonna be only the /publish route then this is probably fine.
Yeah, I think that would be the better way to handle it. That way the middleware can be placed on any route and response is handled from the middleware, rather than having to handle in all the routes. Yeah, I think that would be the better way to handle it. That way the middleware can be placed on any route and response is handled from the middleware, rather than having to handle in all the routes.
|
||||
};
|
||||
|
Maybe you should just stop the request here? Not sure, if there are other routes in that may be blocked in the future it will be simpler to add. If it's gonna be only the /publish route then this is probably fine. Maybe you should just stop the request here? Not sure, if there are other routes in that may be blocked in the future it will be simpler to add. If it's gonna be only the /publish route then this is probably fine.
Yeah, I think that would be the better way to handle it. That way the middleware can be placed on any route and response is handled from the middleware, rather than having to handle in all the routes. Yeah, I think that would be the better way to handle it. That way the middleware can be placed on any route and response is handled from the middleware, rather than having to handle in all the routes.
|
||||
res.status(403).json(failureResponse);
|
||||
|
Maybe you should just stop the request here? Not sure, if there are other routes in that may be blocked in the future it will be simpler to add. If it's gonna be only the /publish route then this is probably fine. Maybe you should just stop the request here? Not sure, if there are other routes in that may be blocked in the future it will be simpler to add. If it's gonna be only the /publish route then this is probably fine.
Yeah, I think that would be the better way to handle it. That way the middleware can be placed on any route and response is handled from the middleware, rather than having to handle in all the routes. Yeah, I think that would be the better way to handle it. That way the middleware can be placed on any route and response is handled from the middleware, rather than having to handle in all the routes.
|
||||
} else {
|
||||
|
Maybe you should just stop the request here? Not sure, if there are other routes in that may be blocked in the future it will be simpler to add. If it's gonna be only the /publish route then this is probably fine. Maybe you should just stop the request here? Not sure, if there are other routes in that may be blocked in the future it will be simpler to add. If it's gonna be only the /publish route then this is probably fine.
Yeah, I think that would be the better way to handle it. That way the middleware can be placed on any route and response is handled from the middleware, rather than having to handle in all the routes. Yeah, I think that would be the better way to handle it. That way the middleware can be placed on any route and response is handled from the middleware, rather than having to handle in all the routes.
|
||||
next();
|
||||
|
Maybe you should just stop the request here? Not sure, if there are other routes in that may be blocked in the future it will be simpler to add. If it's gonna be only the /publish route then this is probably fine. Maybe you should just stop the request here? Not sure, if there are other routes in that may be blocked in the future it will be simpler to add. If it's gonna be only the /publish route then this is probably fine.
Yeah, I think that would be the better way to handle it. That way the middleware can be placed on any route and response is handled from the middleware, rather than having to handle in all the routes. Yeah, I think that would be the better way to handle it. That way the middleware can be placed on any route and response is handled from the middleware, rather than having to handle in all the routes.
|
||||
}
|
||||
|
Maybe you should just stop the request here? Not sure, if there are other routes in that may be blocked in the future it will be simpler to add. If it's gonna be only the /publish route then this is probably fine. Maybe you should just stop the request here? Not sure, if there are other routes in that may be blocked in the future it will be simpler to add. If it's gonna be only the /publish route then this is probably fine.
Yeah, I think that would be the better way to handle it. That way the middleware can be placed on any route and response is handled from the middleware, rather than having to handle in all the routes. Yeah, I think that would be the better way to handle it. That way the middleware can be placed on any route and response is handled from the middleware, rather than having to handle in all the routes.
|
||||
})
|
||||
.catch(error => {
|
||||
logger.error(error);
|
||||
|
|
|
|||
|
Maybe you should just stop the request here? Not sure, if there are other routes in that may be blocked in the future it will be simpler to add. If it's gonna be only the /publish route then this is probably fine. Maybe you should just stop the request here? Not sure, if there are other routes in that may be blocked in the future it will be simpler to add. If it's gonna be only the /publish route then this is probably fine.
Yeah, I think that would be the better way to handle it. That way the middleware can be placed on any route and response is handled from the middleware, rather than having to handle in all the routes. Yeah, I think that would be the better way to handle it. That way the middleware can be placed on any route and response is handled from the middleware, rather than having to handle in all the routes.
Maybe you should just stop the request here? Not sure, if there are other routes in that may be blocked in the future it will be simpler to add. If it's gonna be only the /publish route then this is probably fine. Maybe you should just stop the request here? Not sure, if there are other routes in that may be blocked in the future it will be simpler to add. If it's gonna be only the /publish route then this is probably fine.
Yeah, I think that would be the better way to handle it. That way the middleware can be placed on any route and response is handled from the middleware, rather than having to handle in all the routes. Yeah, I think that would be the better way to handle it. That way the middleware can be placed on any route and response is handled from the middleware, rather than having to handle in all the routes.
|
||||
|
|
@ -21,26 +21,26 @@ const torCheckMiddleware = require('../../middleware/torCheckMiddleware');
|
|||
|
||||
module.exports = (app) => {
|
||||
// channel routes
|
||||
app.get('/api/channel/availability/:name', channelAvailability);
|
||||
app.get('/api/channel/short-id/:longId/:name', channelShortId);
|
||||
app.get('/api/channel/data/:channelName/:channelClaimId', channelData);
|
||||
app.get('/api/channel/claims/:channelName/:channelClaimId/:page', channelClaims);
|
||||
app.get('/api/channel/availability/:name', torCheckMiddleware, channelAvailability);
|
||||
app.get('/api/channel/short-id/:longId/:name', torCheckMiddleware, channelShortId);
|
||||
app.get('/api/channel/data/:channelName/:channelClaimId', torCheckMiddleware, channelData);
|
||||
app.get('/api/channel/claims/:channelName/:channelClaimId/:page', torCheckMiddleware, channelClaims);
|
||||
// claim routes
|
||||
app.get('/api/claim/availability/:name', claimAvailability);
|
||||
app.get('/api/claim/blocked-list/', claimBlockedList);
|
||||
app.get('/api/claim/data/:claimName/:claimId', claimData);
|
||||
app.get('/api/claim/get/:name/:claimId', claimGet);
|
||||
app.get('/api/claim/list/:name', claimList);
|
||||
app.post('/api/claim/long-id', claimLongId); // should be a get
|
||||
app.get('/api/claim/availability/:name', torCheckMiddleware, claimAvailability);
|
||||
app.get('/api/claim/blocked-list/', torCheckMiddleware, claimBlockedList);
|
||||
app.get('/api/claim/data/:claimName/:claimId', torCheckMiddleware, claimData);
|
||||
app.get('/api/claim/get/:name/:claimId', torCheckMiddleware, claimGet);
|
||||
app.get('/api/claim/list/:name', torCheckMiddleware, claimList);
|
||||
app.post('/api/claim/long-id', torCheckMiddleware, claimLongId); // note: should be a 'get'
|
||||
app.post('/api/claim/publish', torCheckMiddleware, multipartMiddleware, claimPublish);
|
||||
app.get('/api/claim/resolve/:name/:claimId', claimResolve);
|
||||
app.get('/api/claim/short-id/:longId/:name', claimShortId);
|
||||
app.get('/api/claim/resolve/:name/:claimId', torCheckMiddleware, claimResolve);
|
||||
app.get('/api/claim/short-id/:longId/:name', torCheckMiddleware, claimShortId);
|
||||
// file routes
|
||||
app.get('/api/file/availability/:name/:claimId', fileAvailability);
|
||||
app.get('/api/file/availability/:name/:claimId', torCheckMiddleware, fileAvailability);
|
||||
// user routes
|
||||
app.put('/api/user/password/', userPassword);
|
||||
app.put('/api/user/password/', torCheckMiddleware, userPassword);
|
||||
// configs
|
||||
app.get('/api/config/site/publishing', publishingConfig);
|
||||
app.get('/api/config/site/publishing', torCheckMiddleware, publishingConfig);
|
||||
// tor
|
||||
app.get('/api/tor', getTorList);
|
||||
app.get('/api/tor', torCheckMiddleware, getTorList);
|
||||
};
|
||||
|
|
|
|||
Maybe you should just stop the request here? Not sure, if there are other routes in that may be blocked in the future it will be simpler to add. If it's gonna be only the /publish route then this is probably fine.