hostr/web/routes/file.js

import path from 'path';
import mime from 'mime-types';
import hostrFileStream from '../../lib/hostr-file-stream';
import { formatFile } from '../../lib/format';

const storePath = process.env.STORE_PATH || path.join(process.env.HOME, '.hostr', 'uploads');

function userAgentCheck(userAgent) {
  if (!userAgent) {
    return false;
  }
  return userAgent.match(/^(wget|curl|vagrant)/i);
}

function hotlinkCheck(file, userAgent, referrer) {
  return !userAgentCheck(userAgent) && !file.width && (!referrer || !(referrer.match(/^https:\/\/hostr.co/) || referrer.match(/^http:\/\/localhost:4040/)));
}

export function* get() {
  const file = yield this.db.Files.findOne({_id: this.params.id, 'file_name': this.params.name, 'status': 'active'});
  this.assert(file, 404);

  if (hotlinkCheck(file, this.headers['user-agent'], this.headers.referer)) {
    return this.redirect('/' + file._id);
  }

  if (!file.width && this.request.query.warning !== 'on') {
    return this.redirect('/' + file._id);
  }

  if (file.malware) {
    const alert = this.request.query.alert;
    if (!alert || !alert.match(/i want to download malware/i)) {
      return this.redirect('/' + file._id);
    }
  }

  let localPath = path.join(storePath, file._id[0], file._id + '_' + file.file_name);
  let remotePath = path.join(file._id[0], file._id + '_' + file.file_name);
  if (this.params.size > 0) {
    localPath = path.join(storePath, file._id[0], this.params.size, file._id + '_' + file.file_name);
    remotePath = path.join(this.params.size, file._id + '_' + file.file_name);
  }

  if (file.malware) {
    this.statsd.incr('file.malware.download', 1);
  }

  let type = 'application/octet-stream';
  if (file.width > 0) {
    if (this.params.size) {
      this.statsd.incr('file.view', 1);
    }
    type = mime.lookup(file.file_name);
  } else {
    this.statsd.incr('file.download', 1);
  }

  if (userAgentCheck(this.headers['user-agent'])) {
    this.set('Content-Disposition', 'attachment; filename=' + file.file_name);
  }

  this.set('Content-type', type);
  this.set('Expires', new Date(2020, 1).toISOString());
  this.set('Cache-control', 'max-age=2592000');

  if (!this.params.size || (this.params.size && this.params.size > 150)) {
    this.db.Files.updateOne(
      {'_id': file._id},
      {'$set': {'last_accessed': Math.ceil(Date.now() / 1000)}, '$inc': {downloads: 1}},
      {'w': 0}
    );
  }

  this.body = yield hostrFileStream(localPath, remotePath);
}

export function* resized() {
  yield get.call(this);
}

export function* landing() {
  const file = yield this.db.Files.findOne({_id: this.params.id, status: 'active'});
  this.assert(file, 404);
  if (userAgentCheck(this.headers['user-agent'])) {
    this.params.name = file.file_name;
    return yield get.call(this);
  }

  this.statsd.incr('file.landing', 1);
  const formattedFile = formatFile(file);
  yield this.render('file', {file: formattedFile});
}
Initial commit. 2015-07-09 23:01:43 +01:00			`import path from 'path';`
			`import mime from 'mime-types';`
			`import hostrFileStream from '../../lib/hostr-file-stream';`
			`import { formatFile } from '../../lib/format';`

			`const storePath = process.env.STORE_PATH \|\| path.join(process.env.HOME, '.hostr', 'uploads');`

Apply Javascript styleguide 2015-08-23 22:12:32 +01:00			`function userAgentCheck(userAgent) {`
			`if (!userAgent) {`
Initial commit. 2015-07-09 23:01:43 +01:00			`return false;`
			`}`
			`return userAgent.match(/^(wget\|curl\|vagrant)/i);`
Apply Javascript styleguide 2015-08-23 22:12:32 +01:00			`}`
Initial commit. 2015-07-09 23:01:43 +01:00
Apply Javascript styleguide 2015-08-23 22:12:32 +01:00			`function hotlinkCheck(file, userAgent, referrer) {`
			`return !userAgentCheck(userAgent) && !file.width && (!referrer \|\| !(referrer.match(/^https:\/\/hostr.co/) \|\| referrer.match(/^http:\/\/localhost:4040/)));`
			`}`
Block hotlinking of non-image files. 2015-08-09 01:11:48 +01:00
Migrate from koa-route to koa-router 2015-08-22 16:16:15 +01:00			`export function* get() {`
			`const file = yield this.db.Files.findOne({_id: this.params.id, 'file_name': this.params.name, 'status': 'active'});`
Initial commit. 2015-07-09 23:01:43 +01:00			`this.assert(file, 404);`
Add more stat collection 2015-08-09 17:21:39 +01:00
Apply Javascript styleguide 2015-08-23 22:12:32 +01:00			`if (hotlinkCheck(file, this.headers['user-agent'], this.headers.referer)) {`
Migrate from koa-route to koa-router 2015-08-22 16:16:15 +01:00			`return this.redirect('/' + file._id);`
Add more stat collection 2015-08-09 17:21:39 +01:00			`}`

Apply Javascript styleguide 2015-08-23 22:12:32 +01:00			`if (!file.width && this.request.query.warning !== 'on') {`
Migrate from koa-route to koa-router 2015-08-22 16:16:15 +01:00			`return this.redirect('/' + file._id);`
Block hotlinking of non-image files. 2015-08-09 01:11:48 +01:00			`}`
Add more stat collection 2015-08-09 17:21:39 +01:00
			`if (file.malware) {`
Apply Javascript styleguide 2015-08-23 22:12:32 +01:00			`const alert = this.request.query.alert;`
Add more stat collection 2015-08-09 17:21:39 +01:00			`if (!alert \|\| !alert.match(/i want to download malware/i)) {`
Migrate from koa-route to koa-router 2015-08-22 16:16:15 +01:00			`return this.redirect('/' + file._id);`
Add more stat collection 2015-08-09 17:21:39 +01:00			`}`
			`}`

Initial commit. 2015-07-09 23:01:43 +01:00			`let localPath = path.join(storePath, file._id[0], file._id + '_' + file.file_name);`
			`let remotePath = path.join(file._id[0], file._id + '_' + file.file_name);`
Migrate from koa-route to koa-router 2015-08-22 16:16:15 +01:00			`if (this.params.size > 0) {`
			`localPath = path.join(storePath, file._id[0], this.params.size, file._id + '_' + file.file_name);`
			`remotePath = path.join(this.params.size, file._id + '_' + file.file_name);`
Initial commit. 2015-07-09 23:01:43 +01:00			`}`
Fix session memory leak 2015-08-22 18:24:39 +01:00
Add more stat collection 2015-08-09 17:21:39 +01:00			`if (file.malware) {`
			`this.statsd.incr('file.malware.download', 1);`
			`}`

Initial commit. 2015-07-09 23:01:43 +01:00			`let type = 'application/octet-stream';`
			`if (file.width > 0) {`
Migrate from koa-route to koa-router 2015-08-22 16:16:15 +01:00			`if (this.params.size) {`
Add more stat collection 2015-08-09 17:21:39 +01:00			`this.statsd.incr('file.view', 1);`
			`}`
Initial commit. 2015-07-09 23:01:43 +01:00			`type = mime.lookup(file.file_name);`
Add more stat collection 2015-08-09 17:21:39 +01:00			`} else {`
			`this.statsd.incr('file.download', 1);`
			`}`

			`if (userAgentCheck(this.headers['user-agent'])) {`
			`this.set('Content-Disposition', 'attachment; filename=' + file.file_name);`
Initial commit. 2015-07-09 23:01:43 +01:00			`}`

			`this.set('Content-type', type);`
			`this.set('Expires', new Date(2020, 1).toISOString());`
			`this.set('Cache-control', 'max-age=2592000');`

Use correct size param 2015-08-22 18:48:34 +01:00			`if (!this.params.size \|\| (this.params.size && this.params.size > 150)) {`
			`this.db.Files.updateOne(`
Apply Javascript styleguide 2015-08-23 22:12:32 +01:00			`{'_id': file._id},`
			`{'$set': {'last_accessed': Math.ceil(Date.now() / 1000)}, '$inc': {downloads: 1}},`
			`{'w': 0}`
Use correct size param 2015-08-22 18:48:34 +01:00			`);`
			`}`
Restore file download counting 2015-08-22 18:40:23 +01:00
Initial commit. 2015-07-09 23:01:43 +01:00			`this.body = yield hostrFileStream(localPath, remotePath);`
			`}`

Migrate from koa-route to koa-router 2015-08-22 16:16:15 +01:00			`export function* resized() {`
			`yield get.call(this);`
Initial commit. 2015-07-09 23:01:43 +01:00			`}`

Migrate from koa-route to koa-router 2015-08-22 16:16:15 +01:00			`export function* landing() {`
			`const file = yield this.db.Files.findOne({_id: this.params.id, status: 'active'});`
Initial commit. 2015-07-09 23:01:43 +01:00			`this.assert(file, 404);`
Apply Javascript styleguide 2015-08-23 22:12:32 +01:00			`if (userAgentCheck(this.headers['user-agent'])) {`
Migrate from koa-route to koa-router 2015-08-22 16:16:15 +01:00			`this.params.name = file.file_name;`
			`return yield get.call(this);`
Initial commit. 2015-07-09 23:01:43 +01:00			`}`
Fix session memory leak 2015-08-22 18:24:39 +01:00
Add more stat collection 2015-08-09 17:21:39 +01:00			`this.statsd.incr('file.landing', 1);`
Initial commit. 2015-07-09 23:01:43 +01:00			`const formattedFile = formatFile(file);`
			`yield this.render('file', {file: formattedFile});`
			`}`