hostr/web/routes/file.js

import { join } from 'path';
import mime from 'mime-types';
import models from '../../models';
import hostrFileStream from '../../lib/hostr-file-stream';
import { formatFile } from '../../lib/format';

const storePath = process.env.UPLOAD_STORAGE_PATH;

const referrerRegexes = [
  /^https:\/\/hostr.co/,
  /^https:\/\/localhost.hostr.co/,
  /^http:\/\/localhost:4040/,
];

function userAgentCheck(userAgent) {
  if (!userAgent) {
    return false;
  }
  return userAgent.match(/^(wget|curl|vagrant)/i);
}

function referrerCheck(referrer) {
  return referrer && referrerRegexes.some((regex) => referrer.match(regex));
}

function hotlinkCheck(file, userAgent, referrer) {
  return userAgentCheck(userAgent) || file.width || referrerCheck(referrer);
}

export function* get() {
  if (this.params.size && ['150', '970'].indexOf(this.params.size) < 0) {
    this.throw(404);
    return;
  }

  const file = yield models.file.findOne({
    where: {
      id: this.params.id,
      name: this.params.name,
    },
  });
  this.assert(file, 404);

  if (!hotlinkCheck(file, this.headers['user-agent'], this.headers.referer)) {
    this.redirect(`/${file.id}`);
    return;
  }

  if (!file.width && this.request.query.warning !== 'on') {
    this.redirect(`/${file.id}`);
    return;
  }

  if (file.malware) {
    const alert = this.request.query.alert;
    if (!alert || !alert.match(/i want to download malware/i)) {
      this.redirect(`/${file.id}`);
      return;
    }
  }

  let localPath = join(storePath, file.id[0], `${file.id}_${file.name}`);
  let remotePath = join(file.id[0], `${file.id}_${file.name}`);
  if (this.params.size > 0) {
    localPath = join(storePath, file.id[0], this.params.size, `${file.id}_${file.name}`);
    remotePath = join(file.id[0], this.params.size, `${file.id}_${file.name}`);
  }

  if (file.malware) {
    this.statsd.incr('file.malware.download', 1);
  }

  let type = 'application/octet-stream';
  if (file.width > 0) {
    if (this.params.size) {
      this.statsd.incr('file.view', 1);
    }
    type = mime.lookup(file.name);
  } else {
    this.statsd.incr('file.download', 1);
  }

  if (userAgentCheck(this.headers['user-agent'])) {
    this.set('Content-Disposition', `attachment; filename=${file.name}`);
  }

  this.set('Content-type', type);
  this.set('Expires', new Date(2020, 1).toISOString());
  this.set('Cache-control', 'max-age=2592000');

  if (!this.params.size || (this.params.size && this.params.size > 150)) {
    models.file.accessed(file.id);
  }

  this.body = yield hostrFileStream(localPath, remotePath);
}

export function* resized() {
  yield get.call(this);
}

export function* landing() {
  const file = yield models.file.findOne({
    where: {
      id: this.params.id,
    },
  });
  this.assert(file, 404);
  if (userAgentCheck(this.headers['user-agent'])) {
    this.params.name = file.name;
    yield get.call(this);
    return;
  }

  this.statsd.incr('file.landing', 1);
  const formattedFile = formatFile(file);
  yield this.render('file', { file: formattedFile });
}
Get linting passing again 2016-06-06 15:37:00 +01:00			`import { join } from 'path';`
Initial commit. 2015-07-09 23:01:43 +01:00			`import mime from 'mime-types';`
Postgres. 2016-06-19 10:14:47 -07:00			`import models from '../../models';`
Initial commit. 2015-07-09 23:01:43 +01:00			`import hostrFileStream from '../../lib/hostr-file-stream';`
			`import { formatFile } from '../../lib/format';`

Improve environment variable stuff 2015-08-30 18:35:05 +02:00			`const storePath = process.env.UPLOAD_STORAGE_PATH;`
Initial commit. 2015-07-09 23:01:43 +01:00
Get linting passing again 2016-06-06 15:37:00 +01:00			`const referrerRegexes = [`
			`/^https:\/\/hostr.co/,`
			`/^https:\/\/localhost.hostr.co/,`
			`/^http:\/\/localhost:4040/,`
			`];`

Apply Javascript styleguide 2015-08-23 22:12:32 +01:00			`function userAgentCheck(userAgent) {`
			`if (!userAgent) {`
Initial commit. 2015-07-09 23:01:43 +01:00			`return false;`
			`}`
			`return userAgent.match(/^(wget\|curl\|vagrant)/i);`
Apply Javascript styleguide 2015-08-23 22:12:32 +01:00			`}`
Initial commit. 2015-07-09 23:01:43 +01:00
Get linting passing again 2016-06-06 15:37:00 +01:00			`function referrerCheck(referrer) {`
			`return referrer && referrerRegexes.some((regex) => referrer.match(regex));`
			`}`

Apply Javascript styleguide 2015-08-23 22:12:32 +01:00			`function hotlinkCheck(file, userAgent, referrer) {`
Get linting passing again 2016-06-06 15:37:00 +01:00			`return userAgentCheck(userAgent) \|\| file.width \|\| referrerCheck(referrer);`
Apply Javascript styleguide 2015-08-23 22:12:32 +01:00			`}`
Block hotlinking of non-image files. 2015-08-09 01:11:48 +01:00
Migrate from koa-route to koa-router 2015-08-22 16:16:15 +01:00			`export function* get() {`
Ignore invalid resized image sizes 2016-06-06 17:41:00 +01:00			`if (this.params.size && ['150', '970'].indexOf(this.params.size) < 0) {`
			`this.throw(404);`
			`return;`
			`}`

Postgres. 2016-06-19 10:14:47 -07:00			`const file = yield models.file.findOne({`
			`where: {`
			`id: this.params.id,`
			`name: this.params.name,`
			`},`
Get linting passing again 2016-06-06 15:37:00 +01:00			`});`
Initial commit. 2015-07-09 23:01:43 +01:00			`this.assert(file, 404);`
Add more stat collection 2015-08-09 17:21:39 +01:00
Get linting passing again 2016-06-06 15:37:00 +01:00			`if (!hotlinkCheck(file, this.headers['user-agent'], this.headers.referer)) {`
Postgres. 2016-06-19 10:14:47 -07:00			this.redirect(`/${file.id}`);
Get linting passing again 2016-06-06 15:37:00 +01:00			`return;`
Add more stat collection 2015-08-09 17:21:39 +01:00			`}`

Apply Javascript styleguide 2015-08-23 22:12:32 +01:00			`if (!file.width && this.request.query.warning !== 'on') {`
Postgres. 2016-06-19 10:14:47 -07:00			this.redirect(`/${file.id}`);
Get linting passing again 2016-06-06 15:37:00 +01:00			`return;`
Block hotlinking of non-image files. 2015-08-09 01:11:48 +01:00			`}`
Add more stat collection 2015-08-09 17:21:39 +01:00
			`if (file.malware) {`
Apply Javascript styleguide 2015-08-23 22:12:32 +01:00			`const alert = this.request.query.alert;`
Add more stat collection 2015-08-09 17:21:39 +01:00			`if (!alert \|\| !alert.match(/i want to download malware/i)) {`
Postgres. 2016-06-19 10:14:47 -07:00			this.redirect(`/${file.id}`);
Get linting passing again 2016-06-06 15:37:00 +01:00			`return;`
Add more stat collection 2015-08-09 17:21:39 +01:00			`}`
			`}`

Postgres. 2016-06-19 10:14:47 -07:00			let localPath = join(storePath, file.id[0], `${file.id}_${file.name}`);
			let remotePath = join(file.id[0], `${file.id}_${file.name}`);
Migrate from koa-route to koa-router 2015-08-22 16:16:15 +01:00			`if (this.params.size > 0) {`
Postgres. 2016-06-19 10:14:47 -07:00			localPath = join(storePath, file.id[0], this.params.size, `${file.id}_${file.name}`);
			remotePath = join(file.id[0], this.params.size, `${file.id}_${file.name}`);
Initial commit. 2015-07-09 23:01:43 +01:00			`}`
Fix session memory leak 2015-08-22 18:24:39 +01:00
Add more stat collection 2015-08-09 17:21:39 +01:00			`if (file.malware) {`
			`this.statsd.incr('file.malware.download', 1);`
			`}`

Initial commit. 2015-07-09 23:01:43 +01:00			`let type = 'application/octet-stream';`
			`if (file.width > 0) {`
Migrate from koa-route to koa-router 2015-08-22 16:16:15 +01:00			`if (this.params.size) {`
Add more stat collection 2015-08-09 17:21:39 +01:00			`this.statsd.incr('file.view', 1);`
			`}`
Postgres. 2016-06-19 10:14:47 -07:00			`type = mime.lookup(file.name);`
Add more stat collection 2015-08-09 17:21:39 +01:00			`} else {`
			`this.statsd.incr('file.download', 1);`
			`}`

			`if (userAgentCheck(this.headers['user-agent'])) {`
Postgres. 2016-06-19 10:14:47 -07:00			this.set('Content-Disposition', `attachment; filename=${file.name}`);
Initial commit. 2015-07-09 23:01:43 +01:00			`}`

			`this.set('Content-type', type);`
			`this.set('Expires', new Date(2020, 1).toISOString());`
			`this.set('Cache-control', 'max-age=2592000');`

Use correct size param 2015-08-22 18:48:34 +01:00			`if (!this.params.size \|\| (this.params.size && this.params.size > 150)) {`
Postgres. 2016-06-19 10:14:47 -07:00			`models.file.accessed(file.id);`
Use correct size param 2015-08-22 18:48:34 +01:00			`}`
Restore file download counting 2015-08-22 18:40:23 +01:00
Initial commit. 2015-07-09 23:01:43 +01:00			`this.body = yield hostrFileStream(localPath, remotePath);`
			`}`

Migrate from koa-route to koa-router 2015-08-22 16:16:15 +01:00			`export function* resized() {`
			`yield get.call(this);`
Initial commit. 2015-07-09 23:01:43 +01:00			`}`

Migrate from koa-route to koa-router 2015-08-22 16:16:15 +01:00			`export function* landing() {`
Postgres. 2016-06-19 10:14:47 -07:00			`const file = yield models.file.findOne({`
			`where: {`
			`id: this.params.id,`
			`},`
			`});`
Initial commit. 2015-07-09 23:01:43 +01:00			`this.assert(file, 404);`
Apply Javascript styleguide 2015-08-23 22:12:32 +01:00			`if (userAgentCheck(this.headers['user-agent'])) {`
Postgres. 2016-06-19 10:14:47 -07:00			`this.params.name = file.name;`
Get linting passing again 2016-06-06 15:37:00 +01:00			`yield get.call(this);`
			`return;`
Initial commit. 2015-07-09 23:01:43 +01:00			`}`
Fix session memory leak 2015-08-22 18:24:39 +01:00
Add more stat collection 2015-08-09 17:21:39 +01:00			`this.statsd.incr('file.landing', 1);`
Initial commit. 2015-07-09 23:01:43 +01:00			`const formattedFile = formatFile(file);`
Get linting passing again 2016-06-06 15:37:00 +01:00			`yield this.render('file', { file: formattedFile });`
Initial commit. 2015-07-09 23:01:43 +01:00			`}`