jonathan/hostr
jonathan/hostr
1
0
Fork 0
Code Issues Pull requests 4 Projects Releases Packages 1 Wiki Activity Actions

Get linting passing again

Browse source
This commit is contained in:
Jonathan Cremin 2016-06-06 15:37:00 +01:00
parent 4f95f27400
commit 494f66d388
21 changed files with 367 additions and 212 deletions
Download patch file Download diff file Expand all files Collapse all files

2
api/app.js
View file

@ -10,7 +10,7 @@ const debug = debugname('hostr-api');
const router = new Router();
const statsdOpts = {prefix: 'hostr-api', host: process.env.STATSD_HOST};
const statsdOpts = { prefix: 'hostr-api', host: process.env.STATSD_HOST };
router.use(stats(statsdOpts));
const statsd = new StatsD(statsdOpts);
router.use(function* statsMiddleware(next) {

48
api/lib/auth.js
View file

@ -16,16 +16,25 @@ export default function* (next) {
const userToken = yield this.redis.get(this.req.headers.authorization.substr(1));
this.assert(userToken, 401, '{"error": {"message": "Invalid token.", "code": 606}}');
debug('Token found');
user = yield Users.findOne({'_id': this.db.objectId(userToken)});
user = yield Users.findOne({ _id: this.db.objectId(userToken) });
} else {
const authUser = auth(this);
this.assert(authUser, 401, badLoginMsg);
const remoteIp = this.req.headers['x-real-ip'] || this.req.connection.remoteAddress;
const count = yield Logins.count({ip: remoteIp, successful: false, at: { '$gt': Math.ceil(Date.now() / 1000) - 600}});
this.assert(count < 25, 401, '{"error": {"message": "Too many incorrect logins.", "code": 608}}');
const count = yield Logins.count({
ip: remoteIp,
successful: false,
at: { $gt: Math.ceil(Date.now() / 1000) - 600 },
});
this.assert(count < 25, 401,
'{"error": {"message": "Too many incorrect logins.", "code": 608}}');
yield Logins.insertOne({ip: remoteIp, at: Math.ceil(Date.now() / 1000), successful: null});
user = yield Users.findOne({'email': authUser.name, 'banned': {'$exists': false}, 'status': {'$ne': 'deleted'}});
yield Logins.insertOne({ ip: remoteIp, at: Math.ceil(Date.now() / 1000), successful: null });
user = yield Users.findOne({
email: authUser.name,
banned: { $exists: false },
status: { $ne: 'deleted' },
});
this.assert(user, 401, badLoginMsg);
const authenticated = yield passwords.match(authUser.pass, user.salted_password);
this.assert(authenticated, 401, badLoginMsg);
@ -33,22 +42,27 @@ export default function* (next) {
debug('Checking user');
this.assert(user, 401, badLoginMsg);
debug('Checking user is activated');
this.assert(!user.activationCode, 401, '{"error": {"message": "Account has not been activated.", "code": 603}}');
this.assert(!user.activationCode, 401,
'{"error": {"message": "Account has not been activated.", "code": 603}}');
const uploadedTotal = yield Files.count({owner: user._id, status: {'$ne': 'deleted'}});
const uploadedToday = yield Files.count({owner: user._id, 'time_added': {'$gt': Math.ceil(Date.now() / 1000) - 86400}});
const uploadedTotal = yield Files.count({ owner: user._id, status: { $ne: 'deleted' } });
const uploadedToday = yield Files.count({
owner: user._id,
time_added: { $gt: Math.ceil(Date.now() / 1000) - 86400 },
});
const normalisedUser = {
'id': user._id,
'email': user.email,
'daily_upload_allowance': user.type === 'Pro' ? 'unlimited' : 15,
'file_count': uploadedTotal,
'max_filesize': user.type === 'Pro' ? 524288000 : 20971520,
'plan': user.type || 'Free',
'uploads_today': uploadedToday,
id: user._id,
email: user.email,
daily_upload_allowance: user.type === 'Pro' ? 'unlimited' : 15,
file_count: uploadedTotal,
max_filesize: user.type === 'Pro' ? 524288000 : 20971520,
plan: user.type || 'Free',
uploads_today: uploadedToday,
};
this.response.set('Daily-Uploads-Remaining', user.type === 'Pro' ? 'unlimited' : 15 - uploadedToday);
this.response.set('Daily-Uploads-Remaining',
user.type === 'Pro' ? 'unlimited' : 15 - uploadedToday);
this.user = normalisedUser;
debug('Authenticated user: ' + this.user.email);
debug('Authenticated user: ', this.user.email);
yield next;
}

4
api/routes/file.js
View file

@ -13,9 +13,13 @@ export function* post(next) {
const uploader = new Uploader(this);
yield uploader.checkLimit();
yield uploader.accept();
uploader.acceptedEvent();
uploader.receive();
yield uploader.save();
yield uploader.promise;

30
api/routes/user.js
View file

@ -15,12 +15,12 @@ export function* get() {
export function* token() {
const token = uuid.v4(); // eslint-disable-line no-shadow
yield this.redis.set(token, this.user.id, 'EX', 86400);
this.body = {token: token};
this.body = { token };
}
export function* transaction() {
const Transactions = this.db.Transactions;
const transactions = yield Transactions.find({'user_id': this.user.id}).toArray();
const transactions = yield Transactions.find({ user_id: this.user.id }).toArray();
this.body = transactions.map((transaction) => { // eslint-disable-line no-shadow
const type = transaction.paypal ? 'paypal' : 'direct';
@ -29,17 +29,20 @@ export function* transaction() {
amount: transaction.paypal ? transaction.amount : transaction.amount / 100,
date: transaction.date,
description: transaction.desc,
type: type,
type,
};
});
}
export function* settings() {
this.assert(this.request.body, 400, '{"error": {"message": "Current Password required to update account.", "code": 612}}');
this.assert(this.request.body.current_password, 400, '{"error": {"message": "Current Password required to update account.", "code": 612}}');
this.assert(this.request.body, 400,
'{"error": {"message": "Current Password required to update account.", "code": 612}}');
this.assert(this.request.body.current_password, 400,
'{"error": {"message": "Current Password required to update account.", "code": 612}}');
const Users = this.db.Users;
const user = yield Users.findOne({'_id': this.user.id});
this.assert(yield passwords.match(this.request.body.current_password, user.salted_password), 400, '{"error": {"message": "Incorrect password", "code": 606}}');
const user = yield Users.findOne({ _id: this.user.id });
this.assert(yield passwords.match(this.request.body.current_password, user.salted_password), 400,
'{"error": {"message": "Incorrect password", "code": 606}}');
const data = {};
if (this.request.body.email && this.request.body.email !== user.email) {
data.email = this.request.body.email;
@ -48,10 +51,11 @@ export function* settings() {
}
}
if (this.request.body.new_password) {
this.assert(this.request.body.new_password.length >= 7, 400, '{"error": {"message": "Password must be 7 or more characters long.", "code": 606}}');
data.salted_password = yield passwords.hash(this.request.body.new_password); // eslint-disable-line camelcase
this.assert(this.request.body.new_password.length >= 7, 400,
'{"error": {"message": "Password must be 7 or more characters long.", "code": 606}}');
data.salted_password = yield passwords.hash(this.request.body.new_password);
}
Users.updateOne({_id: user._id}, {'$set': data});
Users.updateOne({ _id: user._id }, { $set: data });
this.body = {};
}
@ -65,7 +69,7 @@ export function* events() {
let json;
try {
json = JSON.parse(message);
} catch(err) {
} catch (err) {
debug('Invalid JSON for socket auth');
this.websocket.send('Invalid authentication message. Bad JSON?');
this.raven.captureError(err);
@ -73,13 +77,13 @@ export function* events() {
try {
const reply = yield this.redis.get(json.authorization);
if (reply) {
pubsub.subscribe('/user/' + reply);
pubsub.subscribe(`/user/${reply}`);
this.websocket.send('{"status":"active"}');
debug('Subscribed to: /user/%s', reply);
} else {
this.websocket.send('Invalid authentication token.');
}
} catch(err) {
} catch (err) {
debug(err);
this.raven.captureError(err);
}