jonathan/hostr
jonathan/hostr
1
0
Fork 0
Code Issues Pull requests 4 Projects Releases Packages 1 Wiki Activity Actions

Get linting passing again

Browse source
This commit is contained in:
Jonathan Cremin 2016-06-06 15:37:00 +01:00
parent 4f95f27400
commit 494f66d388
21 changed files with 367 additions and 212 deletions
Download patch file Download diff file Expand all files Collapse all files

55
web/routes/file.js
View file

@ -1,10 +1,16 @@
import path from 'path';
import { join } from 'path';
import mime from 'mime-types';
import hostrFileStream from '../../lib/hostr-file-stream';
import { formatFile } from '../../lib/format';
const storePath = process.env.UPLOAD_STORAGE_PATH;
const referrerRegexes = [
/^https:\/\/hostr.co/,
/^https:\/\/localhost.hostr.co/,
/^http:\/\/localhost:4040/,
];
function userAgentCheck(userAgent) {
if (!userAgent) {
return false;
@ -12,34 +18,45 @@ function userAgentCheck(userAgent) {
return userAgent.match(/^(wget|curl|vagrant)/i);
}
function referrerCheck(referrer) {
return referrer && referrerRegexes.some((regex) => referrer.match(regex));
}
function hotlinkCheck(file, userAgent, referrer) {
return !userAgentCheck(userAgent) && !file.width && (!referrer || !(referrer.match(/^https:\/\/hostr.co/) || referrer.match(/^http:\/\/localhost:4040/)));
return userAgentCheck(userAgent) || file.width || referrerCheck(referrer);
}
export function* get() {
const file = yield this.db.Files.findOne({_id: this.params.id, 'file_name': this.params.name, 'status': 'active'});
const file = yield this.db.Files.findOne({
_id: this.params.id,
file_name: this.params.name,
status: 'active',
});
this.assert(file, 404);
if (hotlinkCheck(file, this.headers['user-agent'], this.headers.referer)) {
return this.redirect('/' + file._id);
if (!hotlinkCheck(file, this.headers['user-agent'], this.headers.referer)) {
this.redirect(`/${file._id}`);
return;
}
if (!file.width && this.request.query.warning !== 'on') {
return this.redirect('/' + file._id);
this.redirect(`/${file._id}`);
return;
}
if (file.malware) {
const alert = this.request.query.alert;
if (!alert || !alert.match(/i want to download malware/i)) {
return this.redirect('/' + file._id);
this.redirect(`/${file._id}`);
return;
}
}
let localPath = path.join(storePath, file._id[0], file._id + '_' + file.file_name);
let remotePath = path.join(file._id[0], file._id + '_' + file.file_name);
let localPath = join(storePath, file._id[0], `${file._id}_${file.file_name}`);
let remotePath = join(file._id[0], `${file._id}_${file.file_name}`);
if (this.params.size > 0) {
localPath = path.join(storePath, file._id[0], this.params.size, file._id + '_' + file.file_name);
remotePath = path.join(file._id[0], this.params.size, file._id + '_' + file.file_name);
localPath = join(storePath, file._id[0], this.params.size, `${file._id}_${file.file_name}`);
remotePath = join(file._id[0], this.params.size, `${file._id}_${file.file_name}`);
}
if (file.malware) {
@ -57,7 +74,7 @@ export function* get() {
}
if (userAgentCheck(this.headers['user-agent'])) {
this.set('Content-Disposition', 'attachment; filename=' + file.file_name);
this.set('Content-Disposition', `attachment; filename=${file.file_name}`);
}
this.set('Content-type', type);
@ -66,10 +83,9 @@ export function* get() {
if (!this.params.size || (this.params.size && this.params.size > 150)) {
this.db.Files.updateOne(
{'_id': file._id},
{'$set': {'last_accessed': Math.ceil(Date.now() / 1000)}, '$inc': {downloads: 1}},
{'w': 0}
);
{ _id: file._id },
{ $set: { last_accessed: Math.ceil(Date.now() / 1000) }, $inc: { downloads: 1 } },
{ w: 0 });
}
this.body = yield hostrFileStream(localPath, remotePath);
@ -80,14 +96,15 @@ export function* resized() {
}
export function* landing() {
const file = yield this.db.Files.findOne({_id: this.params.id, status: 'active'});
const file = yield this.db.Files.findOne({ _id: this.params.id, status: 'active' });
this.assert(file, 404);
if (userAgentCheck(this.headers['user-agent'])) {
this.params.name = file.file_name;
return yield get.call(this);
yield get.call(this);
return;
}
this.statsd.incr('file.landing', 1);
const formattedFile = formatFile(file);
yield this.render('file', {file: formattedFile});
yield this.render('file', { file: formattedFile });
}

41
web/routes/index.js
View file

@ -4,12 +4,13 @@ import auth from '../lib/auth';
export function* main() {
if (this.session.user) {
if (this.query['app-token']) {
return this.redirect('/');
this.redirect('/');
return;
}
const token = uuid.v4();
yield this.redis.set(token, this.session.user.id, 'EX', 604800);
this.session.user.token = token;
yield this.render('index', {user: this.session.user});
yield this.render('index', { user: this.session.user });
} else {
if (this.query['app-token']) {
const user = yield auth.fromToken(this, this.query['app-token']);
@ -30,26 +31,26 @@ export function* staticPage(next) {
const token = uuid.v4();
yield this.redis.set(token, this.session.user.id, 'EX', 604800);
this.session.user.token = token;
yield this.render('index', {user: this.session.user});
yield this.render('index', { user: this.session.user });
} else {
switch (this.originalUrl) {
case '/terms':
yield this.render('terms');
break;
case '/privacy':
yield this.render('privacy');
break;
case '/pricing':
yield this.render('pricing');
break;
case '/apps':
yield this.render('apps');
break;
case '/stats':
yield this.render('index', {user: {}});
break;
default:
yield next;
case '/terms':
yield this.render('terms');
break;
case '/privacy':
yield this.render('privacy');
break;
case '/pricing':
yield this.render('pricing');
break;
case '/apps':
yield this.render('apps');
break;
case '/stats':
yield this.render('index', { user: {} });
break;
default:
yield next;
}
}
}

30
web/routes/pro.js
View file

@ -1,13 +1,13 @@
import path from 'path';
import views from 'co-views';
const render = views(path.join(__dirname, '/../views'), { default: 'ejs'});
const render = views(path.join(__dirname, '/../views'), { default: 'ejs' });
import Stripe from 'stripe';
const stripe = new Stripe(process.env.STRIPE_SECRET_KEY);
import sendgridInit from 'sendgrid';
const sendgrid = sendgridInit(process.env.SENDGRID_KEY);
const fromEmail = process.env.EMAIL_FROM;
const fromName = process.env.EMAIL_NAME;
const from = process.env.EMAIL_FROM;
const fromname = process.env.EMAIL_NAME;
export function* create() {
const Users = this.db.Users;
@ -26,10 +26,11 @@ export function* create() {
delete customer.subscriptions;
yield Users.updateOne({_id: this.session.user.id}, {'$set': {'stripe_customer': customer, type: 'Pro'}});
yield Users.updateOne({ _id: this.session.user.id },
{ $set: { stripe_customer: customer, type: 'Pro' } });
const transaction = {
'user_id': this.session.user.id,
user_id: this.session.user.id,
amount: customer.subscription.plan.amount,
desc: customer.subscription.plan.name,
date: new Date(customer.subscription.plan.created * 1000),
@ -38,7 +39,7 @@ export function* create() {
yield Transactions.insertOne(transaction);
this.session.user.plan = 'Pro';
this.body = {status: 'active'};
this.body = { status: 'active' };
const html = yield render('email/inlined/pro');
const text = `Hey, thanks for upgrading to Hostr Pro!
@ -50,11 +51,11 @@ export function* create() {
const mail = new sendgrid.Email({
to: this.session.user.email,
from: fromEmail,
fromname: fromName,
html: html,
text: text,
subject: 'Hostr Pro',
from,
fromname,
html,
text,
});
mail.addCategory('pro-upgrade');
sendgrid.send(mail);
@ -63,16 +64,17 @@ export function* create() {
export function* cancel() {
this.assertCSRF();
const Users = this.db.Users;
const user = yield Users.findOne({_id: this.session.user.id});
const user = yield Users.findOne({ _id: this.session.user.id });
const confirmation = yield stripe.customers.cancelSubscription(
user.stripe_customer.id,
user.stripe_customer.subscription.id,
{ 'at_period_end': true }
{ at_period_end: true }
);
yield Users.updateOne({_id: this.session.user.id}, {'$set': {'stripe_customer.subscription': confirmation, type: 'Free'}});
yield Users.updateOne({ _id: this.session.user.id },
{ $set: { 'stripe_customer.subscription': confirmation, type: 'Free' } });
this.session.user.plan = 'Pro';
this.body = {status: 'inactive'};
this.body = { status: 'inactive' };
}

73
web/routes/user.js
View file

@ -1,10 +1,14 @@
import { authenticate, setupSession, signup as signupUser, activateUser, sendResetToken, validateResetToken, updatePassword } from '../lib/auth';
import {
authenticate, setupSession, signup as signupUser, activateUser, sendResetToken,
validateResetToken, updatePassword,
} from '../lib/auth';
import debugname from 'debug';
const debug = debugname('hostr-web:user');
export function* signin() {
if (!this.request.body.email) {
return yield this.render('signin', {csrf: this.csrf});
yield this.render('signin', { csrf: this.csrf });
return;
}
this.statsd.incr('auth.attempt', 1);
@ -12,9 +16,14 @@ export function* signin() {
const user = yield authenticate.call(this, this.request.body.email, this.request.body.password);
if (!user) {
this.statsd.incr('auth.failure', 1);
return yield this.render('signin', {error: 'Invalid login details', csrf: this.csrf});
yield this.render('signin', { error: 'Invalid login details', csrf: this.csrf });
return;
} else if (user.activationCode) {
return yield this.render('signin', {error: 'Your account hasn\'t been activated yet. Check your for an activation email.', csrf: this.csrf});
yield this.render('signin', {
error: 'Your account hasn\'t been activated yet. Check your for an activation email.',
csrf: this.csrf,
});
return;
}
this.statsd.incr('auth.success', 1);
yield setupSession.call(this, user);
@ -24,16 +33,22 @@ export function* signin() {
export function* signup() {
if (!this.request.body.email) {
return yield this.render('signup', {csrf: this.csrf});
yield this.render('signup', { csrf: this.csrf });
return;
}
this.assertCSRF(this.request.body);
if (this.request.body.email !== this.request.body.confirm_email) {
return yield this.render('signup', {error: 'Emails do not match.', csrf: this.csrf});
yield this.render('signup', { error: 'Emails do not match.', csrf: this.csrf });
return;
} else if (this.request.body.email && !this.request.body.terms) {
return yield this.render('signup', {error: 'You must agree to the terms of service.', csrf: this.csrf});
yield this.render('signup', { error: 'You must agree to the terms of service.',
csrf: this.csrf });
return;
} else if (this.request.body.password && this.request.body.password.length < 7) {
return yield this.render('signup', {error: 'Password must be at least 7 characters long.', csrf: this.csrf});
yield this.render('signup', { error: 'Password must be at least 7 characters long.',
csrf: this.csrf });
return;
}
const ip = this.headers['x-real-ip'] || this.ip;
const email = this.request.body.email;
@ -41,10 +56,15 @@ export function* signup() {
try {
yield signupUser.call(this, email, password, ip);
} catch (e) {
return yield this.render('signup', {error: e.message, csrf: this.csrf});
yield this.render('signup', { error: e.message, csrf: this.csrf });
return;
}
this.statsd.incr('auth.signup', 1);
return yield this.render('signup', {message: 'Thanks for signing up, we\'ve sent you an email to activate your account.', csrf: ''});
yield this.render('signup', {
message: 'Thanks for signing up, we\'ve sent you an email to activate your account.',
csrf: '',
});
return;
}
@ -55,14 +75,19 @@ export function* forgot() {
if (this.request.body.password) {
if (this.request.body.password.length < 7) {
return yield this.render('forgot', {error: 'Password needs to be at least 7 characters long.', token: token, csrf: this.csrf});
yield this.render('forgot', {
error: 'Password needs to be at least 7 characters long.',
csrf: this.csrf,
token,
});
return;
}
this.assertCSRF(this.request.body);
const tokenUser = yield validateResetToken.call(this, token);
const userId = tokenUser._id;
yield updatePassword.call(this, userId, this.request.body.password);
yield Reset.deleteOne({_id: userId});
const user = yield Users.findOne({_id: userId});
yield Reset.deleteOne({ _id: userId });
const user = yield Users.findOne({ _id: userId });
yield setupSession.call(this, user);
this.statsd.incr('auth.reset.success', 1);
this.redirect('/');
@ -70,28 +95,40 @@ export function* forgot() {
const tokenUser = yield validateResetToken.call(this, token);
if (!tokenUser) {
this.statsd.incr('auth.reset.fail', 1);
return yield this.render('forgot', {error: 'Invalid password reset token. It might be expired, or has already been used.', token: null, csrf: this.csrf});
yield this.render('forgot', {
error: 'Invalid password reset token. It might be expired, or has already been used.',
csrf: this.csrf,
token: null,
});
return;
}
return yield this.render('forgot', {token: token, csrf: this.csrf});
yield this.render('forgot', { csrf: this.csrf, token });
return;
} else if (this.request.body.email) {
this.assertCSRF(this.request.body);
try {
const email = this.request.body.email;
yield sendResetToken.call(this, email);
this.statsd.incr('auth.reset.request', 1);
return yield this.render('forgot', {message: 'We\'ve sent an email with a link to reset your password. Be sure to check your spam folder if you it doesn\'t appear within a few minutes', token: null, csrf: this.csrf});
yield this.render('forgot', {
message: `We've sent an email with a link to reset your password.
Be sure to check your spam folder if you it doesn't appear within a few minutes`,
csrf: this.csrf,
token: null,
});
return;
} catch (error) {
debug(error);
}
} else {
yield this.render('forgot', {token: null, csrf: this.csrf});
yield this.render('forgot', { csrf: this.csrf, token: null });
}
}
export function* logout() {
this.statsd.incr('auth.logout', 1);
this.cookies.set('r', {expires: new Date(1), path: '/'});
this.cookies.set('r', { expires: new Date(1), path: '/' });
this.session = null;
this.redirect('/');
}