jonathan/hostr
jonathan/hostr
1
0
Fork 0
Code Issues Pull requests 4 Projects Releases Packages 1 Wiki Activity Actions

Update stuff

Browse source
This commit is contained in:
Jonathan Cremin 2018-06-02 15:50:39 +00:00
parent 0254e42b9c
commit 553ba9db9a
40 changed files with 7343 additions and 717 deletions
Download patch file Download diff file Expand all files Collapse all files

76
web/routes/file.js
View file

@ -27,92 +27,92 @@ function hotlinkCheck(file, userAgent, referrer) {
return userAgentCheck(userAgent) || file.width || referrerCheck(referrer);
}
export function* get() {
if (this.params.size && ['150', '970'].indexOf(this.params.size) < 0) {
this.throw(404);
export async function get(ctx) {
if (ctx.params.size && ['150', '970'].indexOf(ctx.params.size) < 0) {
ctx.throw(404);
return;
}
const file = yield models.file.findOne({
const file = await models.file.findOne({
where: {
id: this.params.id,
name: this.params.name,
id: ctx.params.id,
name: ctx.params.name,
},
});
this.assert(file, 404);
ctx.assert(file, 404);
if (!hotlinkCheck(file, this.headers['user-agent'], this.headers.referer)) {
this.redirect(`/${file.id}`);
if (!hotlinkCheck(file, ctx.headers['user-agent'], ctx.headers.referer)) {
ctx.redirect(`/${file.id}`);
return;
}
if (!file.width && this.request.query.warning !== 'on') {
this.redirect(`/${file.id}`);
if (!file.width && ctx.request.query.warning !== 'on') {
ctx.redirect(`/${file.id}`);
return;
}
if (file.malware) {
const alert = this.request.query.alert;
const alert = ctx.request.query.alert;
if (!alert || !alert.match(/i want to download malware/i)) {
this.redirect(`/${file.id}`);
ctx.redirect(`/${file.id}`);
return;
}
}
let localPath = join(storePath, file.id[0], `${file.id}_${file.name}`);
let remotePath = join(file.id[0], `${file.id}_${file.name}`);
if (this.params.size > 0) {
localPath = join(storePath, file.id[0], this.params.size, `${file.id}_${file.name}`);
remotePath = join(file.id[0], this.params.size, `${file.id}_${file.name}`);
if (ctx.params.size > 0) {
localPath = join(storePath, file.id[0], ctx.params.size, `${file.id}_${file.name}`);
remotePath = join(file.id[0], ctx.params.size, `${file.id}_${file.name}`);
}
if (file.malware) {
this.statsd.incr('file.malware.download', 1);
ctx.statsd.incr('file.malware.download', 1);
}
let type = 'application/octet-stream';
if (file.width > 0) {
if (this.params.size) {
this.statsd.incr('file.view', 1);
if (ctx.params.size) {
ctx.statsd.incr('file.view', 1);
}
type = mime.lookup(file.name);
} else {
this.statsd.incr('file.download', 1);
ctx.statsd.incr('file.download', 1);
}
if (userAgentCheck(this.headers['user-agent'])) {
this.set('Content-Disposition', `attachment; filename=${file.name}`);
if (userAgentCheck(ctx.headers['user-agent'])) {
ctx.set('Content-Disposition', `attachment; filename=${file.name}`);
}
this.set('Content-type', type);
this.set('Expires', new Date(2020, 1).toISOString());
this.set('Cache-control', 'max-age=2592000');
ctx.set('Content-type', type);
ctx.set('Expires', new Date(2020, 1).toISOString());
ctx.set('Cache-control', 'max-age=2592000');
if (!this.params.size || (this.params.size && this.params.size > 150)) {
if (!ctx.params.size || (ctx.params.size && ctx.params.size > 150)) {
models.file.accessed(file.id);
}
this.body = yield hostrFileStream(localPath, remotePath);
ctx.body = await hostrFileStream(localPath, remotePath);
}
export function* resized() {
yield get.call(this);
export async function resized(ctx) {
await get.call(ctx);
}
export function* landing() {
const file = yield models.file.findOne({
export async function landing(ctx) {
const file = await models.file.findOne({
where: {
id: this.params.id,
id: ctx.params.id,
},
});
this.assert(file, 404);
if (userAgentCheck(this.headers['user-agent'])) {
this.params.name = file.name;
yield get.call(this);
ctx.assert(file, 404);
if (userAgentCheck(ctx.headers['user-agent'])) {
ctx.params.name = file.name;
await get.call(ctx);
return;
}
this.statsd.incr('file.landing', 1);
ctx.statsd.incr('file.landing', 1);
const formattedFile = formatFile(file);
yield this.render('file', { file: formattedFile });
await ctx.render('file', { file: formattedFile });
}

56
web/routes/index.js
View file

@ -1,56 +1,56 @@
import uuid from 'node-uuid';
import auth from '../lib/auth';
export function* main() {
if (this.session.user) {
if (this.query['app-token']) {
this.redirect('/');
export async function main(ctx) {
if (ctx.session.user) {
if (ctx.query['app-token']) {
ctx.redirect('/');
return;
}
const token = uuid.v4();
yield this.redis.set(token, this.session.user.id, 'EX', 604800);
this.session.user.token = token;
yield this.render('index', { user: this.session.user });
await ctx.redis.set(token, ctx.session.user.id, 'EX', 604800);
ctx.session.user.token = token;
await ctx.render('index', { user: ctx.session.user });
} else {
if (this.query['app-token']) {
const user = yield auth.fromToken(this, this.query['app-token']);
yield auth.setupSession(this, user);
this.redirect('/');
} else if (this.cookies.r) {
const user = yield auth.fromCookie(this, this.cookies.r);
yield auth.setupSession(this, user);
this.redirect('/');
if (ctx.query['app-token']) {
const user = await auth.fromToken(ctx, ctx.query['app-token']);
await auth.setupSession(ctx, user);
ctx.redirect('/');
} else if (ctx.cookies.r) {
const user = await auth.fromCookie(ctx, ctx.cookies.r);
await auth.setupSession(ctx, user);
ctx.redirect('/');
} else {
yield this.render('marketing');
await ctx.render('marketing');
}
}
}
export function* staticPage(next) {
if (this.session.user) {
export async function staticPage(ctx, next) {
if (ctx.session.user) {
const token = uuid.v4();
yield this.redis.set(token, this.session.user.id, 'EX', 604800);
this.session.user.token = token;
yield this.render('index', { user: this.session.user });
await ctx.redis.set(token, ctx.session.user.id, 'EX', 604800);
ctx.session.user.token = token;
await ctx.render('index', { user: ctx.session.user });
} else {
switch (this.originalUrl) {
switch (ctx.originalUrl) {
case '/terms':
yield this.render('terms');
await ctx.render('terms');
break;
case '/privacy':
yield this.render('privacy');
await ctx.render('privacy');
break;
case '/pricing':
yield this.render('pricing');
await ctx.render('pricing');
break;
case '/apps':
yield this.render('apps');
await ctx.render('apps');
break;
case '/stats':
yield this.render('index', { user: {} });
await ctx.render('index', { user: {} });
break;
default:
yield next;
await next();
}
}
}

138
web/routes/user.js
View file

@ -6,63 +6,63 @@ import models from '../../models';
import debugname from 'debug';
const debug = debugname('hostr-web:user');
export function* signin() {
if (!this.request.body.email) {
yield this.render('signin', { csrf: this.csrf });
export async function signin(ctx) {
if (!ctx.request.body.email) {
await ctx.render('signin', { csrf: ctx.csrf });
return;
}
this.statsd.incr('auth.attempt', 1);
this.assertCSRF(this.request.body);
const user = yield authenticate.call(this, this.request.body.email, this.request.body.password);
ctx.statsd.incr('auth.attempt', 1);
const user = await authenticate.call(ctx, ctx.request.body.email, ctx.request.body.password);
if (!user) {
this.statsd.incr('auth.failure', 1);
yield this.render('signin', { error: 'Invalid login details', csrf: this.csrf });
ctx.statsd.incr('auth.failure', 1);
await ctx.render('signin', { error: 'Invalid login details', csrf: ctx.csrf });
return;
} else if (user.activationCode) {
yield this.render('signin', {
await ctx.render('signin', {
error: 'Your account hasn\'t been activated yet. Check for an activation email.',
csrf: this.csrf,
csrf: ctx.csrf,
});
return;
}
this.statsd.incr('auth.success', 1);
yield setupSession.call(this, user);
this.redirect('/');
ctx.statsd.incr('auth.success', 1);
await setupSession.call(ctx, user);
ctx.redirect('/');
}
export function* signup() {
if (!this.request.body.email) {
yield this.render('signup', { csrf: this.csrf });
export async function signup(ctx) {
if (!ctx.request.body.email) {
await ctx.render('signup', { csrf: ctx.csrf });
return;
}
this.assertCSRF(this.request.body);
if (this.request.body.email !== this.request.body.confirm_email) {
yield this.render('signup', { error: 'Emails do not match.', csrf: this.csrf });
ctx.assertCSRF(ctx.request.body);
if (ctx.request.body.email !== ctx.request.body.confirm_email) {
await ctx.render('signup', { error: 'Emails do not match.', csrf: ctx.csrf });
return;
} else if (this.request.body.email && !this.request.body.terms) {
yield this.render('signup', { error: 'You must agree to the terms of service.',
csrf: this.csrf });
} else if (ctx.request.body.email && !ctx.request.body.terms) {
await ctx.render('signup', { error: 'You must agree to the terms of service.',
csrf: ctx.csrf });
return;
} else if (this.request.body.password && this.request.body.password.length < 7) {
yield this.render('signup', { error: 'Password must be at least 7 characters long.',
csrf: this.csrf });
} else if (ctx.request.body.password && ctx.request.body.password.length < 7) {
await ctx.render('signup', { error: 'Password must be at least 7 characters long.',
csrf: ctx.csrf });
return;
}
const ip = this.headers['x-forwarded-for'] || this.ip;
const email = this.request.body.email;
const password = this.request.body.password;
const ip = ctx.headers['x-forwarded-for'] || ctx.ip;
const email = ctx.request.body.email;
const password = ctx.request.body.password;
try {
yield signupUser.call(this, email, password, ip);
await signupUser.call(ctx, email, password, ip);
} catch (e) {
yield this.render('signup', { error: e.message, csrf: this.csrf });
await ctx.render('signup', { error: e.message, csrf: ctx.csrf });
return;
}
this.statsd.incr('auth.signup', 1);
yield this.render('signup', {
ctx.statsd.incr('auth.signup', 1);
await ctx.render('signup', {
message: 'Thanks for signing up, we\'ve sent you an email to activate your account.',
csrf: '',
});
@ -70,51 +70,51 @@ export function* signup() {
}
export function* forgot() {
const token = this.params.token;
export async function forgot(ctx) {
const token = ctx.params.token;
if (this.request.body.password) {
if (this.request.body.password.length < 7) {
yield this.render('forgot', {
if (ctx.request.body.password) {
if (ctx.request.body.password.length < 7) {
await ctx.render('forgot', {
error: 'Password needs to be at least 7 characters long.',
csrf: this.csrf,
csrf: ctx.csrf,
token,
});
return;
}
this.assertCSRF(this.request.body);
const user = yield validateResetToken(token);
ctx.assertCSRF(ctx.request.body);
const user = await validateResetToken(token);
if (user) {
yield updatePassword(user.userId, this.request.body.password);
const reset = yield models.reset.findById(token);
await updatePassword(user.userId, ctx.request.body.password);
const reset = await models.reset.findById(token);
//reset.destroy();
yield setupSession.call(this, user);
this.statsd.incr('auth.reset.success', 1);
this.redirect('/');
await setupSession.call(ctx, user);
ctx.statsd.incr('auth.reset.success', 1);
ctx.redirect('/');
}
} else if (token) {
const tokenUser = yield validateResetToken(token);
const tokenUser = await validateResetToken(token);
if (!tokenUser) {
this.statsd.incr('auth.reset.fail', 1);
yield this.render('forgot', {
ctx.statsd.incr('auth.reset.fail', 1);
await ctx.render('forgot', {
error: 'Invalid password reset token. It might be expired, or has already been used.',
csrf: this.csrf,
csrf: ctx.csrf,
token: null,
});
return;
}
yield this.render('forgot', { csrf: this.csrf, token });
await ctx.render('forgot', { csrf: ctx.csrf, token });
return;
} else if (this.request.body.email) {
this.assertCSRF(this.request.body);
} else if (ctx.request.body.email) {
ctx.assertCSRF(ctx.request.body);
try {
const email = this.request.body.email;
yield sendResetToken.call(this, email);
this.statsd.incr('auth.reset.request', 1);
yield this.render('forgot', {
const email = ctx.request.body.email;
await sendResetToken.call(ctx, email);
ctx.statsd.incr('auth.reset.request', 1);
await ctx.render('forgot', {
message: `We've sent an email with a link to reset your password.
Be sure to check your spam folder if you it doesn't appear within a few minutes`,
csrf: this.csrf,
csrf: ctx.csrf,
token: null,
});
return;
@ -122,25 +122,25 @@ export function* forgot() {
debug(error);
}
} else {
yield this.render('forgot', { csrf: this.csrf, token: null });
await ctx.render('forgot', { csrf: ctx.csrf, token: null });
}
}
export function* logout() {
this.statsd.incr('auth.logout', 1);
this.cookies.set('r', { expires: new Date(1), path: '/' });
this.session = null;
this.redirect('/');
export async function logout(ctx) {
ctx.statsd.incr('auth.logout', 1);
ctx.cookies.set('r', { expires: new Date(1), path: '/' });
ctx.session = null;
ctx.redirect('/');
}
export function* activate() {
const code = this.params.code;
if (yield activateUser.call(this, code)) {
this.statsd.incr('auth.activation', 1);
this.redirect('/');
export async function activate(ctx) {
const code = ctx.params.code;
if (await activateUser.call(ctx, code)) {
ctx.statsd.incr('auth.activation', 1);
ctx.redirect('/');
} else {
this.throw(400);
ctx.throw(400);
}
}