Merge pull request #758 from mozilla/refactor-backend

refactored server
This commit is contained in:
Danny Coates 2018-02-09 15:10:22 -08:00 committed by GitHub
commit 1e9641a40e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
36 changed files with 2944 additions and 792 deletions

View File

@ -6,3 +6,4 @@ assets
docs docs
public public
test test
coverage

3
.gitignore vendored
View File

@ -1,3 +1,6 @@
node_modules node_modules
coverage
dist dist
.idea .idea
.DS_Store
.nyc_output

View File

@ -4,13 +4,6 @@ machine:
services: services:
- docker - docker
- redis - redis
environment:
PATH: "/home/ubuntu/send/firefox:$PATH"
dependencies:
pre:
- npm i -g get-firefox geckodriver nsp
- get-firefox --platform linux --extract --target /home/ubuntu/send
deployment: deployment:
latest: latest:
@ -31,5 +24,5 @@ test:
override: override:
- npm run build - npm run build
- npm run lint - npm run lint
- npm test - npm run test:ci
- nsp check - nsp check

1794
package-lock.json generated

File diff suppressed because it is too large Load Diff

View File

@ -24,8 +24,10 @@
"contributors": "git shortlog -s | awk -F\\t '{print $2}' > CONTRIBUTORS", "contributors": "git shortlog -s | awk -F\\t '{print $2}' > CONTRIBUTORS",
"release": "npm-run-all contributors changelog", "release": "npm-run-all contributors changelog",
"test": "mocha test/unit", "test": "mocha test/unit",
"test:ci": "nyc mocha --reporter=min test/unit",
"start": "cross-env NODE_ENV=development webpack-dev-server", "start": "cross-env NODE_ENV=development webpack-dev-server",
"prod": "node server/prod.js" "prod": "node server/prod.js",
"cover": "nyc --reporter=html mocha test/unit"
}, },
"lint-staged": { "lint-staged": {
"*.js": [ "*.js": [
@ -39,6 +41,12 @@
"git add" "git add"
] ]
}, },
"nyc": {
"reporter": [
"text-summary"
],
"cache": true
},
"engines": { "engines": {
"node": ">=8.2.0" "node": ">=8.2.0"
}, },
@ -73,11 +81,13 @@
"mocha": "^5.0.0", "mocha": "^5.0.0",
"nanobus": "^4.3.2", "nanobus": "^4.3.2",
"npm-run-all": "^4.1.2", "npm-run-all": "^4.1.2",
"nsp": "^3.1.0",
"nyc": "^11.4.1",
"postcss-loader": "^2.1.0", "postcss-loader": "^2.1.0",
"prettier": "^1.10.2", "prettier": "^1.10.2",
"proxyquire": "^1.8.0", "proxyquire": "^1.8.0",
"raven-js": "^3.22.1", "raven-js": "^3.22.1",
"redis-mock": "^0.20.0", "redis-mock": "^0.21.0",
"require-from-string": "^2.0.1", "require-from-string": "^2.0.1",
"rimraf": "^2.6.2", "rimraf": "^2.6.2",
"selenium-webdriver": "^3.6.0", "selenium-webdriver": "^3.6.0",

View File

@ -1,16 +0,0 @@
const { availableLanguages } = require('../package.json');
const config = require('./config');
const fs = require('fs');
const path = require('path');
function allLangs() {
return fs.readdirSync(
path.join(__dirname, '..', 'dist', 'public', 'locales')
);
}
if (config.l10n_dev) {
module.exports = allLangs();
} else {
module.exports = availableLanguages;
}

13
server/metadata.js Normal file
View File

@ -0,0 +1,13 @@
class Metadata {
constructor(obj) {
this.dl = +obj.dl || 0;
this.dlimit = +obj.dlimit || 1;
this.pwd = String(obj.pwd) === 'true';
this.owner = obj.owner;
this.metadata = obj.metadata;
this.auth = obj.auth;
this.nonce = obj.nonce;
}
}
module.exports = Metadata;

38
server/middleware/auth.js Normal file
View File

@ -0,0 +1,38 @@
const crypto = require('crypto');
const storage = require('../storage');
module.exports = async function(req, res, next) {
const id = req.params.id;
if (id && req.header('Authorization')) {
try {
const auth = req.header('Authorization').split(' ')[1];
const meta = await storage.metadata(id);
if (!meta) {
return res.sendStatus(404);
}
const hmac = crypto.createHmac(
'sha256',
Buffer.from(meta.auth, 'base64')
);
hmac.update(Buffer.from(meta.nonce, 'base64'));
const verifyHash = hmac.digest();
if (verifyHash.equals(Buffer.from(auth, 'base64'))) {
req.nonce = crypto.randomBytes(16).toString('base64');
storage.setField(id, 'nonce', req.nonce);
res.set('WWW-Authenticate', `send-v1 ${req.nonce}`);
req.authorized = true;
req.meta = meta;
} else {
res.set('WWW-Authenticate', `send-v1 ${meta.nonce}`);
req.authorized = false;
}
} catch (e) {
req.authorized = false;
}
}
if (req.authorized) {
next();
} else {
res.sendStatus(401);
}
};

View File

@ -0,0 +1,40 @@
const { availableLanguages } = require('../../package.json');
const config = require('../config');
const fs = require('fs');
const path = require('path');
const { negotiateLanguages } = require('fluent-langneg');
const langData = require('cldr-core/supplemental/likelySubtags.json');
const acceptLanguages = /(([a-zA-Z]+(-[a-zA-Z0-9]+){0,2})|\*)(;q=[0-1](\.[0-9]+)?)?/g;
function allLangs() {
return fs.readdirSync(
path.join(__dirname, '..', '..', 'dist', 'public', 'locales')
);
}
const languages = config.l10n_dev ? allLangs() : availableLanguages;
module.exports = function(req, res, next) {
const header = req.headers['accept-language'] || 'en-US';
if (header.length > 255) {
req.language = 'en-US';
return next();
}
const langs = header.replace(/\s/g, '').match(acceptLanguages);
const preferred = langs
.map(l => {
const parts = l.split(';');
return {
locale: parts[0],
q: parts[1] ? parseFloat(parts[1].split('=')[1]) : 1
};
})
.sort((a, b) => b.q - a.q)
.map(x => x.locale);
req.language = negotiateLanguages(preferred, languages, {
strategy: 'lookup',
likelySubtags: langData.supplemental.likelySubtags,
defaultLocale: 'en-US'
})[0];
next();
};

View File

@ -0,0 +1,22 @@
const storage = require('../storage');
module.exports = async function(req, res, next) {
const id = req.params.id;
const ownerToken = req.body.owner_token;
if (id && ownerToken) {
try {
req.meta = await storage.metadata(id);
if (!req.meta) {
return res.sendStatus(404);
}
req.authorized = req.meta.owner === ownerToken;
} catch (e) {
req.authorized = false;
}
}
if (req.authorized) {
next();
} else {
res.sendStatus(401);
}
};

View File

@ -1,20 +1,9 @@
const storage = require('../storage'); const storage = require('../storage');
module.exports = async function(req, res) { module.exports = async function(req, res) {
const id = req.params.id;
const ownerToken = req.body.owner_token || req.body.delete_token;
if (!ownerToken) {
res.sendStatus(404);
return;
}
try { try {
const err = await storage.delete(id, ownerToken); await storage.del(req.params.id);
if (!err) {
res.sendStatus(200); res.sendStatus(200);
}
} catch (e) { } catch (e) {
res.sendStatus(404); res.sendStatus(404);
} }

View File

@ -1,39 +1,26 @@
const storage = require('../storage'); const storage = require('../storage');
const mozlog = require('../log'); const mozlog = require('../log');
const log = mozlog('send.download'); const log = mozlog('send.download');
const crypto = require('crypto');
module.exports = async function(req, res) { module.exports = async function(req, res) {
const id = req.params.id; const id = req.params.id;
try { try {
const auth = req.header('Authorization').split(' ')[1]; const meta = req.meta;
const meta = await storage.metadata(id);
const hmac = crypto.createHmac('sha256', Buffer.from(meta.auth, 'base64'));
hmac.update(Buffer.from(meta.nonce, 'base64'));
const verifyHash = hmac.digest();
if (!verifyHash.equals(Buffer.from(auth, 'base64'))) {
res.set('WWW-Authenticate', `send-v1 ${meta.nonce}`);
return res.sendStatus(401);
}
const nonce = crypto.randomBytes(16).toString('base64');
storage.setField(id, 'nonce', nonce);
const contentLength = await storage.length(id); const contentLength = await storage.length(id);
res.writeHead(200, { res.writeHead(200, {
'Content-Disposition': 'attachment', 'Content-Disposition': 'attachment',
'Content-Type': 'application/octet-stream', 'Content-Type': 'application/octet-stream',
'Content-Length': contentLength, 'Content-Length': contentLength,
'X-File-Metadata': meta.metadata, 'WWW-Authenticate': `send-v1 ${req.nonce}`
'WWW-Authenticate': `send-v1 ${nonce}`
}); });
const file_stream = storage.get(id); const file_stream = storage.get(id);
file_stream.on('end', async () => { file_stream.on('end', async () => {
const dl = (+meta.dl || 0) + 1; const dl = meta.dl + 1;
const dlimit = +meta.dlimit || 1; const dlimit = meta.dlimit;
try { try {
if (dl >= dlimit) { if (dl >= dlimit) {
await storage.forceDelete(id); await storage.del(id);
} else { } else {
await storage.setField(id, 'dl', dl); await storage.setField(id, 'dl', dl);
} }
@ -41,7 +28,6 @@ module.exports = async function(req, res) {
log.info('StorageError:', id); log.info('StorageError:', id);
} }
}); });
file_stream.pipe(res); file_stream.pipe(res);
} catch (e) { } catch (e) {
res.sendStatus(404); res.sendStatus(404);

View File

@ -1,13 +1,11 @@
const storage = require('../storage'); const storage = require('../storage');
module.exports = async (req, res) => { module.exports = async (req, res) => {
const id = req.params.id;
try { try {
const meta = await storage.metadata(id); const meta = await storage.metadata(req.params.id);
res.set('WWW-Authenticate', `send-v1 ${meta.nonce}`); res.set('WWW-Authenticate', `send-v1 ${meta.nonce}`);
res.send({ res.send({
password: meta.pwd !== '0' password: meta.pwd
}); });
} catch (e) { } catch (e) {
res.sendStatus(404); res.sendStatus(404);

View File

@ -1,41 +1,22 @@
const busboy = require('connect-busboy'); const busboy = require('connect-busboy');
const helmet = require('helmet'); const helmet = require('helmet');
const bodyParser = require('body-parser'); const bodyParser = require('body-parser');
const languages = require('../languages');
const storage = require('../storage'); const storage = require('../storage');
const config = require('../config'); const config = require('../config');
const auth = require('../middleware/auth');
const owner = require('../middleware/owner');
const language = require('../middleware/language');
const pages = require('./pages'); const pages = require('./pages');
const { negotiateLanguages } = require('fluent-langneg');
const IS_DEV = config.env === 'development'; const IS_DEV = config.env === 'development';
const acceptLanguages = /(([a-zA-Z]+(-[a-zA-Z0-9]+){0,2})|\*)(;q=[0-1](\.[0-9]+)?)?/g; const ID_REGEX = '([0-9a-fA-F]{10})';
const langData = require('cldr-core/supplemental/likelySubtags.json'); const uploader = busboy({
const idregx = '([0-9a-fA-F]{10})'; limits: {
fileSize: config.max_file_size
}
});
module.exports = function(app) { module.exports = function(app) {
app.use(function(req, res, next) {
const header = req.headers['accept-language'] || 'en-US';
if (header.length > 255) {
req.language = 'en-US';
return next();
}
const langs = header.replace(/\s/g, '').match(acceptLanguages);
const preferred = langs
.map(l => {
const parts = l.split(';');
return {
locale: parts[0],
q: parts[1] ? parseFloat(parts[1].split('=')[1]) : 1
};
})
.sort((a, b) => b.q - a.q)
.map(x => x.locale);
req.language = negotiateLanguages(preferred, languages, {
strategy: 'lookup',
likelySubtags: langData.supplemental.likelySubtags,
defaultLocale: 'en-US'
})[0];
next();
});
app.use(helmet()); app.use(helmet());
app.use( app.use(
helmet.hsts({ helmet.hsts({
@ -69,34 +50,27 @@ module.exports = function(app) {
}) })
); );
} }
app.use(
busboy({
limits: {
fileSize: config.max_file_size
}
})
);
app.use(function(req, res, next) { app.use(function(req, res, next) {
res.set('Pragma', 'no-cache'); res.set('Pragma', 'no-cache');
res.set('Cache-Control', 'no-cache'); res.set('Cache-Control', 'no-cache');
next(); next();
}); });
app.use(bodyParser.json()); app.use(bodyParser.json());
app.get('/', pages.index); app.get('/', language, pages.index);
app.get('/legal', pages.legal); app.get('/legal', language, pages.legal);
app.get('/jsconfig.js', require('./jsconfig')); app.get('/jsconfig.js', require('./jsconfig'));
app.get(`/share/:id${idregx}`, pages.blank); app.get(`/share/:id${ID_REGEX}`, language, pages.blank);
app.get(`/download/:id${idregx}`, pages.download); app.get(`/download/:id${ID_REGEX}`, language, pages.download);
app.get('/completed', pages.blank); app.get('/completed', language, pages.blank);
app.get('/unsupported/:reason', pages.unsupported); app.get('/unsupported/:reason', language, pages.unsupported);
app.get(`/api/download/:id${idregx}`, require('./download')); app.get(`/api/download/:id${ID_REGEX}`, auth, require('./download'));
app.get(`/api/exists/:id${idregx}`, require('./exists')); app.get(`/api/exists/:id${ID_REGEX}`, require('./exists'));
app.get(`/api/metadata/:id${idregx}`, require('./metadata')); app.get(`/api/metadata/:id${ID_REGEX}`, auth, require('./metadata'));
app.post('/api/upload', require('./upload')); app.post('/api/upload', uploader, require('./upload'));
app.post(`/api/delete/:id${idregx}`, require('./delete')); app.post(`/api/delete/:id${ID_REGEX}`, owner, require('./delete'));
app.post(`/api/password/:id${idregx}`, require('./password')); app.post(`/api/password/:id${ID_REGEX}`, owner, require('./password'));
app.post(`/api/params/:id${idregx}`, require('./params')); app.post(`/api/params/:id${ID_REGEX}`, owner, require('./params'));
app.post(`/api/info/:id${idregx}`, require('./info')); app.post(`/api/info/:id${ID_REGEX}`, owner, require('./info'));
app.get('/__version__', function(req, res) { app.get('/__version__', function(req, res) {
res.sendFile(require.resolve('../../dist/version.json')); res.sendFile(require.resolve('../../dist/version.json'));

View File

@ -1,21 +1,11 @@
const storage = require('../storage'); const storage = require('../storage');
module.exports = async function(req, res) { module.exports = async function(req, res) {
const id = req.params.id;
const ownerToken = req.body.owner_token;
if (!ownerToken) {
return res.sendStatus(400);
}
try { try {
const meta = await storage.metadata(id); const ttl = await storage.ttl(req.params.id);
if (meta.owner !== ownerToken) {
return res.sendStatus(400);
}
const ttl = await storage.ttl(id);
return res.send({ return res.send({
dlimit: +meta.dlimit, dlimit: +req.meta.dlimit,
dtotal: +meta.dl, dtotal: +req.meta.dl,
ttl ttl
}); });
} catch (e) { } catch (e) {

View File

@ -1,28 +1,14 @@
const storage = require('../storage'); const storage = require('../storage');
const crypto = require('crypto');
module.exports = async function(req, res) { module.exports = async function(req, res) {
const id = req.params.id; const id = req.params.id;
const meta = req.meta;
try { try {
const auth = req.header('Authorization').split(' ')[1];
const meta = await storage.metadata(id);
const hmac = crypto.createHmac('sha256', Buffer.from(meta.auth, 'base64'));
hmac.update(Buffer.from(meta.nonce, 'base64'));
const verifyHash = hmac.digest();
if (!verifyHash.equals(Buffer.from(auth, 'base64'))) {
res.set('WWW-Authenticate', `send-v1 ${meta.nonce}`);
return res.sendStatus(401);
}
const nonce = crypto.randomBytes(16).toString('base64');
storage.setField(id, 'nonce', nonce);
res.set('WWW-Authenticate', `send-v1 ${nonce}`);
const size = await storage.length(id); const size = await storage.length(id);
const ttl = await storage.ttl(id); const ttl = await storage.ttl(id);
res.send({ res.send({
metadata: meta.metadata, metadata: meta.metadata,
finalDownload: +meta.dl + 1 === +meta.dlimit, finalDownload: meta.dl + 1 === meta.dlimit,
size, size,
ttl ttl
}); });

View File

@ -1,23 +1,13 @@
const storage = require('../storage'); const storage = require('../storage');
module.exports = async function(req, res) { module.exports = function(req, res) {
const id = req.params.id;
const ownerToken = req.body.owner_token;
if (!ownerToken) {
return res.sendStatus(400);
}
const dlimit = req.body.dlimit; const dlimit = req.body.dlimit;
if (!dlimit || dlimit > 20) { if (!dlimit || dlimit > 20) {
return res.sendStatus(400); return res.sendStatus(400);
} }
try { try {
const meta = await storage.metadata(id); storage.setField(req.params.id, 'dlimit', dlimit);
if (meta.owner !== ownerToken) {
return res.sendStatus(400);
}
storage.setField(id, 'dlimit', dlimit);
res.sendStatus(200); res.sendStatus(200);
} catch (e) { } catch (e) {
res.sendStatus(404); res.sendStatus(404);

View File

@ -1,23 +1,15 @@
const storage = require('../storage'); const storage = require('../storage');
module.exports = async function(req, res) { module.exports = function(req, res) {
const id = req.params.id; const id = req.params.id;
const ownerToken = req.body.owner_token;
if (!ownerToken) {
return res.sendStatus(404);
}
const auth = req.body.auth; const auth = req.body.auth;
if (!auth) { if (!auth) {
return res.sendStatus(400); return res.sendStatus(400);
} }
try { try {
const meta = await storage.metadata(id);
if (meta.owner !== ownerToken) {
return res.sendStatus(404);
}
storage.setField(id, 'auth', auth); storage.setField(id, 'auth', auth);
storage.setField(id, 'pwd', 1); storage.setField(id, 'pwd', true);
res.sendStatus(200); res.sendStatus(200);
} catch (e) { } catch (e) {
return res.sendStatus(404); return res.sendStatus(404);

View File

@ -14,12 +14,8 @@ module.exports = function(req, res) {
} }
const owner = crypto.randomBytes(10).toString('hex'); const owner = crypto.randomBytes(10).toString('hex');
const meta = { const meta = {
dlimit: 1,
dl: 0,
owner, owner,
delete: owner, // delete is deprecated
metadata, metadata,
pwd: 0,
auth: auth.split(' ')[1], auth: auth.split(' ')[1],
nonce: crypto.randomBytes(16).toString('base64') nonce: crypto.randomBytes(16).toString('base64')
}; };
@ -47,7 +43,7 @@ module.exports = function(req, res) {
req.on('close', async err => { req.on('close', async err => {
try { try {
await storage.forceDelete(newId); await storage.del(newId);
} catch (e) { } catch (e) {
log.info('DeleteError:', newId); log.info('DeleteError:', newId);
} }

View File

@ -1,285 +0,0 @@
const AWS = require('aws-sdk');
const s3 = new AWS.S3();
const mkdirp = require('mkdirp');
const config = require('./config');
const fs = require('fs');
const path = require('path');
const mozlog = require('./log');
const log = mozlog('send.storage');
const redis_lib =
config.env === 'development' && config.redis_host === 'localhost'
? 'redis-mock'
: 'redis';
const redis = require(redis_lib);
const redis_client = redis.createClient({
host: config.redis_host,
connect_timeout: 10000
});
redis_client.on('error', err => {
log.error('Redis:', err);
});
const fileDir = config.file_dir;
if (config.s3_bucket) {
module.exports = {
exists: exists,
ttl: ttl,
length: awsLength,
get: awsGet,
set: awsSet,
setField: setField,
delete: awsDelete,
forceDelete: awsForceDelete,
ping: awsPing,
flushall: flushall,
quit: quit,
metadata
};
} else {
mkdirp.sync(config.file_dir);
log.info('fileDir', fileDir);
module.exports = {
exists: exists,
ttl: ttl,
length: localLength,
get: localGet,
set: localSet,
setField: setField,
delete: localDelete,
forceDelete: localForceDelete,
ping: localPing,
flushall: flushall,
quit: quit,
metadata
};
}
if (config.redis_event_expire) {
const forceDelete = config.s3_bucket ? awsForceDelete : localForceDelete;
const redis_sub = redis_client.duplicate();
const subKey = '__keyevent@0__:expired';
redis_sub.psubscribe(subKey, function() {
log.info('Redis:', 'subscribed to expired key events');
});
redis_sub.on('pmessage', function(channel, message, id) {
log.info('RedisExpired:', id);
forceDelete(id);
});
}
function flushall() {
redis_client.flushdb();
}
function quit() {
redis_client.quit();
}
function metadata(id) {
return new Promise((resolve, reject) => {
redis_client.hgetall(id, (err, reply) => {
if (err || !reply) {
return reject(err);
}
resolve(reply);
});
});
}
function ttl(id) {
return new Promise((resolve, reject) => {
redis_client.ttl(id, (err, reply) => {
if (err || !reply) {
return reject(err);
}
resolve(reply * 1000);
});
});
}
function exists(id) {
return new Promise((resolve, reject) => {
redis_client.exists(id, (rediserr, reply) => {
if (reply === 1 && !rediserr) {
resolve();
} else {
reject(rediserr);
}
});
});
}
function setField(id, key, value) {
redis_client.hset(id, key, value);
}
function localLength(id) {
return new Promise((resolve, reject) => {
try {
resolve(fs.statSync(path.join(fileDir, id)).size);
} catch (err) {
reject();
}
});
}
function localGet(id) {
return fs.createReadStream(path.join(fileDir, id));
}
function localSet(newId, file, meta) {
return new Promise((resolve, reject) => {
const filepath = path.join(fileDir, newId);
const fstream = fs.createWriteStream(filepath);
file.pipe(fstream);
file.on('limit', () => {
file.unpipe(fstream);
fstream.destroy(new Error('limit'));
});
fstream.on('finish', () => {
redis_client.hmset(newId, meta);
redis_client.expire(newId, config.expire_seconds);
log.info('localSet:', 'Upload Finished of ' + newId);
resolve(meta.owner);
});
fstream.on('error', err => {
log.error('localSet:', 'Failed upload of ' + newId);
fs.unlinkSync(filepath);
reject(err);
});
});
}
function localDelete(id, ownerToken) {
return new Promise((resolve, reject) => {
redis_client.hget(id, 'delete', (err, reply) => {
if (!reply || ownerToken !== reply) {
reject();
} else {
redis_client.del(id);
log.info('Deleted:', id);
resolve(fs.unlinkSync(path.join(fileDir, id)));
}
});
});
}
function localForceDelete(id) {
return new Promise((resolve, reject) => {
redis_client.del(id);
resolve(fs.unlinkSync(path.join(fileDir, id)));
});
}
function localPing() {
return new Promise((resolve, reject) => {
redis_client.ping(err => {
return err ? reject() : resolve();
});
});
}
function awsLength(id) {
const params = {
Bucket: config.s3_bucket,
Key: id
};
return new Promise((resolve, reject) => {
s3.headObject(params, function(err, data) {
if (!err) {
resolve(data.ContentLength);
} else {
reject();
}
});
});
}
function awsGet(id) {
const params = {
Bucket: config.s3_bucket,
Key: id
};
try {
return s3.getObject(params).createReadStream();
} catch (err) {
return null;
}
}
function awsSet(newId, file, meta) {
const params = {
Bucket: config.s3_bucket,
Key: newId,
Body: file
};
let hitLimit = false;
const upload = s3.upload(params);
file.on('limit', () => {
hitLimit = true;
upload.abort();
});
return upload.promise().then(
() => {
redis_client.hmset(newId, meta);
redis_client.expire(newId, config.expire_seconds);
},
err => {
if (hitLimit) {
throw new Error('limit');
} else {
throw err;
}
}
);
}
function awsDelete(id, ownerToken) {
return new Promise((resolve, reject) => {
redis_client.hget(id, 'delete', (err, reply) => {
if (!reply || ownerToken !== reply) {
reject();
} else {
const params = {
Bucket: config.s3_bucket,
Key: id
};
s3.deleteObject(params, function(err, _data) {
redis_client.del(id);
err ? reject(err) : resolve(err);
});
}
});
});
}
function awsForceDelete(id) {
return new Promise((resolve, reject) => {
const params = {
Bucket: config.s3_bucket,
Key: id
};
s3.deleteObject(params, function(err, _data) {
redis_client.del(id);
err ? reject(err) : resolve();
});
});
}
function awsPing() {
return localPing().then(() =>
s3.headBucket({ Bucket: config.s3_bucket }).promise()
);
}

50
server/storage/fs.js Normal file
View File

@ -0,0 +1,50 @@
const fs = require('fs');
const path = require('path');
const promisify = require('util').promisify;
const mkdirp = require('mkdirp');
const stat = promisify(fs.stat);
class FSStorage {
constructor(config, log) {
this.log = log;
this.dir = config.file_dir;
mkdirp.sync(this.dir);
}
async length(id) {
const result = await stat(path.join(this.dir, id));
return result.size;
}
getStream(id) {
return fs.createReadStream(path.join(this.dir, id));
}
set(id, file) {
return new Promise((resolve, reject) => {
const filepath = path.join(this.dir, id);
const fstream = fs.createWriteStream(filepath);
file.pipe(fstream);
file.on('limit', () => {
file.unpipe(fstream);
fstream.destroy(new Error('limit'));
});
fstream.on('error', err => {
fs.unlinkSync(filepath);
reject(err);
});
fstream.on('finish', resolve);
});
}
del(id) {
return Promise.resolve(fs.unlinkSync(path.join(this.dir, id)));
}
ping() {
return Promise.resolve();
}
}
module.exports = FSStorage;

57
server/storage/index.js Normal file
View File

@ -0,0 +1,57 @@
const config = require('../config');
const Metadata = require('../metadata');
const mozlog = require('../log');
const createRedisClient = require('./redis');
class DB {
constructor(config) {
const Storage = config.s3_bucket ? require('./s3') : require('./fs');
this.log = mozlog('send.storage');
this.expireSeconds = config.expire_seconds;
this.storage = new Storage(config, this.log);
this.redis = createRedisClient(config);
this.redis.on('error', err => {
this.log.error('Redis:', err);
});
}
async ttl(id) {
const result = await this.redis.ttlAsync(id);
return Math.ceil(result) * 1000;
}
length(id) {
return this.storage.length(id);
}
get(id) {
return this.storage.getStream(id);
}
async set(id, file, meta) {
await this.storage.set(id, file);
this.redis.hmset(id, meta);
this.redis.expire(id, this.expireSeconds);
}
setField(id, key, value) {
this.redis.hset(id, key, value);
}
del(id) {
this.redis.del(id);
return this.storage.del(id);
}
async ping() {
await this.redis.pingAsync();
await this.storage.ping();
}
async metadata(id) {
const result = await this.redis.hgetallAsync(id);
return result && new Metadata(result);
}
}
module.exports = new DB(config);

21
server/storage/redis.js Normal file
View File

@ -0,0 +1,21 @@
const promisify = require('util').promisify;
module.exports = function(config) {
const redis_lib =
config.env === 'development' && config.redis_host === 'localhost'
? 'redis-mock'
: 'redis';
//eslint-disable-next-line security/detect-non-literal-require
const redis = require(redis_lib);
const client = redis.createClient({
host: config.redis_host,
connect_timeout: 10000
});
client.ttlAsync = promisify(client.ttl);
client.hgetallAsync = promisify(client.hgetall);
client.hgetAsync = promisify(client.hget);
client.pingAsync = promisify(client.ping);
return client;
};

51
server/storage/s3.js Normal file
View File

@ -0,0 +1,51 @@
const AWS = require('aws-sdk');
const s3 = new AWS.S3();
class S3Storage {
constructor(config, log) {
this.bucket = config.s3_bucket;
this.log = log;
}
async length(id) {
const result = await s3
.headObject({ Bucket: this.bucket, Key: id })
.promise();
return result.ContentLength;
}
getStream(id) {
return s3.getObject({ Bucket: this.bucket, Key: id }).createReadStream();
}
async set(id, file) {
let hitLimit = false;
const upload = s3.upload({
Bucket: this.bucket,
Key: id,
Body: file
});
file.on('limit', () => {
hitLimit = true;
upload.abort();
});
try {
await upload.promise();
} catch (e) {
if (hitLimit) {
throw new Error('limit');
}
throw e;
}
}
del(id) {
return s3.deleteObject({ Bucket: this.bucket, Key: id }).promise();
}
ping() {
return s3.headBucket({ Bucket: this.bucket }).promise();
}
}
module.exports = S3Storage;

105
test/unit/auth-tests.js Normal file
View File

@ -0,0 +1,105 @@
const assert = require('assert');
const sinon = require('sinon');
const proxyquire = require('proxyquire').noCallThru();
const storage = {
metadata: sinon.stub(),
setField: sinon.stub()
};
function request(id, auth) {
return {
params: { id },
header: sinon.stub().returns(auth)
};
}
function response() {
return {
sendStatus: sinon.stub(),
set: sinon.stub()
};
}
const next = sinon.stub();
const storedMeta = {
auth:
'r9uFxEs9GEVaQR9CJJ0uTKFGhFSOTRjOY2FCLFlCIZ0Cr-VGTVpMGlXDbNR8RMT55trMpSrzWtBVKq1LffOT2g',
nonce: 'FL4oxA7IE1PW8shwFN9qZw=='
};
const authMiddleware = proxyquire('../../server/middleware/auth', {
'../storage': storage
});
describe('Owner Middleware', function() {
afterEach(function() {
storage.metadata.reset();
storage.setField.reset();
next.reset();
});
it('sends a 401 when no auth header is set', async function() {
const req = request('x');
const res = response();
await authMiddleware(req, res, next);
sinon.assert.calledWith(res.sendStatus, 401);
sinon.assert.notCalled(next);
});
it('sends a 404 when metadata is not found', async function() {
const req = request('x', 'y');
const res = response();
await authMiddleware(req, res, next);
sinon.assert.calledWith(res.sendStatus, 404);
sinon.assert.notCalled(next);
});
it('sends a 401 when the auth header is invalid base64', async function() {
storage.metadata.returns(Promise.resolve(storedMeta));
const req = request('x', '1');
const res = response();
await authMiddleware(req, res, next);
sinon.assert.calledWith(res.sendStatus, 401);
sinon.assert.notCalled(next);
});
it('authenticates when the hashes match', async function() {
storage.metadata.returns(Promise.resolve(storedMeta));
const req = request(
'x',
'send-v1 R7nZk14qJqZXtxpnAtw2uDIRQTRnO1qSO1Q0PiwcNA8'
);
const res = response();
await authMiddleware(req, res, next);
sinon.assert.calledOnce(next);
sinon.assert.calledWith(storage.setField, 'x', 'nonce', req.nonce);
sinon.assert.calledWith(
res.set,
'WWW-Authenticate',
`send-v1 ${req.nonce}`
);
sinon.assert.notCalled(res.sendStatus);
assert.equal(req.authorized, true);
assert.equal(req.meta, storedMeta);
assert.notEqual(req.nonce, storedMeta.nonce);
});
it('sends a 401 when the hashes do not match', async function() {
storage.metadata.returns(Promise.resolve(storedMeta));
const req = request(
'x',
'send-v1 R8nZk14qJqZXtxpnAtw2uDIRQTRnO1qSO1Q0PiwcNA8'
);
const res = response();
await authMiddleware(req, res, next);
sinon.assert.calledWith(res.sendStatus, 401);
sinon.assert.calledWith(
res.set,
'WWW-Authenticate',
`send-v1 ${storedMeta.nonce}`
);
sinon.assert.notCalled(next);
});
});

View File

@ -1,173 +0,0 @@
const assert = require('assert');
const sinon = require('sinon');
const proxyquire = require('proxyquire');
const crypto = require('crypto');
const redisStub = {};
const exists = sinon.stub();
const hget = sinon.stub();
const hmset = sinon.stub();
const expire = sinon.spy();
const del = sinon.stub();
redisStub.createClient = function() {
return {
on: sinon.spy(),
exists: exists,
hget: hget,
hmset: hmset,
expire: expire,
del: del
};
};
const fsStub = {};
fsStub.statSync = sinon.stub();
fsStub.createReadStream = sinon.stub();
fsStub.createWriteStream = sinon.stub();
fsStub.unlinkSync = sinon.stub();
const logStub = {};
logStub.info = sinon.stub();
logStub.error = sinon.stub();
const s3Stub = {};
s3Stub.headObject = sinon.stub();
s3Stub.getObject = sinon.stub();
s3Stub.upload = sinon.stub();
s3Stub.deleteObject = sinon.stub();
const awsStub = {
S3: function() {
return s3Stub;
}
};
const storage = proxyquire('../../server/storage', {
redis: redisStub,
'redis-mock': redisStub,
fs: fsStub,
'./log': function() {
return logStub;
},
'aws-sdk': awsStub,
'./config': {
s3_bucket: 'test'
}
});
describe('Testing Length using aws', function() {
it('Filesize returns properly if id exists', function() {
s3Stub.headObject.callsArgWith(1, null, { ContentLength: 1 });
return storage
.length('123')
.then(reply => assert.equal(reply, 1))
.catch(err => assert.fail());
});
it('Filesize fails if the id does not exist', function() {
s3Stub.headObject.callsArgWith(1, new Error(), null);
return storage
.length('123')
.then(_reply => assert.fail())
.catch(err => assert(1));
});
});
describe('Testing Get using aws', function() {
it('Should not error out when the file exists', function() {
const spy = sinon.spy();
s3Stub.getObject.returns({
createReadStream: spy
});
storage.get('123');
assert(spy.calledOnce);
});
it('Should error when the file does not exist', function() {
const err = function() {
throw new Error();
};
const spy = sinon.spy(err);
s3Stub.getObject.returns({
createReadStream: spy
});
assert.equal(storage.get('123'), null);
assert(spy.threw());
});
});
describe('Testing Set using aws', function() {
beforeEach(function() {
expire.resetHistory();
});
after(function() {
crypto.randomBytes.restore();
});
it('Should pass when the file is successfully uploaded', function() {
const buf = Buffer.alloc(10);
sinon.stub(crypto, 'randomBytes').returns(buf);
s3Stub.upload.returns({ promise: () => Promise.resolve() });
return storage
.set('123', { on: sinon.stub() }, 'Filename.moz', {})
.then(() => {
assert(expire.calledOnce);
assert(expire.calledWith('123', 86400));
})
.catch(err => assert.fail());
});
it('Should fail if there was an error during uploading', function() {
s3Stub.upload.returns({ promise: () => Promise.reject() });
return storage
.set('123', { on: sinon.stub() }, 'Filename.moz', 'url.com')
.then(_reply => assert.fail())
.catch(err => assert(1));
});
});
describe('Testing Delete from aws', function() {
it('Returns successfully if the id is deleted off aws', function() {
hget.callsArgWith(2, null, 'delete_token');
s3Stub.deleteObject.callsArgWith(1, null, {});
return storage
.delete('file_id', 'delete_token')
.then(_reply => assert(1), err => assert.fail());
});
it('Delete fails if id exists locally but does not in aws', function() {
hget.callsArgWith(2, null, 'delete_token');
s3Stub.deleteObject.callsArgWith(1, new Error(), {});
return storage
.delete('file_id', 'delete_token')
.then(_reply => assert.fail(), err => assert(1));
});
it('Delete fails if the delete token does not match', function() {
hget.callsArgWith(2, null, {});
return storage
.delete('Filename.moz', 'delete_token')
.then(_reply => assert.fail())
.catch(err => assert(1));
});
});
describe('Testing Forced Delete from aws', function() {
it('Deletes properly if id exists', function() {
s3Stub.deleteObject.callsArgWith(1, null, {});
return storage
.forceDelete('file_id', 'delete_token')
.then(_reply => assert(1), err => assert.fail());
});
it('Deletes fails if id does not exist', function() {
s3Stub.deleteObject.callsArgWith(1, new Error(), {});
return storage
.forceDelete('file_id')
.then(_reply => assert.fail(), err => assert(1));
});
});

43
test/unit/delete-tests.js Normal file
View File

@ -0,0 +1,43 @@
const sinon = require('sinon');
const proxyquire = require('proxyquire').noCallThru();
const storage = {
del: sinon.stub()
};
function request(id) {
return {
params: { id }
};
}
function response() {
return {
sendStatus: sinon.stub()
};
}
const delRoute = proxyquire('../../server/routes/delete', {
'../storage': storage
});
describe('/api/delete', function() {
afterEach(function() {
storage.del.reset();
});
it('calls storage.del with the id parameter', async function() {
const req = request('x');
const res = response();
await delRoute(req, res);
sinon.assert.calledWith(storage.del, 'x');
sinon.assert.calledWith(res.sendStatus, 200);
});
it('sends a 404 on failure', async function() {
storage.del.returns(Promise.reject(new Error()));
const res = response();
await delRoute(request('x'), res);
sinon.assert.calledWith(res.sendStatus, 404);
});
});

59
test/unit/info-tests.js Normal file
View File

@ -0,0 +1,59 @@
const sinon = require('sinon');
const proxyquire = require('proxyquire').noCallThru();
const storage = {
ttl: sinon.stub()
};
function request(id, meta) {
return {
params: { id },
meta
};
}
function response() {
return {
sendStatus: sinon.stub(),
send: sinon.stub()
};
}
const infoRoute = proxyquire('../../server/routes/info', {
'../storage': storage
});
describe('/api/info', function() {
afterEach(function() {
storage.ttl.reset();
});
it('calls storage.ttl with the id parameter', async function() {
const req = request('x');
const res = response();
await infoRoute(req, res);
sinon.assert.calledWith(storage.ttl, 'x');
});
it('sends a 404 on failure', async function() {
storage.ttl.returns(Promise.reject(new Error()));
const res = response();
await infoRoute(request('x'), res);
sinon.assert.calledWith(res.sendStatus, 404);
});
it('returns a json object', async function() {
storage.ttl.returns(Promise.resolve(123));
const meta = {
dlimit: '1',
dl: '0'
};
const res = response();
await infoRoute(request('x', meta), res);
sinon.assert.calledWithMatch(res.send, {
dlimit: 1,
dtotal: 0,
ttl: 123
});
});
});

View File

@ -0,0 +1,67 @@
const assert = require('assert');
const sinon = require('sinon');
const proxyquire = require('proxyquire').noCallThru();
const config = {
l10n_dev: false // prod configuration
};
const pkg = {
availableLanguages: ['en-US', 'fr', 'it', 'es-ES']
};
function request(acceptLang) {
return {
headers: {
'accept-language': acceptLang
}
};
}
const langMiddleware = proxyquire('../../server/middleware/language', {
'../config': config,
'../../package.json': pkg
});
describe('Language Middleware', function() {
it('defaults to en-US when no header is present', function() {
const req = request();
const next = sinon.stub();
langMiddleware(req, null, next);
assert.equal(req.language, 'en-US');
sinon.assert.calledOnce(next);
});
it('sets req.language to en-US when accept-language > 255 chars', function() {
const accept = Array(257).join('a');
assert.equal(accept.length, 256);
const req = request(accept);
const next = sinon.stub();
langMiddleware(req, null, next);
assert.equal(req.language, 'en-US');
sinon.assert.calledOnce(next);
});
it('defaults to en-US when no accept-language is available', function() {
const req = request('fa,cs,ja');
const next = sinon.stub();
langMiddleware(req, null, next);
assert.equal(req.language, 'en-US');
sinon.assert.calledOnce(next);
});
it('prefers higher q values', function() {
const req = request('fa;q=0.5, it;q=0.9');
const next = sinon.stub();
langMiddleware(req, null, next);
assert.equal(req.language, 'it');
sinon.assert.calledOnce(next);
});
it('uses likely subtags', function() {
const req = request('es-MX');
const next = sinon.stub();
langMiddleware(req, null, next);
assert.equal(req.language, 'es-ES');
sinon.assert.calledOn(next);
});
});

View File

@ -1,163 +0,0 @@
const assert = require('assert');
const sinon = require('sinon');
const proxyquire = require('proxyquire');
const redisStub = {};
const exists = sinon.stub();
const hget = sinon.stub();
const hmset = sinon.stub();
const expire = sinon.stub();
const del = sinon.stub();
redisStub.createClient = function() {
return {
on: sinon.spy(),
exists: exists,
hget: hget,
hmset: hmset,
expire: expire,
del: del
};
};
const fsStub = {};
fsStub.statSync = sinon.stub();
fsStub.createReadStream = sinon.stub();
fsStub.createWriteStream = sinon.stub();
fsStub.unlinkSync = sinon.stub();
const logStub = {};
logStub.info = sinon.stub();
logStub.error = sinon.stub();
const storage = proxyquire('../../server/storage', {
redis: redisStub,
'redis-mock': redisStub,
fs: fsStub,
'./log': function() {
return logStub;
}
});
describe('Testing Exists from local filesystem', function() {
it('Exists returns true when file exists', function() {
exists.callsArgWith(1, null, 1);
return storage
.exists('test')
.then(() => assert(1))
.catch(err => assert.fail());
});
it('Exists returns false when file does not exist', function() {
exists.callsArgWith(1, null, 0);
return storage
.exists('test')
.then(() => assert.fail())
.catch(err => assert(1));
});
});
describe('Testing Length from local filesystem', function() {
it('Filesize returns properly if id exists', function() {
fsStub.statSync.returns({ size: 10 });
return storage
.length('Filename.moz')
.then(_reply => assert(1))
.catch(err => assert.fail());
});
it('Filesize fails if the id does not exist', function() {
fsStub.statSync.returns(null);
return storage
.length('Filename.moz')
.then(_reply => assert.fail())
.catch(err => assert(1));
});
});
describe('Testing Get from local filesystem', function() {
it('Get returns properly if id exists', function() {
fsStub.createReadStream.returns(1);
if (storage.get('Filename.moz')) {
assert(1);
} else {
assert.fail();
}
});
it('Get fails if the id does not exist', function() {
fsStub.createReadStream.returns(null);
if (storage.get('Filename.moz')) {
assert.fail();
} else {
assert(1);
}
});
});
describe('Testing Set to local filesystem', function() {
it('Successfully writes the file to the local filesystem', function() {
const stub = sinon.stub();
stub.withArgs('finish', sinon.match.any).callsArgWithAsync(1);
stub.withArgs('error', sinon.match.any).returns(1);
fsStub.createWriteStream.returns({ on: stub });
return storage
.set('test', { pipe: sinon.stub(), on: sinon.stub() }, 'Filename.moz', {})
.then(() => {
assert(1);
})
.catch(err => assert.fail());
});
it('Fails when the file is not properly written to the local filesystem', function() {
const stub = sinon.stub();
stub.withArgs('error', sinon.match.any).callsArgWithAsync(1);
stub.withArgs('close', sinon.match.any).returns(1);
fsStub.createWriteStream.returns({ on: stub });
return storage
.set('test', { pipe: sinon.stub() }, 'Filename.moz', 'moz.la')
.then(_reply => assert.fail())
.catch(err => assert(1));
});
});
describe('Testing Delete from local filesystem', function() {
it('Deletes properly if id exists', function() {
hget.callsArgWith(2, null, '123');
fsStub.unlinkSync.returns(1);
return storage
.delete('Filename.moz', '123')
.then(reply => assert(reply))
.catch(err => assert.fail());
});
it('Delete fails if id does not exist', function() {
hget.callsArgWith(2, null, null);
return storage
.delete('Filename.moz', '123')
.then(_reply => assert.fail())
.catch(err => assert(1));
});
it('Delete fails if the delete token does not match', function() {
hget.callsArgWith(2, null, null);
return storage
.delete('Filename.moz', '123')
.then(_reply => assert.fail())
.catch(err => assert(1));
});
});
describe('Testing Forced Delete from local filesystem', function() {
it('Deletes properly if id exists', function() {
fsStub.unlinkSync.returns(1);
return storage.forceDelete('Filename.moz').then(reply => assert(reply));
});
it('Deletes fails if id does not exist, but no reject is called', function() {
fsStub.unlinkSync.returns(0);
return storage.forceDelete('Filename.moz').then(reply => assert(!reply));
});
});

View File

@ -0,0 +1,65 @@
const sinon = require('sinon');
const proxyquire = require('proxyquire').noCallThru();
const storage = {
ttl: sinon.stub(),
length: sinon.stub()
};
function request(id, meta) {
return {
params: { id },
meta
};
}
function response() {
return {
sendStatus: sinon.stub(),
send: sinon.stub()
};
}
const metadataRoute = proxyquire('../../server/routes/metadata', {
'../storage': storage
});
describe('/api/metadata', function() {
afterEach(function() {
storage.ttl.reset();
storage.length.reset();
});
it('calls storage.[ttl|length] with the id parameter', async function() {
const req = request('x');
const res = response();
await metadataRoute(req, res);
sinon.assert.calledWith(storage.ttl, 'x');
sinon.assert.calledWith(storage.length, 'x');
});
it('sends a 404 on failure', async function() {
storage.length.returns(Promise.reject(new Error()));
const res = response();
await metadataRoute(request('x'), res);
sinon.assert.calledWith(res.sendStatus, 404);
});
it('returns a json object', async function() {
storage.ttl.returns(Promise.resolve(123));
storage.length.returns(Promise.resolve(987));
const meta = {
dlimit: 1,
dl: 0,
metadata: 'foo'
};
const res = response();
await metadataRoute(request('x', meta), res);
sinon.assert.calledWithMatch(res.send, {
metadata: 'foo',
finalDownload: true,
size: 987,
ttl: 123
});
});
});

81
test/unit/owner-tests.js Normal file
View File

@ -0,0 +1,81 @@
const assert = require('assert');
const sinon = require('sinon');
const proxyquire = require('proxyquire').noCallThru();
const storage = {
metadata: sinon.stub()
};
function request(id, owner_token) {
return {
params: { id },
body: { owner_token }
};
}
function response() {
return {
sendStatus: sinon.stub()
};
}
const ownerMiddleware = proxyquire('../../server/middleware/owner', {
'../storage': storage
});
describe('Owner Middleware', function() {
afterEach(function() {
storage.metadata.reset();
});
it('sends a 404 when the id is not found', async function() {
const next = sinon.stub();
storage.metadata.returns(Promise.resolve(null));
const res = response();
await ownerMiddleware(request('x', 'y'), res);
sinon.assert.notCalled(next);
sinon.assert.calledWith(res.sendStatus, 404);
});
it('sends a 401 when the owner_token is missing', async function() {
const next = sinon.stub();
const meta = { owner: 'y' };
storage.metadata.returns(Promise.resolve(meta));
const res = response();
await ownerMiddleware(request('x', null), res);
sinon.assert.notCalled(next);
sinon.assert.calledWith(res.sendStatus, 401);
});
it('sends a 401 when the owner_token does not match', async function() {
const next = sinon.stub();
const meta = { owner: 'y' };
storage.metadata.returns(Promise.resolve(meta));
const res = response();
await ownerMiddleware(request('x', 'z'), res);
sinon.assert.notCalled(next);
sinon.assert.calledWith(res.sendStatus, 401);
});
it('sends a 401 if the metadata call fails', async function() {
const next = sinon.stub();
storage.metadata.returns(Promise.reject(new Error()));
const res = response();
await ownerMiddleware(request('x', 'y'), res);
sinon.assert.notCalled(next);
sinon.assert.calledWith(res.sendStatus, 401);
});
it('sets req.meta and req.authorized on successful auth', async function() {
const next = sinon.stub();
const meta = { owner: 'y' };
storage.metadata.returns(Promise.resolve(meta));
const req = request('x', 'y');
const res = response();
await ownerMiddleware(req, res, next);
assert.equal(req.meta, meta);
assert.equal(req.authorized, true);
sinon.assert.notCalled(res.sendStatus);
sinon.assert.calledOnce(next);
});
});

56
test/unit/params-tests.js Normal file
View File

@ -0,0 +1,56 @@
const sinon = require('sinon');
const proxyquire = require('proxyquire').noCallThru();
const storage = {
setField: sinon.stub()
};
function request(id) {
return {
params: { id },
body: {}
};
}
function response() {
return {
sendStatus: sinon.stub()
};
}
const paramsRoute = proxyquire('../../server/routes/params', {
'../storage': storage
});
describe('/api/params', function() {
afterEach(function() {
storage.setField.reset();
});
it('calls storage.setField with the correct parameter', function() {
const req = request('x');
const dlimit = 2;
req.body.dlimit = dlimit;
const res = response();
paramsRoute(req, res);
sinon.assert.calledWith(storage.setField, 'x', 'dlimit', dlimit);
sinon.assert.calledWith(res.sendStatus, 200);
});
it('sends a 400 if dlimit is too large', function() {
const req = request('x');
const res = response();
req.body.dlimit = 21;
paramsRoute(req, res);
sinon.assert.calledWith(res.sendStatus, 400);
});
it('sends a 404 on failure', function() {
storage.setField.throws(new Error());
const req = request('x');
const res = response();
req.body.dlimit = 2;
paramsRoute(req, res);
sinon.assert.calledWith(res.sendStatus, 404);
});
});

View File

@ -0,0 +1,53 @@
const sinon = require('sinon');
const proxyquire = require('proxyquire').noCallThru();
const storage = {
setField: sinon.stub()
};
function request(id, body) {
return {
params: { id },
body
};
}
function response() {
return {
sendStatus: sinon.stub()
};
}
const passwordRoute = proxyquire('../../server/routes/password', {
'../storage': storage
});
describe('/api/password', function() {
afterEach(function() {
storage.setField.reset();
});
it('calls storage.setField with the correct parameter', function() {
const req = request('x', { auth: 'z' });
const res = response();
passwordRoute(req, res);
sinon.assert.calledWith(storage.setField, 'x', 'auth', 'z');
sinon.assert.calledWith(storage.setField, 'x', 'pwd', true);
sinon.assert.calledWith(res.sendStatus, 200);
});
it('sends a 400 if auth is missing', function() {
const req = request('x', {});
const res = response();
passwordRoute(req, res);
sinon.assert.calledWith(res.sendStatus, 400);
});
it('sends a 404 on failure', function() {
storage.setField.throws(new Error());
const req = request('x', { auth: 'z' });
const res = response();
passwordRoute(req, res);
sinon.assert.calledWith(res.sendStatus, 404);
});
});

154
test/unit/s3-tests.js Normal file
View File

@ -0,0 +1,154 @@
const assert = require('assert');
const sinon = require('sinon');
const proxyquire = require('proxyquire').noCallThru();
function resolvedPromise(val) {
return {
promise: () => Promise.resolve(val)
};
}
function rejectedPromise(err) {
return {
promise: () => Promise.reject(err)
};
}
const s3Stub = {
headObject: sinon.stub(),
getObject: sinon.stub(),
upload: sinon.stub(),
deleteObject: sinon.stub()
};
const awsStub = {
S3: function() {
return s3Stub;
}
};
const S3Storage = proxyquire('../../server/storage/s3', {
'aws-sdk': awsStub
});
describe('S3Storage', function() {
it('uses config.s3_bucket', function() {
const s = new S3Storage({ s3_bucket: 'foo' });
assert.equal(s.bucket, 'foo');
});
describe('length', function() {
it('returns the ContentLength', async function() {
s3Stub.headObject = sinon
.stub()
.returns(resolvedPromise({ ContentLength: 123 }));
const s = new S3Storage({ s3_bucket: 'foo' });
const len = await s.length('x');
assert.equal(len, 123);
sinon.assert.calledWithMatch(s3Stub.headObject, {
Bucket: 'foo',
Key: 'x'
});
});
it('throws when id not found', async function() {
const err = new Error();
s3Stub.headObject = sinon.stub().returns(rejectedPromise(err));
const s = new S3Storage({ s3_bucket: 'foo' });
try {
await s.length('x');
assert.fail();
} catch (e) {
assert.equal(e, err);
}
});
});
describe('getStream', function() {
it('returns a Stream object', function() {
const stream = {};
s3Stub.getObject = sinon
.stub()
.returns({ createReadStream: () => stream });
const s = new S3Storage({ s3_bucket: 'foo' });
const result = s.getStream('x');
assert.equal(result, stream);
sinon.assert.calledWithMatch(s3Stub.getObject, {
Bucket: 'foo',
Key: 'x'
});
});
});
describe('set', function() {
it('calls s3.upload', async function() {
const file = { on: sinon.stub() };
s3Stub.upload = sinon.stub().returns(resolvedPromise());
const s = new S3Storage({ s3_bucket: 'foo' });
await s.set('x', file);
sinon.assert.calledWithMatch(s3Stub.upload, {
Bucket: 'foo',
Key: 'x',
Body: file
});
});
it('aborts upload if limit is hit', async function() {
const file = {
on: (ev, fn) => fn()
};
const abort = sinon.stub();
const err = new Error();
s3Stub.upload = sinon.stub().returns({
promise: () => Promise.reject(err),
abort
});
const s = new S3Storage({ s3_bucket: 'foo' });
try {
await s.set('x', file);
assert.fail();
} catch (e) {
assert.equal(e.message, 'limit');
sinon.assert.calledOnce(abort);
}
});
it('throws when s3.upload fails', async function() {
const file = {
on: sinon.stub()
};
const err = new Error();
s3Stub.upload = sinon.stub().returns(rejectedPromise(err));
const s = new S3Storage({ s3_bucket: 'foo' });
try {
await s.set('x', file);
assert.fail();
} catch (e) {
assert.equal(e, err);
}
});
});
describe('del', function() {
it('calls s3.deleteObject', async function() {
s3Stub.deleteObject = sinon.stub().returns(resolvedPromise(true));
const s = new S3Storage({ s3_bucket: 'foo' });
const result = await s.del('x');
assert.equal(result, true);
sinon.assert.calledWithMatch(s3Stub.deleteObject, {
Bucket: 'foo',
Key: 'x'
});
});
});
describe('ping', function() {
it('calls s3.headBucket', async function() {
s3Stub.headBucket = sinon.stub().returns(resolvedPromise(true));
const s = new S3Storage({ s3_bucket: 'foo' });
const result = await s.ping();
assert.equal(result, true);
sinon.assert.calledWithMatch(s3Stub.headBucket, { Bucket: 'foo' });
});
});
});

118
test/unit/storage-tests.js Normal file
View File

@ -0,0 +1,118 @@
const assert = require('assert');
const proxyquire = require('proxyquire').noCallThru();
const stream = {};
class MockStorage {
length() {
return Promise.resolve(12);
}
getStream() {
return stream;
}
set() {
return Promise.resolve();
}
del() {
return Promise.resolve();
}
ping() {
return Promise.resolve();
}
}
const expire_seconds = 10;
const storage = proxyquire('../../server/storage', {
'../config': {
expire_seconds,
s3_bucket: 'foo',
env: 'development',
redis_host: 'localhost'
},
'../log': () => {},
'./s3': MockStorage
});
describe('Storage', function() {
describe('ttl', function() {
it('returns milliseconds remaining', async function() {
await storage.set('x', null, { foo: 'bar' });
const ms = await storage.ttl('x');
await storage.del('x');
assert.equal(ms, expire_seconds * 1000);
});
});
describe('length', function() {
it('returns the file size', async function() {
const len = await storage.length('x');
assert.equal(len, 12);
});
});
describe('get', function() {
it('returns a stream', function() {
const s = storage.get('x');
assert.equal(s, stream);
});
});
describe('set', function() {
it('sets expiration to config.expire_seconds', async function() {
await storage.set('x', null, { foo: 'bar' });
const s = await storage.redis.ttlAsync('x');
await storage.del('x');
assert.equal(Math.ceil(s), expire_seconds);
});
it('sets metadata', async function() {
const m = { foo: 'bar' };
await storage.set('x', null, m);
const meta = await storage.redis.hgetallAsync('x');
await storage.del('x');
assert.deepEqual(meta, m);
});
//it('throws when storage fails');
});
describe('setField', function() {
it('works', async function() {
storage.setField('x', 'y', 'z');
const z = await storage.redis.hgetAsync('x', 'y');
assert.equal(z, 'z');
await storage.del('x');
});
});
describe('del', function() {
it('works', async function() {
await storage.set('x', null, { foo: 'bar' });
await storage.del('x');
const meta = await storage.metadata('x');
assert.equal(meta, null);
});
});
describe('ping', function() {
it('works', async function() {
await storage.ping();
});
});
describe('metadata', function() {
it('returns all metadata fields', async function() {
const m = {
pwd: true,
dl: 1,
dlimit: 1,
auth: 'foo',
metadata: 'bar',
nonce: 'baz',
owner: 'bmo'
};
await storage.set('x', null, m);
const meta = await storage.metadata('x');
assert.deepEqual(meta, m);
});
});
});