diff --git a/frontend/src/fileSender.js b/frontend/src/fileSender.js index ee433928..f2ed169d 100644 --- a/frontend/src/fileSender.js +++ b/frontend/src/fileSender.js @@ -102,14 +102,14 @@ class FileSender extends EventEmitter { const responseObj = JSON.parse(xhr.responseText); resolve({ url: responseObj.url, - fileId: fileId, + fileId: responseObj.id, secretKey: keydata.k, deleteToken: responseObj.uuid }); } }; - xhr.open('post', '/upload/' + fileId, true); + xhr.open('post', '/upload', true); xhr.setRequestHeader( 'X-File-Metadata', JSON.stringify({ diff --git a/server/portal_server.js b/server/portal_server.js index 50d4c732..4cb60008 100644 --- a/server/portal_server.js +++ b/server/portal_server.js @@ -8,6 +8,7 @@ const bytes = require('bytes'); const conf = require('./config.js'); const storage = require('./storage.js'); const Raven = require('raven'); +const crypto = require('crypto'); if (conf.sentry_dsn) { Raven.config(conf.sentry_dsn).install(); @@ -136,24 +137,23 @@ app.post('/delete/:id', (req, res) => { .catch(err => res.sendStatus(404)); }); -app.post('/upload/:id', (req, res, next) => { - if (!validateIV(req.params.id)) { - res.sendStatus(404); - return; - } - const meta = JSON.parse(req.header('X-File-Metadata')); +app.post('/upload', (req, res, next) => { + const newId = crypto.randomBytes(5).toString('hex'); + let meta = JSON.parse(req.header('X-File-Metadata')); + meta.delete = crypto.randomBytes(10).toString('hex'); log.info('meta', meta); req.pipe(req.busboy); req.busboy.on('file', (fieldname, file, filename) => { - log.info('Uploading:', req.params.id); + log.info('Uploading:', newId); - storage.set(req.params.id, file, filename, meta).then(([delete_token, new_id]) => { + storage.set(meta.iv, newId, file, filename, meta).then(() => { const protocol = conf.env === 'production' ? 'https' : req.protocol; - const url = `${protocol}://${req.get('host')}/download/${new_id}/`; + const url = `${protocol}://${req.get('host')}/download/${newId}/`; res.json({ url, - delete: delete_token + delete: meta.delete, + id: newId }); }); }); diff --git a/server/storage.js b/server/storage.js index ffa0a187..a4f9b673 100644 --- a/server/storage.js +++ b/server/storage.js @@ -116,22 +116,20 @@ function localGet(id) { return fs.createReadStream(path.join(__dirname, '../static', id)); } -function localSet(id, file, filename, meta) { +function localSet(id, newId, file, filename, meta) { return new Promise((resolve, reject) => { - const new_id = crypto.randomBytes(5).toString('hex'); - const fstream = fs.createWriteStream(path.join(__dirname, '../static', new_id)); + const fstream = fs.createWriteStream(path.join(__dirname, '../static', newId)); file.pipe(fstream); fstream.on('close', () => { - meta.delete = crypto.randomBytes(10).toString('hex'); meta.id = id; - redis_client.hmset(new_id, meta); + redis_client.hmset(newId, meta); redis_client.expire(id, 86400000); - log.info('localSet:', 'Upload Finished of ' + new_id); - resolve([meta.delete, new_id]); + log.info('localSet:', 'Upload Finished of ' + newId); + resolve(meta.delete); }); fstream.on('error', () => { - log.error('localSet:', 'Failed upload of ' + new_id); + log.error('localSet:', 'Failed upload of ' + newId); reject(); }); }); @@ -195,11 +193,10 @@ function awsGet(id) { } } -function awsSet(id, file, filename, meta) { - const new_id = crypto.randomBytes(5).toString('hex'); +function awsSet(id, newId, file, filename, meta) { const params = { Bucket: conf.s3_bucket, - Key: new_id, + Key: newId, Body: file }; @@ -209,13 +206,12 @@ function awsSet(id, file, filename, meta) { log.info('awsUploadError:', err.stack); // an error occurred reject(); } else { - meta.delete = crypto.randomBytes(10).toString('hex'); meta.id = id; - redis_client.hmset(new_id, meta); + redis_client.hmset(newId, meta); redis_client.expire(id, 86400000); log.info('awsUploadFinish', 'Upload Finished of ' + filename); - resolve([meta.delete, new_id]); + resolve(meta.delete); } }); });