Browse Source

fix the file httpserver to support hash-id blob hosting as well

Paul Frazee 5 years ago
parent
commit
27a985a4bc
3 changed files with 45 additions and 68 deletions
  1. 2
    2
      app/index.js
  2. 43
    34
      app/lib/blobs.js
  3. 0
    32
      app/lib/files.js

+ 2
- 2
app/index.js View File

@@ -18,8 +18,8 @@ app.on('ready', function ready () {
18 18
     // setup blob and file serving
19 19
     var blobs = require('./lib/blobs')(sbot, app.getPath('userDesktop'))
20 20
     require('protocol').registerProtocol('blob', blobs.protocol)
21
-    http.createServer(blobs.server).listen(7777)
22
-    http.createServer(require('./lib/files').server).listen(7778)
21
+    http.createServer(blobs.server({ serveFiles: false })).listen(7777)
22
+    http.createServer(blobs.server({ serveFiles: true })).listen(7778)
23 23
 
24 24
     // open main window
25 25
     var mainWindow = windows.open(

+ 43
- 34
app/lib/blobs.js View File

@@ -71,42 +71,51 @@ module.exports = function (sbot, checkout_dir) {
71 71
       })
72 72
     },
73 73
 
74
-    server: function (req, res) {
75
-      // function toBuffer() {
76
-      //   return pull.map(function (s) { return Buffer.isBuffer(s) ? s : new Buffer(s, 'base64') })
77
-      // }
78
-
79
-      // local-host only
80
-      if (req.socket.remoteAddress != '127.0.0.1' &&
81
-          req.socket.remoteAddress != '::ffff:127.0.0.1' &&
82
-          req.socket.remoteAddress != '::1') {
83
-        console.log('Remote access attempted by', req.socket.remoteAddress)
84
-        res.writeHead(403)
85
-        return res.end('Remote access forbidden')
86
-      }
87
-
88
-      // restrict the CSP
89
-      res.setHeader('Content-Security-Policy', 
90
-        "default-src 'self' 'unsafe-inline' 'unsafe-eval' data:; "+
91
-        "connect-src 'self'; "+
92
-        "object-src 'none'; "+
93
-        "frame-src 'none'; "+
94
-        "sandbox allow-same-origin allow-scripts"
95
-      )
96
-
97
-      var hash = req.url.slice(1)
98
-      sbot.blobs.has(hash, function(err, has) {
99
-        if (!has) {
100
-          res.writeHead(404)
101
-          res.end('File not found')
102
-          return
74
+    server: function (opts) {
75
+      opts = opts || {}
76
+      return function (req, res) {
77
+        // local-host only
78
+        if (req.socket.remoteAddress != '127.0.0.1' &&
79
+            req.socket.remoteAddress != '::ffff:127.0.0.1' &&
80
+            req.socket.remoteAddress != '::1') {
81
+          console.log('Remote access attempted by', req.socket.remoteAddress)
82
+          res.writeHead(403)
83
+          return res.end('Remote access forbidden')
103 84
         }
104
-        pull(
105
-          sbot.blobs.get(hash),
106
-          // toBuffer(),
107
-          toPull(res)
85
+
86
+        // restrict the CSP
87
+        res.setHeader('Content-Security-Policy', 
88
+          "default-src 'self' 'unsafe-inline' 'unsafe-eval' data:; "+
89
+          "connect-src 'self'; "+
90
+          "object-src 'none'; "+
91
+          "frame-src 'none'; "+
92
+          "sandbox allow-same-origin allow-scripts"
108 93
         )
109
-      })
94
+
95
+        if (req.url.slice(-7) != '.sha256' && opts.serveFiles) {
96
+          // try to serve from local FS if the path is not a supported hash
97
+          return fs.createReadStream(req.url)
98
+            .on('error', function () {
99
+              res.writeHead(404)
100
+              res.end('File not found')
101
+            })
102
+            .pipe(res)
103
+        }
104
+
105
+        // serve blob
106
+        var hash = req.url.slice(-51) // hash ids are 51 chars long
107
+        sbot.blobs.has(hash, function(err, has) {
108
+          if (!has) {
109
+            res.writeHead(404)
110
+            res.end('File not found')
111
+            return
112
+          }
113
+          pull(
114
+            sbot.blobs.get(hash),
115
+            toPull(res)
116
+          )
117
+        })
118
+      }
110 119
     }
111 120
   }
112 121
 

+ 0
- 32
app/lib/files.js View File

@@ -1,32 +0,0 @@
1
-var path = require('path')
2
-var fs   = require('fs')
3
-
4
-exports.server = function (req, res) {
5
-  // function toBuffer() {
6
-  //   return pull.map(function (s) { return Buffer.isBuffer(s) ? s : new Buffer(s, 'base64') })
7
-  // }
8
-  // local-host only
9
-  if (req.socket.remoteAddress != '127.0.0.1' &&
10
-      req.socket.remoteAddress != '::ffff:127.0.0.1' &&
11
-      req.socket.remoteAddress != '::1') {
12
-    console.log('Remote access attempted by', req.socket.remoteAddress)
13
-    res.writeHead(403)
14
-    return res.end('Remote access forbidden')
15
-  }
16
-
17
-  // restrict the CSP
18
-  res.setHeader('Content-Security-Policy', 
19
-    "default-src 'self' localhost:7777 'unsafe-inline' 'unsafe-eval' data:; "+
20
-    "connect-src 'self'; "+
21
-    "object-src 'none'; "+
22
-    "frame-src 'none'; "+
23
-    "sandbox allow-same-origin allow-scripts"
24
-  )
25
-
26
-  fs.createReadStream(req.url)
27
-    .on('error', function () {
28
-      res.writeHead(404)
29
-      res.end('File not found')
30
-    })
31
-    .pipe(res)
32
-}

Loading…
Cancel
Save