From 27a985a4bc3442fb25086b03151435bcac801240 Mon Sep 17 00:00:00 2001
From: Paul Frazee <pfrazee@gmail.com>
Date: Tue, 21 Jul 2015 11:05:17 -0500
Subject: [PATCH] fix the file httpserver to support hash-id blob hosting as
 well

---
 app/index.js     |  4 +--
 app/lib/blobs.js | 77 +++++++++++++++++++++++++++---------------------
 app/lib/files.js | 32 --------------------
 3 files changed, 45 insertions(+), 68 deletions(-)
 delete mode 100644 app/lib/files.js

diff --git a/app/index.js b/app/index.js
index 9a45e2d..57abbee 100644
--- a/app/index.js
+++ b/app/index.js
@@ -18,8 +18,8 @@ app.on('ready', function ready () {
     // setup blob and file serving
     var blobs = require('./lib/blobs')(sbot, app.getPath('userDesktop'))
     require('protocol').registerProtocol('blob', blobs.protocol)
-    http.createServer(blobs.server).listen(7777)
-    http.createServer(require('./lib/files').server).listen(7778)
+    http.createServer(blobs.server({ serveFiles: false })).listen(7777)
+    http.createServer(blobs.server({ serveFiles: true })).listen(7778)
 
     // open main window
     var mainWindow = windows.open(
diff --git a/app/lib/blobs.js b/app/lib/blobs.js
index 185737d..6566e20 100644
--- a/app/lib/blobs.js
+++ b/app/lib/blobs.js
@@ -71,42 +71,51 @@ module.exports = function (sbot, checkout_dir) {
       })
     },
 
-    server: function (req, res) {
-      // function toBuffer() {
-      //   return pull.map(function (s) { return Buffer.isBuffer(s) ? s : new Buffer(s, 'base64') })
-      // }
-
-      // local-host only
-      if (req.socket.remoteAddress != '127.0.0.1' &&
-          req.socket.remoteAddress != '::ffff:127.0.0.1' &&
-          req.socket.remoteAddress != '::1') {
-        console.log('Remote access attempted by', req.socket.remoteAddress)
-        res.writeHead(403)
-        return res.end('Remote access forbidden')
-      }
-
-      // restrict the CSP
-      res.setHeader('Content-Security-Policy', 
-        "default-src 'self' 'unsafe-inline' 'unsafe-eval' data:; "+
-        "connect-src 'self'; "+
-        "object-src 'none'; "+
-        "frame-src 'none'; "+
-        "sandbox allow-same-origin allow-scripts"
-      )
-
-      var hash = req.url.slice(1)
-      sbot.blobs.has(hash, function(err, has) {
-        if (!has) {
-          res.writeHead(404)
-          res.end('File not found')
-          return
+    server: function (opts) {
+      opts = opts || {}
+      return function (req, res) {
+        // local-host only
+        if (req.socket.remoteAddress != '127.0.0.1' &&
+            req.socket.remoteAddress != '::ffff:127.0.0.1' &&
+            req.socket.remoteAddress != '::1') {
+          console.log('Remote access attempted by', req.socket.remoteAddress)
+          res.writeHead(403)
+          return res.end('Remote access forbidden')
         }
-        pull(
-          sbot.blobs.get(hash),
-          // toBuffer(),
-          toPull(res)
+
+        // restrict the CSP
+        res.setHeader('Content-Security-Policy', 
+          "default-src 'self' 'unsafe-inline' 'unsafe-eval' data:; "+
+          "connect-src 'self'; "+
+          "object-src 'none'; "+
+          "frame-src 'none'; "+
+          "sandbox allow-same-origin allow-scripts"
         )
-      })
+
+        if (req.url.slice(-7) != '.sha256' && opts.serveFiles) {
+          // try to serve from local FS if the path is not a supported hash
+          return fs.createReadStream(req.url)
+            .on('error', function () {
+              res.writeHead(404)
+              res.end('File not found')
+            })
+            .pipe(res)
+        }
+
+        // serve blob
+        var hash = req.url.slice(-51) // hash ids are 51 chars long
+        sbot.blobs.has(hash, function(err, has) {
+          if (!has) {
+            res.writeHead(404)
+            res.end('File not found')
+            return
+          }
+          pull(
+            sbot.blobs.get(hash),
+            toPull(res)
+          )
+        })
+      }
     }
   }
 
diff --git a/app/lib/files.js b/app/lib/files.js
deleted file mode 100644
index cb543c8..0000000
--- a/app/lib/files.js
+++ /dev/null
@@ -1,32 +0,0 @@
-var path = require('path')
-var fs   = require('fs')
-
-exports.server = function (req, res) {
-  // function toBuffer() {
-  //   return pull.map(function (s) { return Buffer.isBuffer(s) ? s : new Buffer(s, 'base64') })
-  // }
-  // local-host only
-  if (req.socket.remoteAddress != '127.0.0.1' &&
-      req.socket.remoteAddress != '::ffff:127.0.0.1' &&
-      req.socket.remoteAddress != '::1') {
-    console.log('Remote access attempted by', req.socket.remoteAddress)
-    res.writeHead(403)
-    return res.end('Remote access forbidden')
-  }
-
-  // restrict the CSP
-  res.setHeader('Content-Security-Policy', 
-    "default-src 'self' localhost:7777 'unsafe-inline' 'unsafe-eval' data:; "+
-    "connect-src 'self'; "+
-    "object-src 'none'; "+
-    "frame-src 'none'; "+
-    "sandbox allow-same-origin allow-scripts"
-  )
-
-  fs.createReadStream(req.url)
-    .on('error', function () {
-      res.writeHead(404)
-      res.end('File not found')
-    })
-    .pipe(res)
-}
\ No newline at end of file