fix the file httpserver to support hash-id blob hosting as well
This commit is contained in:
parent
99752271fe
commit
27a985a4bc
@ -18,8 +18,8 @@ app.on('ready', function ready () {
|
||||
// setup blob and file serving
|
||||
var blobs = require('./lib/blobs')(sbot, app.getPath('userDesktop'))
|
||||
require('protocol').registerProtocol('blob', blobs.protocol)
|
||||
http.createServer(blobs.server).listen(7777)
|
||||
http.createServer(require('./lib/files').server).listen(7778)
|
||||
http.createServer(blobs.server({ serveFiles: false })).listen(7777)
|
||||
http.createServer(blobs.server({ serveFiles: true })).listen(7778)
|
||||
|
||||
// open main window
|
||||
var mainWindow = windows.open(
|
||||
|
@ -71,42 +71,51 @@ module.exports = function (sbot, checkout_dir) {
|
||||
})
|
||||
},
|
||||
|
||||
server: function (req, res) {
|
||||
// function toBuffer() {
|
||||
// return pull.map(function (s) { return Buffer.isBuffer(s) ? s : new Buffer(s, 'base64') })
|
||||
// }
|
||||
|
||||
// local-host only
|
||||
if (req.socket.remoteAddress != '127.0.0.1' &&
|
||||
req.socket.remoteAddress != '::ffff:127.0.0.1' &&
|
||||
req.socket.remoteAddress != '::1') {
|
||||
console.log('Remote access attempted by', req.socket.remoteAddress)
|
||||
res.writeHead(403)
|
||||
return res.end('Remote access forbidden')
|
||||
}
|
||||
|
||||
// restrict the CSP
|
||||
res.setHeader('Content-Security-Policy',
|
||||
"default-src 'self' 'unsafe-inline' 'unsafe-eval' data:; "+
|
||||
"connect-src 'self'; "+
|
||||
"object-src 'none'; "+
|
||||
"frame-src 'none'; "+
|
||||
"sandbox allow-same-origin allow-scripts"
|
||||
)
|
||||
|
||||
var hash = req.url.slice(1)
|
||||
sbot.blobs.has(hash, function(err, has) {
|
||||
if (!has) {
|
||||
res.writeHead(404)
|
||||
res.end('File not found')
|
||||
return
|
||||
server: function (opts) {
|
||||
opts = opts || {}
|
||||
return function (req, res) {
|
||||
// local-host only
|
||||
if (req.socket.remoteAddress != '127.0.0.1' &&
|
||||
req.socket.remoteAddress != '::ffff:127.0.0.1' &&
|
||||
req.socket.remoteAddress != '::1') {
|
||||
console.log('Remote access attempted by', req.socket.remoteAddress)
|
||||
res.writeHead(403)
|
||||
return res.end('Remote access forbidden')
|
||||
}
|
||||
pull(
|
||||
sbot.blobs.get(hash),
|
||||
// toBuffer(),
|
||||
toPull(res)
|
||||
|
||||
// restrict the CSP
|
||||
res.setHeader('Content-Security-Policy',
|
||||
"default-src 'self' 'unsafe-inline' 'unsafe-eval' data:; "+
|
||||
"connect-src 'self'; "+
|
||||
"object-src 'none'; "+
|
||||
"frame-src 'none'; "+
|
||||
"sandbox allow-same-origin allow-scripts"
|
||||
)
|
||||
})
|
||||
|
||||
if (req.url.slice(-7) != '.sha256' && opts.serveFiles) {
|
||||
// try to serve from local FS if the path is not a supported hash
|
||||
return fs.createReadStream(req.url)
|
||||
.on('error', function () {
|
||||
res.writeHead(404)
|
||||
res.end('File not found')
|
||||
})
|
||||
.pipe(res)
|
||||
}
|
||||
|
||||
// serve blob
|
||||
var hash = req.url.slice(-51) // hash ids are 51 chars long
|
||||
sbot.blobs.has(hash, function(err, has) {
|
||||
if (!has) {
|
||||
res.writeHead(404)
|
||||
res.end('File not found')
|
||||
return
|
||||
}
|
||||
pull(
|
||||
sbot.blobs.get(hash),
|
||||
toPull(res)
|
||||
)
|
||||
})
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -1,32 +0,0 @@
|
||||
var path = require('path')
|
||||
var fs = require('fs')
|
||||
|
||||
exports.server = function (req, res) {
|
||||
// function toBuffer() {
|
||||
// return pull.map(function (s) { return Buffer.isBuffer(s) ? s : new Buffer(s, 'base64') })
|
||||
// }
|
||||
// local-host only
|
||||
if (req.socket.remoteAddress != '127.0.0.1' &&
|
||||
req.socket.remoteAddress != '::ffff:127.0.0.1' &&
|
||||
req.socket.remoteAddress != '::1') {
|
||||
console.log('Remote access attempted by', req.socket.remoteAddress)
|
||||
res.writeHead(403)
|
||||
return res.end('Remote access forbidden')
|
||||
}
|
||||
|
||||
// restrict the CSP
|
||||
res.setHeader('Content-Security-Policy',
|
||||
"default-src 'self' localhost:7777 'unsafe-inline' 'unsafe-eval' data:; "+
|
||||
"connect-src 'self'; "+
|
||||
"object-src 'none'; "+
|
||||
"frame-src 'none'; "+
|
||||
"sandbox allow-same-origin allow-scripts"
|
||||
)
|
||||
|
||||
fs.createReadStream(req.url)
|
||||
.on('error', function () {
|
||||
res.writeHead(404)
|
||||
res.end('File not found')
|
||||
})
|
||||
.pipe(res)
|
||||
}
|
Loading…
Reference in New Issue
Block a user