Merge pull request #178 from mozilla/fixes158and152

fixed issues in branch title
mozilla · Jul 11, 2017 · 6181ea6 · 6181ea6
2 parents 109fd67 + 8c907c9
commit 6181ea6
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 1 deletion.
diff --git a/frontend/src/fileReceiver.js b/frontend/src/fileReceiver.js
@@ -12,7 +12,7 @@ class FileReceiver extends EventEmitter {
         const xhr = new XMLHttpRequest();
 
         xhr.onprogress = event => {
-          if (event.lengthComputable) {
+          if (event.lengthComputable && event.target.status !== 404) {
             const percentComplete = Math.floor(
               event.loaded / event.total * 100
             );

diff --git a/server/portal_server.js b/server/portal_server.js
@@ -45,6 +45,11 @@ app.get('/', (req, res) => {
 
 app.get('/exists/:id', (req, res) => {
   const id = req.params.id;
+  if (!validateID(id)) {
+    res.sendStatus(404);
+    return;
+  }
+
   storage
     .exists(id)
     .then(() => {
@@ -55,6 +60,11 @@ app.get('/exists/:id', (req, res) => {
 
 app.get('/download/:id', (req, res) => {
   const id = req.params.id;
+  if (!validateID(id)) {
+    res.sendStatus(404);
+    return;
+  }
+
   storage.filename(id).then(filename => {
     storage
       .length(id)
@@ -105,6 +115,9 @@ app.get('/assets/download/:id', (req, res) => {
         });
 
         file_stream.pipe(res);
+      })
+      .catch(err => {
+        res.sendStatus(404);
       });
     })
     .catch(err => {
@@ -124,6 +137,7 @@ app.post('/delete/:id', (req, res) => {
 
   if (!delete_token) {
     res.sendStatus(404);
+    return;
   }
 
   storage
@@ -140,6 +154,12 @@ app.post('/delete/:id', (req, res) => {
 app.post('/upload', (req, res, next) => {
   const newId = crypto.randomBytes(5).toString('hex');
   const meta = JSON.parse(req.header('X-File-Metadata'));
+
+  if (!validateIV(meta.id)) {
+    res.sendStatus(404);
+    return;
+  }
+
   meta.delete = crypto.randomBytes(10).toString('hex');
   log.info('meta', meta);
   req.pipe(req.busboy);
@@ -177,4 +197,8 @@ app.listen(conf.listen_port, () => {
 
 const validateID = route_id => {
   return route_id.match(/^[0-9a-fA-F]{10}$/) !== null;
+};
+
+const validateIV = route_id => {
+  return route_id.match(/^[0-9a-fA-F]{24}$/) !== null;
 };
diff --git a/views/download.handlebars b/views/download.handlebars
@@ -25,8 +25,12 @@
         <div>
           <button id="download-btn" onclick="download()">Download File</button>
         </div>
+        <div id='expired-img'>
+          <img src='/resources/link_expired.png' />
+        </div>
       </div>
 
+
       <div id="download-progress">
         <div  id="download-text">
           Downloading File...