trent_larson/image-api
4
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

add test for did:peer JWT

Browse Source
This commit is contained in:
Trent Larson
2024-07-14 17:53:11 -06:00
parent 537add2488
commit 2d5fe40971
2 changed files with 45 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
src/server.ts
View File

@@ -58,15 +58,15 @@ app.get('/image-limits', async (req, res) => {
if (!limitsResult.success) {
return limitsResult.result;
}
return res.status(200).send(JSON.stringify({
return res.status(200).send({
success: true,
doneImagesThisWeek: limitsResult.doneImagesThisWeek,
maxImagesPerWeek: limitsResult.maxImagesPerWeek,
nextWeekBeginDateTime: limitsResult.nextWeekBeginDateTime
}));
});
} catch (e) {
console.error('Error getting image limits:', e, ' ... with this string: ' + e);
return res.status(500).send(JSON.stringify({ success: false, message: 'Got this error retrieving limits: ' + e }));
return res.status(500).send({ success: false, message: 'Got this error retrieving limits: ' + e });
}
});
@@ -82,7 +82,7 @@ app.get('/image-limits', async (req, res) => {
app.post('/image', uploadMulter.single('image'), async (req, res) => {
const reqFile = req.file;
if (reqFile == null) {
return res.status(400).send(JSON.stringify({ success: false, message: 'No file uploaded.' }));
return res.status(400).send({ success: false, message: 'No file uploaded.' });
}
try {
if (reqFile.size > 10485760) { // 10MB
@@ -91,7 +91,7 @@ app.post('/image', uploadMulter.single('image'), async (req, res) => {
console.error("Error deleting too-large temp file", reqFile.path, "with error (but continuing):", err);
}
});
return res.status(400).send(JSON.stringify({success: false, message: 'File size is too large. Maximum file size is 10MB.'}));
return res.status(400).send({success: false, message: 'File size is too large. Maximum file size is 10MB.'});
}
const limitsResult = await retrievelimits(req, res);
@@ -103,7 +103,7 @@ app.post('/image', uploadMulter.single('image'), async (req, res) => {
const issuerDid = limitsResult.issuerDid;
if (doneImagesThisWeek >= maxImagesPerWeek) {
return res.status(400).send(JSON.stringify({ success: false, message: 'You have reached your weekly limit of ' + maxImagesPerWeek + ' images.' }));
return res.status(400).send({ success: false, message: 'You have reached your weekly limit of ' + maxImagesPerWeek + ' images.' });
}
// Read the file from the temporary location
@@ -121,7 +121,7 @@ app.post('/image', uploadMulter.single('image'), async (req, res) => {
// For some reason, this prepared-statement SQL gives seg fault: "SELECT did FROM image WHERE did = ? and final_file = ?"
if (issuerDid.indexOf("'") >= 0 || finalFileName.indexOf("'") >= 0) {
console.error("Error: SQL injection attempt with", issuerDid, finalFileName);
return res.status(400).send(JSON.stringify({ success: false, message: 'SQL injection attempt detected.' }));
return res.status(400).send({ success: false, message: 'SQL injection attempt detected.' });
}
const sql = "SELECT did FROM image WHERE did = '" + issuerDid + "' and final_file = '" + finalFileName + "'";
db.get(
@@ -137,7 +137,7 @@ app.post('/image', uploadMulter.single('image'), async (req, res) => {
);
});
if (!didForOriginal) {
return res.status(404).send(JSON.stringify({ success: false, message: 'No image entry found for user ' + issuerDid + ' for file ' + finalFileName }));
return res.status(404).send({ success: false, message: 'No image entry found for user ' + issuerDid + ' for file ' + finalFileName });
}
// check if any other user recorded this image
@@ -155,7 +155,7 @@ app.post('/image', uploadMulter.single('image'), async (req, res) => {
);
});
if (othersWhoSentImage) {
return res.status(400).send(JSON.stringify({ success: false, message: 'Other users have also saved this image so it cannot be modified. You will have to replace your own references.' }));
return res.status(400).send({ success: false, message: 'Other users have also saved this image so it cannot be modified. You will have to replace your own references.' });
}
// remove from S3
@@ -170,10 +170,10 @@ app.post('/image', uploadMulter.single('image'), async (req, res) => {
&& response.$metadata.httpStatusCode !== 204) {
const errorTime = new Date().toISOString();
console.error(errorTime, "Error deleting from S3 with bad HTTP status, with metadata:", response.$metadata);
return res.status(500).send(JSON.stringify({
return res.status(500).send({
success: false,
message: "Got bad status of " + response.$metadata.httpStatusCode + " from S3. See server logs at " + errorTime
}));
});
}
// might as well remove from DB and add it all back again later
@@ -214,7 +214,7 @@ app.post('/image', uploadMulter.single('image'), async (req, res) => {
);
});
if (imageUrl) {
return res.status(201).send(JSON.stringify({ success: true, url: imageUrl, message: 'This image already existed.' }));
return res.status(201).send({ success: true, url: imageUrl, message: 'This image already existed.' });
}
}
@@ -265,10 +265,10 @@ app.post('/image', uploadMulter.single('image'), async (req, res) => {
if (response.$metadata.httpStatusCode !== 200) {
const errorTime = new Date().toISOString();
console.error(errorTime, "Error uploading to S3 with bad HTTP status, with metadata:", response.$metadata);
return res.status(500).send(JSON.stringify({
return res.status(500).send({
success: false,
message: "Got bad status of " + response.$metadata.httpStatusCode + " from S3. See server logs at " + errorTime
}));
});
} else {
fs.rm(reqFile.path, (err) => {
if (err) {
@@ -282,19 +282,19 @@ app.post('/image', uploadMulter.single('image'), async (req, res) => {
} catch (uploadError) {
const errorTime = new Date().toISOString();
console.error(errorTime, "Error uploading to S3:", uploadError);
return res.status(500).send(JSON.stringify({
return res.status(500).send({
success: false,
message: "Got error uploading file. See server logs at " + errorTime + " Error Details: " + uploadError
}));
});
}
})
} catch (error) {
const errorTime = new Date().toISOString();
console.error(errorTime, "Error processing image upload:", error);
res.status(500).send(JSON.stringify({
res.status(500).send({
success: false,
message: "Got error processing image upload. See server logs at " + errorTime + " Error Details: " + error
}));
message: "Got error processing image upload. See server logs at " + errorTime + " Error Details: " + JSON.stringify(error)
});
}
});
@@ -391,7 +391,7 @@ app.delete('/image/:url', async (req, res) => {
console.error(errorTime, "Error processing image delete:", error);
return res.status(500).send({
success: false,
message: "Got error processing image delete. See server logs at " + errorTime + " Error Details: " + error
message: "Got error processing image delete. See server logs at " + errorTime + " Error Details: " + JSON.stringify(error)
});
}
});
@@ -428,7 +428,7 @@ async function retrievelimits(req, res) {
console.error("Got bad response of", response.status, "when checking rate limits for", issuerDid);
return {
success: false,
result: res.status(400).send(JSON.stringify({ success: false, message: 'Got bad status of ' + response.status + ' when checking limits with endorser server. Verify that the account exists and that the JWT works for that server.'}))
result: res.status(400).send({ success: false, message: 'Got bad status of ' + response.status + ' when checking limits with endorser server. Verify that the account exists and that the JWT works for that server.'})
};
} else {
const body = await response.json();
@@ -453,7 +453,7 @@ async function retrievelimits(req, res) {
if (maxImagesPerWeek == null) {
return {
success: false,
result: res.status(400).send(JSON.stringify({ success: false, message: 'Unable to determine rate limits for this user. Verify that the account exists and that the JWT works for that server.' }))
result: res.status(400).send({ success: false, message: 'Unable to determine rate limits for this user. Verify that the account exists and that the JWT works for that server.' })
};
}
@@ -497,7 +497,7 @@ async function decodeJwt(req, res) {
if (!auth || !auth.startsWith('Bearer ')) {
return {
success: false,
result: res.status(401).send(JSON.stringify({success: false, message: 'Missing "Bearer JWT" in Authorization header.'}))
result: res.status(401).send({success: false, message: 'Missing "Bearer JWT" in Authorization header.'})
};
}
const jwt = auth.substring('Bearer '.length);
@@ -507,7 +507,7 @@ async function decodeJwt(req, res) {
console.error(errorTime, 'Got invalid JWT in Authorization header:', verified);
return {
success: false,
result: res.status(401).send(JSON.stringify({ success: false, message: 'Got invalid JWT in Authorization header. See server logs at ' + errorTime }))
result: res.status(401).send({ success: false, message: 'Got invalid JWT in Authorization header. See server logs at ' + errorTime })
};
}
return { success: true, issuerDid: verified.issuer, jwt: jwt };

22
test/test.sh
View File

@@ -27,6 +27,13 @@ JWT=$(node -e "$JWT_CODE_USER_0")
echo JWT: $JWT
RESULT=$(curl -X POST -H "Authorization: Bearer $JWT" -F "image=@test0.png" "$HOST/image")
echo curl result: $RESULT
SUCCESS=$(echo $RESULT | jq -r '.success')
if [ $SUCCESS = "true" ]; then
echo "User #0 uploaded file."
else
echo "User #0 failed to upload a file.";
exit 1
fi
echo "Download from the URL supplied"
URL0=$(echo $RESULT | jq -r '.url')
@@ -57,7 +64,7 @@ else
exit 1
fi
echo "Now unsuccessfully upload a change to the image by user 1"
echo "Now fail to upload a change to the image by user 1"
FILENAME0=$(basename $URL0)
JWT=$(node -e "$JWT_CODE_USER_1")
echo JWT: $JWT
@@ -125,3 +132,16 @@ else
echo "Test file 1 was not cleaned off server.";
exit 1
fi
echo "Upload test2.png by did:peer user"
JWT="eyJ0eXAiOiJKV0FOVCIsImFsZyI6IkVTMjU2In0.eyJBdXRoZW50aWNhdGlvbkRhdGFCNjRVUkwiOiJTWllONVlnT2pHaDBOQmNQWkhaZ1c0X2tycm1paGpMSG1Wenp1b01kbDJNRkFBQUFBQSIsIkNsaWVudERhdGFKU09OQjY0VVJMIjoiZXlKMGVYQmxJam9pZDJWaVlYVjBhRzR1WjJWMElpd2lZMmhoYkd4bGJtZGxJam9pWlhsS01sbDVTVFpsZVVwcVkyMVdhMXBYTlRCaFYwWnpWVE5XYVdGdFZtcGtRMGsyWlhsS1FWa3lPWFZrUjFZMFpFTkpOa2x0YURCa1NFSjZUMms0ZG1NeVRtOWFWekZvVEcwNWVWcDVTWE5KYTBJd1pWaENiRWxxYjJsU01td3lXbFZHYW1SSGJIWmlhVWx6U1cxU2JHTXlUbmxoV0VJd1lWYzVkVWxxYjJsalIydzJaVzFGYVdaWU1ITkpiVlkwWTBOSk5rMVVZM2xOUkUwMFQwUlZNazE1ZDJsaFYwWXdTV3B2ZUU1NlNYZE5lbWMwVGxSQmVreERTbkJqTTAxcFQybEthMkZYVVRaalIxWnNZMnB2ZDJWcmRFNVNiWEF5Vmxka1dtTnJNSGhoUm1nelVrZE9kR0pVVWtOWmJtaE1XV3hLVDFWWFJsbFZhM0I1VVRGQ2FGRnNjREJSTWpsd1lVaE9UVlpHUWt0UmJrSnVWbGhTUkU5VmRHdFBXRUo1WldwR2RsWklSalJXTWxaMFVtMWFUMVl3VGs5YU1IaEdVMjVzVVU1RlduWlVSWFF3WWxjMVdHRkdSbmhaVlU1MVVXMVdiVll5T1hSU00wcFVVVlJPTWs1RFNqa2lMQ0p2Y21sbmFXNGlPaUpvZEhSd09pOHZiRzlqWVd4b2IzTjBPamd3T0RBaUxDSmpjbTl6YzA5eWFXZHBiaUk2Wm1Gc2MyVjkiLCJleHAiOjE3MjAzODg1NjMsImlhdCI6MTcyMDM4ODUwMywiaXNzIjoiZGlkOnBlZXI6MHpLTUZqdlVnWXJNMWhYd0RjbW00QmJ4S2JSTlFhWFJKckNQYUJadENvaWhzTFRQSkJwZ1V0QzlLZDlwcnoxb1RxeFdlbUZmTldDTmdMRUp5UDRGb0xLdG1uV2hRcWFDbkJlZldvbUdyU0EzdjQifQ.MEQCIAsMMNUcSjoxn0LZuE6FvZ6dsm-uQROeX3RPWt6QlRyPAiA670XdJXnLw8QFR9a6KCMt-qUyGZg88mMfT-1DtipcwA"
echo JWT: $JWT
RESULT=$(curl -X POST -H "Authorization: Bearer $JWT" -F "image=@test2.svg" "$HOST/image")
echo curl result: $RESULT
SUCCESS=$(echo $RESULT | jq -r '.success')
if [ $SUCCESS = "true" ]; then
echo "User #2 uploaded SVG file."
else
echo "User #2 failed to upload SVG file. Note that this may be because the server wasn't started with NODE_ENV=test-local which bypasses check of the exp date.";
exit 1
fi