log-trade
/
image-api
1
0
Fork 0
Code Issues Pull Requests Projects Releases 3 Wiki Activity
Browse Source

add test for did:peer JWT

master
Trent Larson 2 months ago
parent
537add2488
commit
2d5fe40971
2 changed files with 45 additions and 25 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 48
      src/server.ts
  2. 22
      test/test.sh

48
src/server.ts
View File

@ -58,15 +58,15 @@ app.get('/image-limits', async (req, res) => {
if (!limitsResult.success) { if (!limitsResult.success) {
return limitsResult.result; return limitsResult.result;
} }
return res.status(200).send(JSON.stringify({ return res.status(200).send({
success: true, success: true,
doneImagesThisWeek: limitsResult.doneImagesThisWeek, doneImagesThisWeek: limitsResult.doneImagesThisWeek,
maxImagesPerWeek: limitsResult.maxImagesPerWeek, maxImagesPerWeek: limitsResult.maxImagesPerWeek,
nextWeekBeginDateTime: limitsResult.nextWeekBeginDateTime nextWeekBeginDateTime: limitsResult.nextWeekBeginDateTime
})); });
} catch (e) { } catch (e) {
console.error('Error getting image limits:', e, ' ... with this string: ' + e); console.error('Error getting image limits:', e, ' ... with this string: ' + e);
return res.status(500).send(JSON.stringify({ success: false, message: 'Got this error retrieving limits: ' + e })); return res.status(500).send({ success: false, message: 'Got this error retrieving limits: ' + e });
} }
}); });
@ -82,7 +82,7 @@ app.get('/image-limits', async (req, res) => {
app.post('/image', uploadMulter.single('image'), async (req, res) => { app.post('/image', uploadMulter.single('image'), async (req, res) => {
const reqFile = req.file; const reqFile = req.file;
if (reqFile == null) { if (reqFile == null) {
return res.status(400).send(JSON.stringify({ success: false, message: 'No file uploaded.' })); return res.status(400).send({ success: false, message: 'No file uploaded.' });
} }
try { try {
if (reqFile.size > 10485760) { // 10MB if (reqFile.size > 10485760) { // 10MB
@ -91,7 +91,7 @@ app.post('/image', uploadMulter.single('image'), async (req, res) => {
console.error("Error deleting too-large temp file", reqFile.path, "with error (but continuing):", err); console.error("Error deleting too-large temp file", reqFile.path, "with error (but continuing):", err);
} }
}); });
return res.status(400).send(JSON.stringify({success: false, message: 'File size is too large. Maximum file size is 10MB.'})); return res.status(400).send({success: false, message: 'File size is too large. Maximum file size is 10MB.'});
} }
const limitsResult = await retrievelimits(req, res); const limitsResult = await retrievelimits(req, res);
@ -103,7 +103,7 @@ app.post('/image', uploadMulter.single('image'), async (req, res) => {
const issuerDid = limitsResult.issuerDid; const issuerDid = limitsResult.issuerDid;
if (doneImagesThisWeek >= maxImagesPerWeek) { if (doneImagesThisWeek >= maxImagesPerWeek) {
return res.status(400).send(JSON.stringify({ success: false, message: 'You have reached your weekly limit of ' + maxImagesPerWeek + ' images.' })); return res.status(400).send({ success: false, message: 'You have reached your weekly limit of ' + maxImagesPerWeek + ' images.' });
} }
// Read the file from the temporary location // Read the file from the temporary location
@ -121,7 +121,7 @@ app.post('/image', uploadMulter.single('image'), async (req, res) => {
// For some reason, this prepared-statement SQL gives seg fault: "SELECT did FROM image WHERE did = ? and final_file = ?" // For some reason, this prepared-statement SQL gives seg fault: "SELECT did FROM image WHERE did = ? and final_file = ?"
if (issuerDid.indexOf("'") >= 0 || finalFileName.indexOf("'") >= 0) { if (issuerDid.indexOf("'") >= 0 || finalFileName.indexOf("'") >= 0) {
console.error("Error: SQL injection attempt with", issuerDid, finalFileName); console.error("Error: SQL injection attempt with", issuerDid, finalFileName);
return res.status(400).send(JSON.stringify({ success: false, message: 'SQL injection attempt detected.' })); return res.status(400).send({ success: false, message: 'SQL injection attempt detected.' });
} }
const sql = "SELECT did FROM image WHERE did = '" + issuerDid + "' and final_file = '" + finalFileName + "'"; const sql = "SELECT did FROM image WHERE did = '" + issuerDid + "' and final_file = '" + finalFileName + "'";
db.get( db.get(
@ -137,7 +137,7 @@ app.post('/image', uploadMulter.single('image'), async (req, res) => {
); );
}); });
if (!didForOriginal) { if (!didForOriginal) {
return res.status(404).send(JSON.stringify({ success: false, message: 'No image entry found for user ' + issuerDid + ' for file ' + finalFileName })); return res.status(404).send({ success: false, message: 'No image entry found for user ' + issuerDid + ' for file ' + finalFileName });
} }
// check if any other user recorded this image // check if any other user recorded this image
@ -155,7 +155,7 @@ app.post('/image', uploadMulter.single('image'), async (req, res) => {
); );
}); });
if (othersWhoSentImage) { if (othersWhoSentImage) {
return res.status(400).send(JSON.stringify({ success: false, message: 'Other users have also saved this image so it cannot be modified. You will have to replace your own references.' })); return res.status(400).send({ success: false, message: 'Other users have also saved this image so it cannot be modified. You will have to replace your own references.' });
} }
// remove from S3 // remove from S3
@ -170,10 +170,10 @@ app.post('/image', uploadMulter.single('image'), async (req, res) => {
&& response.$metadata.httpStatusCode !== 204) { && response.$metadata.httpStatusCode !== 204) {
const errorTime = new Date().toISOString(); const errorTime = new Date().toISOString();
console.error(errorTime, "Error deleting from S3 with bad HTTP status, with metadata:", response.$metadata); console.error(errorTime, "Error deleting from S3 with bad HTTP status, with metadata:", response.$metadata);
return res.status(500).send(JSON.stringify({ return res.status(500).send({
success: false, success: false,
message: "Got bad status of " + response.$metadata.httpStatusCode + " from S3. See server logs at " + errorTime message: "Got bad status of " + response.$metadata.httpStatusCode + " from S3. See server logs at " + errorTime
})); });
} }
// might as well remove from DB and add it all back again later // might as well remove from DB and add it all back again later
@ -214,7 +214,7 @@ app.post('/image', uploadMulter.single('image'), async (req, res) => {
); );
}); });
if (imageUrl) { if (imageUrl) {
return res.status(201).send(JSON.stringify({ success: true, url: imageUrl, message: 'This image already existed.' })); return res.status(201).send({ success: true, url: imageUrl, message: 'This image already existed.' });
} }
} }
@ -265,10 +265,10 @@ app.post('/image', uploadMulter.single('image'), async (req, res) => {
if (response.$metadata.httpStatusCode !== 200) { if (response.$metadata.httpStatusCode !== 200) {
const errorTime = new Date().toISOString(); const errorTime = new Date().toISOString();
console.error(errorTime, "Error uploading to S3 with bad HTTP status, with metadata:", response.$metadata); console.error(errorTime, "Error uploading to S3 with bad HTTP status, with metadata:", response.$metadata);
return res.status(500).send(JSON.stringify({ return res.status(500).send({
success: false, success: false,
message: "Got bad status of " + response.$metadata.httpStatusCode + " from S3. See server logs at " + errorTime message: "Got bad status of " + response.$metadata.httpStatusCode + " from S3. See server logs at " + errorTime
})); });
} else { } else {
fs.rm(reqFile.path, (err) => { fs.rm(reqFile.path, (err) => {
if (err) { if (err) {
@ -282,19 +282,19 @@ app.post('/image', uploadMulter.single('image'), async (req, res) => {
} catch (uploadError) { } catch (uploadError) {
const errorTime = new Date().toISOString(); const errorTime = new Date().toISOString();
console.error(errorTime, "Error uploading to S3:", uploadError); console.error(errorTime, "Error uploading to S3:", uploadError);
return res.status(500).send(JSON.stringify({ return res.status(500).send({
success: false, success: false,
message: "Got error uploading file. See server logs at " + errorTime + " Error Details: " + uploadError message: "Got error uploading file. See server logs at " + errorTime + " Error Details: " + uploadError
})); });
} }
}) })
} catch (error) { } catch (error) {
const errorTime = new Date().toISOString(); const errorTime = new Date().toISOString();
console.error(errorTime, "Error processing image upload:", error); console.error(errorTime, "Error processing image upload:", error);
res.status(500).send(JSON.stringify({ res.status(500).send({
success: false, success: false,
message: "Got error processing image upload. See server logs at " + errorTime + " Error Details: " + error message: "Got error processing image upload. See server logs at " + errorTime + " Error Details: " + JSON.stringify(error)
})); });
} }
}); });
@ -391,7 +391,7 @@ app.delete('/image/:url', async (req, res) => {
console.error(errorTime, "Error processing image delete:", error); console.error(errorTime, "Error processing image delete:", error);
return res.status(500).send({ return res.status(500).send({
success: false, success: false,
message: "Got error processing image delete. See server logs at " + errorTime + " Error Details: " + error message: "Got error processing image delete. See server logs at " + errorTime + " Error Details: " + JSON.stringify(error)
}); });
} }
}); });
@ -428,7 +428,7 @@ async function retrievelimits(req, res) {
console.error("Got bad response of", response.status, "when checking rate limits for", issuerDid); console.error("Got bad response of", response.status, "when checking rate limits for", issuerDid);
return { return {
success: false, success: false,
result: res.status(400).send(JSON.stringify({ success: false, message: 'Got bad status of ' + response.status + ' when checking limits with endorser server. Verify that the account exists and that the JWT works for that server.'})) result: res.status(400).send({ success: false, message: 'Got bad status of ' + response.status + ' when checking limits with endorser server. Verify that the account exists and that the JWT works for that server.'})
}; };
} else { } else {
const body = await response.json(); const body = await response.json();
@ -453,7 +453,7 @@ async function retrievelimits(req, res) {
if (maxImagesPerWeek == null) { if (maxImagesPerWeek == null) {
return { return {
success: false, success: false,
result: res.status(400).send(JSON.stringify({ success: false, message: 'Unable to determine rate limits for this user. Verify that the account exists and that the JWT works for that server.' })) result: res.status(400).send({ success: false, message: 'Unable to determine rate limits for this user. Verify that the account exists and that the JWT works for that server.' })
}; };
} }
@ -497,7 +497,7 @@ async function decodeJwt(req, res) {
if (!auth || !auth.startsWith('Bearer ')) { if (!auth || !auth.startsWith('Bearer ')) {
return { return {
success: false, success: false,
result: res.status(401).send(JSON.stringify({success: false, message: 'Missing "Bearer JWT" in Authorization header.'})) result: res.status(401).send({success: false, message: 'Missing "Bearer JWT" in Authorization header.'})
}; };
} }
const jwt = auth.substring('Bearer '.length); const jwt = auth.substring('Bearer '.length);
@ -507,7 +507,7 @@ async function decodeJwt(req, res) {
console.error(errorTime, 'Got invalid JWT in Authorization header:', verified); console.error(errorTime, 'Got invalid JWT in Authorization header:', verified);
return { return {
success: false, success: false,
result: res.status(401).send(JSON.stringify({ success: false, message: 'Got invalid JWT in Authorization header. See server logs at ' + errorTime })) result: res.status(401).send({ success: false, message: 'Got invalid JWT in Authorization header. See server logs at ' + errorTime })
}; };
} }
return { success: true, issuerDid: verified.issuer, jwt: jwt }; return { success: true, issuerDid: verified.issuer, jwt: jwt };

22
test/test.sh
View File

@ -27,6 +27,13 @@ JWT=$(node -e "$JWT_CODE_USER_0")
echo JWT: $JWT echo JWT: $JWT
RESULT=$(curl -X POST -H "Authorization: Bearer $JWT" -F "image=@test0.png" "$HOST/image") RESULT=$(curl -X POST -H "Authorization: Bearer $JWT" -F "image=@test0.png" "$HOST/image")
echo curl result: $RESULT echo curl result: $RESULT
SUCCESS=$(echo $RESULT | jq -r '.success')
if [ $SUCCESS = "true" ]; then
echo "User #0 uploaded file."
else
echo "User #0 failed to upload a file.";
exit 1
fi
echo "Download from the URL supplied" echo "Download from the URL supplied"
URL0=$(echo $RESULT | jq -r '.url') URL0=$(echo $RESULT | jq -r '.url')
@ -57,7 +64,7 @@ else
exit 1 exit 1
fi fi
echo "Now unsuccessfully upload a change to the image by user 1" echo "Now fail to upload a change to the image by user 1"
FILENAME0=$(basename $URL0) FILENAME0=$(basename $URL0)
JWT=$(node -e "$JWT_CODE_USER_1") JWT=$(node -e "$JWT_CODE_USER_1")
echo JWT: $JWT echo JWT: $JWT
@ -125,3 +132,16 @@ else
echo "Test file 1 was not cleaned off server."; echo "Test file 1 was not cleaned off server.";
exit 1 exit 1
fi fi
echo "Upload test2.png by did:peer user"
JWT="eyJ0eXAiOiJKV0FOVCIsImFsZyI6IkVTMjU2In0.eyJBdXRoZW50aWNhdGlvbkRhdGFCNjRVUkwiOiJTWllONVlnT2pHaDBOQmNQWkhaZ1c0X2tycm1paGpMSG1Wenp1b01kbDJNRkFBQUFBQSIsIkNsaWVudERhdGFKU09OQjY0VVJMIjoiZXlKMGVYQmxJam9pZDJWaVlYVjBhRzR1WjJWMElpd2lZMmhoYkd4bGJtZGxJam9pWlhsS01sbDVTVFpsZVVwcVkyMVdhMXBYTlRCaFYwWnpWVE5XYVdGdFZtcGtRMGsyWlhsS1FWa3lPWFZrUjFZMFpFTkpOa2x0YURCa1NFSjZUMms0ZG1NeVRtOWFWekZvVEcwNWVWcDVTWE5KYTBJd1pWaENiRWxxYjJsU01td3lXbFZHYW1SSGJIWmlhVWx6U1cxU2JHTXlUbmxoV0VJd1lWYzVkVWxxYjJsalIydzJaVzFGYVdaWU1ITkpiVlkwWTBOSk5rMVVZM2xOUkUwMFQwUlZNazE1ZDJsaFYwWXdTV3B2ZUU1NlNYZE5lbWMwVGxSQmVreERTbkJqTTAxcFQybEthMkZYVVRaalIxWnNZMnB2ZDJWcmRFNVNiWEF5Vmxka1dtTnJNSGhoUm1nelVrZE9kR0pVVWtOWmJtaE1XV3hLVDFWWFJsbFZhM0I1VVRGQ2FGRnNjREJSTWpsd1lVaE9UVlpHUWt0UmJrSnVWbGhTUkU5VmRHdFBXRUo1WldwR2RsWklSalJXTWxaMFVtMWFUMVl3VGs5YU1IaEdVMjVzVVU1RlduWlVSWFF3WWxjMVdHRkdSbmhaVlU1MVVXMVdiVll5T1hSU00wcFVVVlJPTWs1RFNqa2lMQ0p2Y21sbmFXNGlPaUpvZEhSd09pOHZiRzlqWVd4b2IzTjBPamd3T0RBaUxDSmpjbTl6YzA5eWFXZHBiaUk2Wm1Gc2MyVjkiLCJleHAiOjE3MjAzODg1NjMsImlhdCI6MTcyMDM4ODUwMywiaXNzIjoiZGlkOnBlZXI6MHpLTUZqdlVnWXJNMWhYd0RjbW00QmJ4S2JSTlFhWFJKckNQYUJadENvaWhzTFRQSkJwZ1V0QzlLZDlwcnoxb1RxeFdlbUZmTldDTmdMRUp5UDRGb0xLdG1uV2hRcWFDbkJlZldvbUdyU0EzdjQifQ.MEQCIAsMMNUcSjoxn0LZuE6FvZ6dsm-uQROeX3RPWt6QlRyPAiA670XdJXnLw8QFR9a6KCMt-qUyGZg88mMfT-1DtipcwA"
echo JWT: $JWT
RESULT=$(curl -X POST -H "Authorization: Bearer $JWT" -F "image=@test2.svg" "$HOST/image")
echo curl result: $RESULT
SUCCESS=$(echo $RESULT | jq -r '.success')
if [ $SUCCESS = "true" ]; then
echo "User #2 uploaded SVG file."
else
echo "User #2 failed to upload SVG file. Note that this may be because the server wasn't started with NODE_ENV=test-local which bypasses check of the exp date.";
exit 1
fi

Write Preview
Loading…
Cancel
Save