From a56a316690af719c7714bc4fd340a64a4837edce Mon Sep 17 00:00:00 2001 From: Michael Taylor Date: Sun, 22 Sep 2024 09:03:33 -0400 Subject: [PATCH 1/2] fix: add missing head file upload --- src/controllers/merkleTreeController.ts | 42 +++++++++++++++++++++++++ src/routes/storeRoutes.ts | 13 +++++--- 2 files changed, 50 insertions(+), 5 deletions(-) diff --git a/src/controllers/merkleTreeController.ts b/src/controllers/merkleTreeController.ts index eef72a6..bca0280 100644 --- a/src/controllers/merkleTreeController.ts +++ b/src/controllers/merkleTreeController.ts @@ -10,6 +10,7 @@ import { getStorageLocation } from "../utils/storage"; import tmp from "tmp"; import { PassThrough } from "stream"; import NodeCache from "node-cache"; +import { generateNonce, validateNonce } from "../utils/nonce"; const digFolderPath = getStorageLocation(); const streamPipeline = promisify(require("stream").pipeline); @@ -164,6 +165,43 @@ export const startUploadSession = async ( } }; +/** + * Handle the HEAD request for /upload/{storeId}/{sessionId}/{filename} + * Returns a nonce in the headers for file upload. + * @param {Request} req - The request object. + * @param {Response} res - The response object. + */ +export const generateFileNonce = async (req: Request, res: Response): Promise => { + try { + const { storeId, sessionId, filename } = req.params; + + if (!storeId || !sessionId || !filename) { + throw new HttpError(400, "Missing required parameters."); + } + + // Construct the path for the upload session + const sessionPath = path.join(digFolderPath, "uploads", storeId, sessionId); + + // Check if the session directory exists + if (!fs.existsSync(sessionPath)) { + throw new HttpError(404, "Upload session not found."); + } + + // Generate a nonce for the file + const nonce = generateNonce(`${storeId}_${sessionId}_${filename}`); + + // Set the nonce in the headers + res.setHeader("x-nonce", nonce); + + // Return 200 status with no body, as per HEAD request specification + res.status(200).end(); + } catch (error: any) { + console.error("Error generating nonce:", error); + const statusCode = error instanceof HttpError ? error.statusCode : 500; + res.status(statusCode).end(); + } +}; + /** * Upload a file to a DataStore (PUT /upload/{storeId}/{sessionId}/{filename}) * Each session has a unique session folder under the DataStore. @@ -199,6 +237,10 @@ export const uploadFile = async ( publicKey ); + if (validateNonce(`${storeId}_${sessionId}_${filename}`, nonce)) { + throw new HttpError(401, "Invalid nonce."); + } + if (!isSignatureValid) { console.log("Key ownership signature is invalid."); throw new HttpError(401, "Invalid key ownership signature."); diff --git a/src/routes/storeRoutes.ts b/src/routes/storeRoutes.ts index d57e179..9a59a55 100644 --- a/src/routes/storeRoutes.ts +++ b/src/routes/storeRoutes.ts @@ -4,14 +4,14 @@ import { startUploadSession, uploadFile, commitUpload, - abortUpload + abortUpload, + generateFileNonce } from "../controllers/merkleTreeController"; import { setMnemonic } from "../controllers/configController"; import { verifyMnemonic } from "../middleware/verifyMnemonic"; import { subscribeToStore, unsubscribeToStore } from "../controllers/storeController"; - const router = express.Router(); router.post("/unsubscribe", express.json(), unsubscribeToStore); @@ -25,13 +25,16 @@ router.head("/:storeId", verifyMnemonic, headStore); router.post("/upload/:storeId", verifyMnemonic, startUploadSession); // Upload a file to a store's session (PUT /upload/{storeId}/{sessionId}/{filename}) -router.put("/upload/:storeId/:sessionId/:filename", verifyMnemonic, uploadFile); +router.head("/upload/:storeId/:sessionId/:filename", generateFileNonce); + +// Upload a file to a store's session (PUT /upload/{storeId}/{sessionId}/{filename}) +router.put("/upload/:storeId/:sessionId/:filename", uploadFile); // Commit an upload (POST /commit/{storeId}/{sessionId}) -router.post("/commit/:storeId/:sessionId", verifyMnemonic, commitUpload); +router.post("/commit/:storeId/:sessionId", commitUpload); // Abort an upload session (POST /abort/{storeId}/{sessionId}) -router.post("/abort/:storeId/:sessionId", verifyMnemonic, abortUpload); +router.post("/abort/:storeId/:sessionId", abortUpload); export { router as storeRoutes }; From cac5a00cc37afccf17f56832aafcd26221ab69f2 Mon Sep 17 00:00:00 2001 From: Michael Taylor Date: Sun, 22 Sep 2024 09:04:23 -0400 Subject: [PATCH 2/2] chore(release): 0.0.1-alpha.34 --- CHANGELOG.md | 7 +++++++ package-lock.json | 4 ++-- package.json | 2 +- 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 28d0883..293b6dc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. +### [0.0.1-alpha.34](https://github.com/DIG-Network/dig-propagation-server/compare/v0.0.1-alpha.33...v0.0.1-alpha.34) (2024-09-22) + + +### Bug Fixes + +* add missing head file upload ([a56a316](https://github.com/DIG-Network/dig-propagation-server/commit/a56a316690af719c7714bc4fd340a64a4837edce)) + ### [0.0.1-alpha.33](https://github.com/DIG-Network/dig-propagation-server/compare/v0.0.1-alpha.32...v0.0.1-alpha.33) (2024-09-22) ### [0.0.1-alpha.32](https://github.com/DIG-Network/dig-propagation-server/compare/v0.0.1-alpha.31...v0.0.1-alpha.32) (2024-09-22) diff --git a/package-lock.json b/package-lock.json index cfd8843..5dc0163 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "dig-propagation-server", - "version": "0.0.1-alpha.33", + "version": "0.0.1-alpha.34", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "dig-propagation-server", - "version": "0.0.1-alpha.33", + "version": "0.0.1-alpha.34", "license": "ISC", "dependencies": { "@dignetwork/dig-sdk": "^0.0.1-alpha.56", diff --git a/package.json b/package.json index 928eefe..06dca6e 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "dig-propagation-server", - "version": "0.0.1-alpha.33", + "version": "0.0.1-alpha.34", "description": "", "type": "commonjs", "main": "./dist/index.js",