From 648035405d306b606e51240f7e09b75698f502c0 Mon Sep 17 00:00:00 2001 From: Barrie Treloar Date: Fri, 12 May 2017 13:47:33 +0930 Subject: [PATCH 01/16] Ignore node_modules. --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index 4b9c0f1..0283d9a 100644 --- a/.gitignore +++ b/.gitignore @@ -9,3 +9,4 @@ test/uploadsTemp/ .*.sw[a-z] build/* release/* +node_modules/ From 16ff5445d43ac905fb6edadbd454364d1bc25340 Mon Sep 17 00:00:00 2001 From: Barrie Treloar Date: Fri, 12 May 2017 13:47:57 +0930 Subject: [PATCH 02/16] Create package.json for s3handler. --- nodejs/s3/package.json | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 nodejs/s3/package.json diff --git a/nodejs/s3/package.json b/nodejs/s3/package.json new file mode 100644 index 0000000..64c4f47 --- /dev/null +++ b/nodejs/s3/package.json @@ -0,0 +1,14 @@ +{ + "name": "fine-uploader-s3-server", + "description": "Fine Uploader NodeJS example server for s3 server environments", + "dependencies": { + "aws-sdk": "^2.50.0", + "body-parser": "^1.14.2", + "crypto-js": "^3.1.9-1", + "express": "^4.13.3" + }, + "files": [ + "s3handler.js" + ], + "version": "3.0.3" +} From 0024fad1c3899264e0d193d13ac14c54e3ab37a1 Mon Sep 17 00:00:00 2001 From: Barrie Treloar Date: Fri, 12 May 2017 13:48:49 +0930 Subject: [PATCH 03/16] Fix old express idioms. --- nodejs/s3/s3handler.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/nodejs/s3/s3handler.js b/nodejs/s3/s3handler.js index 3f377f6..b6028c8 100644 --- a/nodejs/s3/s3handler.js +++ b/nodejs/s3/s3handler.js @@ -27,6 +27,7 @@ var express = require("express"), CryptoJS = require("crypto-js"), aws = require("aws-sdk"), + bodyParser = require('body-parser'), app = express(), clientSecretKey = process.env.CLIENT_SECRET_KEY, @@ -57,7 +58,7 @@ aws.config.update({ s3 = new aws.S3(); -app.use(express.bodyParser()); +app.use(bodyParser.json()); app.use(express.static(__dirname)); //only needed if serving static content as well app.listen(8000); From f3654a56dc8851e33666a51e82e6dbd53094d456 Mon Sep 17 00:00:00 2001 From: Barrie Treloar Date: Fri, 12 May 2017 13:49:50 +0930 Subject: [PATCH 04/16] Allow port to be overridden --- nodejs/s3/s3handler.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/nodejs/s3/s3handler.js b/nodejs/s3/s3handler.js index b6028c8..0cfc844 100644 --- a/nodejs/s3/s3handler.js +++ b/nodejs/s3/s3handler.js @@ -47,6 +47,8 @@ var express = require("express"), //expectedMinSize = 0, //expectedMaxSize = 15000000, + port = process.env.PORT || 8000, + s3; @@ -60,7 +62,7 @@ s3 = new aws.S3(); app.use(bodyParser.json()); app.use(express.static(__dirname)); //only needed if serving static content as well -app.listen(8000); +app.listen(port); // Handles all signature requests and the success request FU S3 sends after the file is in S3 // You will need to adjust these paths/conditions based on your setup. From 9b4c6b2d070aae0e7fab0e49d21610de8722f360 Mon Sep 17 00:00:00 2001 From: Barrie Treloar Date: Mon, 15 May 2017 11:28:32 +0930 Subject: [PATCH 05/16] Add debug to each function --- nodejs/s3/s3handler.js | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/nodejs/s3/s3handler.js b/nodejs/s3/s3handler.js index 0cfc844..4f50811 100644 --- a/nodejs/s3/s3handler.js +++ b/nodejs/s3/s3handler.js @@ -49,6 +49,8 @@ var express = require("express"), port = process.env.PORT || 8000, + enableDebug = true, + s3; @@ -63,10 +65,13 @@ s3 = new aws.S3(); app.use(bodyParser.json()); app.use(express.static(__dirname)); //only needed if serving static content as well app.listen(port); +debug(`s3handler listening on port ${port}`); + // Handles all signature requests and the success request FU S3 sends after the file is in S3 // You will need to adjust these paths/conditions based on your setup. app.post("/s3handler", function(req, res) { + debug("Accepting POST to /s3handler"); if (typeof req.query.success !== "undefined") { verifyFileInS3(req, res); } @@ -78,6 +83,7 @@ app.post("/s3handler", function(req, res) { // Handles the standard DELETE (file) request sent by Fine Uploader S3. // Omit if you don't want to support this feature. app.delete("/s3handler/*", function(req, res) { + debug("Accepting DELETE to /s3handler"); deleteFile(req.query.bucket, req.query.key, function(err) { if (err) { console.log("Problem deleting file: " + err); @@ -90,6 +96,7 @@ app.delete("/s3handler/*", function(req, res) { // Signs any requests. Delegate to a more specific signer based on type of request. function signRequest(req, res) { + debug("signRequest()"); if (req.body.headers) { signRestRequest(req, res); } @@ -100,6 +107,7 @@ function signRequest(req, res) { // Signs multipart (chunked) requests. Omit if you don't want to support chunking. function signRestRequest(req, res) { + debug("signRestRequest()"); var version = req.query.v4 ? 4 : 2, stringToSign = req.body.headers, signature = version === 4 ? signV4RestRequest(stringToSign) : signV2RestRequest(stringToSign); @@ -120,10 +128,12 @@ function signRestRequest(req, res) { } function signV2RestRequest(headersStr) { + debug("signV2RestRequest()"); return getV2SignatureKey(clientSecretKey, headersStr); } function signV4RestRequest(headersStr) { + debug("signV4RestRequest()"); var matches = /.+\n.+\n(\d+)\/(.+)\/s3\/aws4_request\n([\s\S]+)/.exec(headersStr), hashedCanonicalRequest = CryptoJS.SHA256(matches[3]), stringToSign = headersStr.replace(/(.+s3\/aws4_request\n)[\s\S]+/, '$1' + hashedCanonicalRequest); @@ -133,6 +143,7 @@ function signV4RestRequest(headersStr) { // Signs "simple" (non-chunked) upload requests. function signPolicy(req, res) { + debug("signPolicy()"); var policy = req.body, base64Policy = new Buffer(JSON.stringify(policy)).toString("base64"), signature = req.query.v4 ? signV4Policy(policy, base64Policy) : signV2Policy(base64Policy); @@ -154,10 +165,12 @@ function signPolicy(req, res) { } function signV2Policy(base64Policy) { + debug("signV2Policy()"); return getV2SignatureKey(clientSecretKey, base64Policy); } function signV4Policy(policy, base64Policy) { + debug("signV4Policy()"); var conditions = policy.conditions, credentialCondition; @@ -175,6 +188,7 @@ function signV4Policy(policy, base64Policy) { // Ensures the REST request is targeting the correct bucket. // Omit if you don't want to support chunking. function isValidRestRequest(headerStr, version) { + debug("isValidRestRequest()"); if (version === 4) { return new RegExp("host:" + expectedHostname).exec(headerStr) != null; } @@ -187,6 +201,7 @@ function isValidRestRequest(headerStr, version) { // Comment out the expectedMaxSize and expectedMinSize variables near // the top of this file to disable size validation on the policy document. function isPolicyValid(policy) { + debug("isPolicyValid()"); var bucket, parsedMaxSize, parsedMinSize, isValid; policy.conditions.forEach(function(condition) { @@ -215,7 +230,9 @@ function isPolicyValid(policy) { // After the file is in S3, make sure it isn't too big. // Omit if you don't have a max file size, or add more logic as required. function verifyFileInS3(req, res) { + debug("verifyFileInS3()"); function headReceived(err, data) { + debug("headReceived()"); if (err) { res.status(500); console.log(err); @@ -244,11 +261,13 @@ function verifyFileInS3(req, res) { } function getV2SignatureKey(key, stringToSign) { + debug("getV2SignatureKey()"); var words = CryptoJS.HmacSHA1(stringToSign, key); return CryptoJS.enc.Base64.stringify(words); } function getV4SignatureKey(key, dateStamp, regionName, serviceName, stringToSign) { + debug("getV4SignatureKey()"); var kDate = CryptoJS.HmacSHA256(dateStamp, "AWS4" + key), kRegion = CryptoJS.HmacSHA256(regionName, kDate), kService = CryptoJS.HmacSHA256(serviceName, kRegion), @@ -258,6 +277,7 @@ function getV4SignatureKey(key, dateStamp, regionName, serviceName, stringToSign } function deleteFile(bucket, key, callback) { + debug("deleteFile()"); callS3("delete", { bucket: bucket, key: key @@ -265,8 +285,15 @@ function deleteFile(bucket, key, callback) { } function callS3(type, spec, callback) { + debug("callS3()"); s3[type + "Object"]({ Bucket: spec.bucket, Key: spec.key }, callback) } + +function debug(message) { + if (enableDebug) { + console.log(`DEBUG: ${message}`); + } +} From 4ef54081b2a98405fbf7699070f76ce9d0495a9d Mon Sep 17 00:00:00 2001 From: Barrie Treloar Date: Mon, 15 May 2017 11:42:04 +0930 Subject: [PATCH 06/16] Add OPTIONS for CORS support. --- nodejs/s3/s3handler.js | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/nodejs/s3/s3handler.js b/nodejs/s3/s3handler.js index 4f50811..05ebdb5 100644 --- a/nodejs/s3/s3handler.js +++ b/nodejs/s3/s3handler.js @@ -39,6 +39,9 @@ var express = require("express"), expectedBucket = "fineuploadertest", expectedHostname = "fineuploadertest.s3.amazonaws.com", + // Set this to your CORS origin. Secure by default. + accessControlAllowOrigin = process.env.ACCESS_CONTROL_ALLOW_ORIGIN, + // CHANGE TO INTEGERS TO ENABLE POLICY DOCUMENT VERIFICATION ON FILE SIZE // (recommended) expectedMinSize = null, @@ -67,6 +70,15 @@ app.use(express.static(__dirname)); //only needed if serving static content as w app.listen(port); debug(`s3handler listening on port ${port}`); +app.options("/*", function(req, res, next){ + debug("Accepting OPTIONS to /s3handler"); + if (accessControlAllowOrigin) { + res.header('Access-Control-Allow-Origin', accessControlAllowOrigin); + } + res.header('Access-Control-Allow-Methods', 'POST,DELETE,OPTIONS'); + res.header('Access-Control-Allow-Headers', 'Cache-Control, Content-Type, Authorization, Content-Length, X-Requested-With'); + res.sendStatus(200); +}); // Handles all signature requests and the success request FU S3 sends after the file is in S3 // You will need to adjust these paths/conditions based on your setup. From 783dedfaec8b8a0c217ed40425d76d35ebab5cde Mon Sep 17 00:00:00 2001 From: Barrie Treloar Date: Mon, 15 May 2017 11:42:45 +0930 Subject: [PATCH 07/16] Remove static content handling --- nodejs/s3/s3handler.js | 1 - 1 file changed, 1 deletion(-) diff --git a/nodejs/s3/s3handler.js b/nodejs/s3/s3handler.js index 05ebdb5..275514f 100644 --- a/nodejs/s3/s3handler.js +++ b/nodejs/s3/s3handler.js @@ -66,7 +66,6 @@ s3 = new aws.S3(); app.use(bodyParser.json()); -app.use(express.static(__dirname)); //only needed if serving static content as well app.listen(port); debug(`s3handler listening on port ${port}`); From 739d7e7dc485aec6f4876f21a540717fa33f0e5d Mon Sep 17 00:00:00 2001 From: Barrie Treloar Date: Mon, 15 May 2017 11:52:17 +0930 Subject: [PATCH 08/16] Add error messages to isPolicyValid. --- nodejs/s3/s3handler.js | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/nodejs/s3/s3handler.js b/nodejs/s3/s3handler.js index 275514f..e1068c0 100644 --- a/nodejs/s3/s3handler.js +++ b/nodejs/s3/s3handler.js @@ -36,7 +36,7 @@ var express = require("express"), serverSecretKey = process.env.SERVER_SECRET_KEY, // Set these two values to match your environment - expectedBucket = "fineuploadertest", + expectedBucket = process.env.EXPECTED_BUCKET, expectedHostname = "fineuploadertest.s3.amazonaws.com", // Set this to your CORS origin. Secure by default. @@ -225,17 +225,26 @@ function isPolicyValid(policy) { } }); - isValid = bucket === expectedBucket; + if (bucket !== expectedBucket) { + console.log("ERROR: policy bucket '" + bucket + "' does not match expected bucket '" + expectedBucket + "'"); + return false; + } // If expectedMinSize and expectedMax size are not null (see above), then // ensure that the client and server have agreed upon the exact same // values. - if (expectedMinSize != null && expectedMaxSize != null) { - isValid = isValid && (parsedMinSize === expectedMinSize.toString()) - && (parsedMaxSize === expectedMaxSize.toString()); + if (expectedMinSize !== null && expectedMaxSize !== null) { + if (parsedMinSize !== expectedMinSize.toString()) { + console.log("ERROR: policy min size '" + parsedMinSize + "' does not match expected min size '" + expectedMinSize.toString() + "'"); + return false; + } + if (parsedMaxSize !== expectedMaxSize.toString()) { + console.log("ERROR: policy max size '" + parsedMaxSize + "' does not match expected max size '" + expectedMaxSize.toString() + "'"); + return false; + } } - return isValid; + return true; } // After the file is in S3, make sure it isn't too big. From 981fb0dc6ba294cbbdc6364aeb17d200b3d024b6 Mon Sep 17 00:00:00 2001 From: Barrie Treloar Date: Wed, 17 May 2017 13:10:57 +0930 Subject: [PATCH 09/16] Add access control allow origin headers. --- nodejs/s3/s3handler.js | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/nodejs/s3/s3handler.js b/nodejs/s3/s3handler.js index e1068c0..bcb937d 100644 --- a/nodejs/s3/s3handler.js +++ b/nodejs/s3/s3handler.js @@ -71,9 +71,7 @@ debug(`s3handler listening on port ${port}`); app.options("/*", function(req, res, next){ debug("Accepting OPTIONS to /s3handler"); - if (accessControlAllowOrigin) { - res.header('Access-Control-Allow-Origin', accessControlAllowOrigin); - } + addAccessControlAllowOrigin(res); res.header('Access-Control-Allow-Methods', 'POST,DELETE,OPTIONS'); res.header('Access-Control-Allow-Headers', 'Cache-Control, Content-Type, Authorization, Content-Length, X-Requested-With'); res.sendStatus(200); @@ -83,6 +81,7 @@ app.options("/*", function(req, res, next){ // You will need to adjust these paths/conditions based on your setup. app.post("/s3handler", function(req, res) { debug("Accepting POST to /s3handler"); + addAccessControlAllowOrigin(res); if (typeof req.query.success !== "undefined") { verifyFileInS3(req, res); } @@ -95,6 +94,7 @@ app.post("/s3handler", function(req, res) { // Omit if you don't want to support this feature. app.delete("/s3handler/*", function(req, res) { debug("Accepting DELETE to /s3handler"); + addAccessControlAllowOrigin(res); deleteFile(req.query.bucket, req.query.key, function(err) { if (err) { console.log("Problem deleting file: " + err); @@ -105,6 +105,13 @@ app.delete("/s3handler/*", function(req, res) { }); }); +// Adds the Access-Control-Allow-Origin, if configured +function addAccessControlAllowOrigin(res) { + if (accessControlAllowOrigin) { + res.header('Access-Control-Allow-Origin', accessControlAllowOrigin); + } +} + // Signs any requests. Delegate to a more specific signer based on type of request. function signRequest(req, res) { debug("signRequest()"); From 08b4783c3fc21ed5046841b019b1141b06bdb51d Mon Sep 17 00:00:00 2001 From: Barrie Treloar Date: Wed, 17 May 2017 13:16:36 +0930 Subject: [PATCH 10/16] Throw error on unspecified clientSecretKey. --- nodejs/s3/s3handler.js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/nodejs/s3/s3handler.js b/nodejs/s3/s3handler.js index bcb937d..d4298a7 100644 --- a/nodejs/s3/s3handler.js +++ b/nodejs/s3/s3handler.js @@ -56,6 +56,9 @@ var express = require("express"), s3; +if (!clientSecretKey) { + throw new Error('Environment variable CLIENT_SECRET_KEY must be set'); +} // Init S3, given your server-side keys. Only needed if using the AWS SDK. aws.config.update({ From c1ca13a362e15ba281e5b9a4e3d0d240fc8e1b6e Mon Sep 17 00:00:00 2001 From: Barrie Treloar Date: Wed, 17 May 2017 13:21:13 +0930 Subject: [PATCH 11/16] Throw error on unspecified bucket. --- nodejs/s3/s3handler.js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/nodejs/s3/s3handler.js b/nodejs/s3/s3handler.js index d4298a7..f5b572e 100644 --- a/nodejs/s3/s3handler.js +++ b/nodejs/s3/s3handler.js @@ -59,6 +59,9 @@ var express = require("express"), if (!clientSecretKey) { throw new Error('Environment variable CLIENT_SECRET_KEY must be set'); } +if (!expectedBucket) { + throw new Error('Environment variable EXPECTED_BUCKET must be set'); +} // Init S3, given your server-side keys. Only needed if using the AWS SDK. aws.config.update({ From 115c0a8fcc800562df69677af62c49bdabe2c680 Mon Sep 17 00:00:00 2001 From: Barrie Treloar Date: Wed, 17 May 2017 13:21:37 +0930 Subject: [PATCH 12/16] Add warnings when EXPECTED_HOSTNAME not configured. --- nodejs/s3/s3handler.js | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/nodejs/s3/s3handler.js b/nodejs/s3/s3handler.js index f5b572e..b9a6d5e 100644 --- a/nodejs/s3/s3handler.js +++ b/nodejs/s3/s3handler.js @@ -37,7 +37,7 @@ var express = require("express"), // Set these two values to match your environment expectedBucket = process.env.EXPECTED_BUCKET, - expectedHostname = "fineuploadertest.s3.amazonaws.com", + expectedHostname = process.env.EXPECTED_HOSTNAME, // OPTIONAL, only needed for REST requests // Set this to your CORS origin. Secure by default. accessControlAllowOrigin = process.env.ACCESS_CONTROL_ALLOW_ORIGIN, @@ -62,6 +62,9 @@ if (!clientSecretKey) { if (!expectedBucket) { throw new Error('Environment variable EXPECTED_BUCKET must be set'); } +if (!expectedHostname) { + console.log('WARNING: Chunking will be disabled. Please set environment variable EXPECTED_HOSTNAME'); +} // Init S3, given your server-side keys. Only needed if using the AWS SDK. aws.config.update({ @@ -213,6 +216,10 @@ function signV4Policy(policy, base64Policy) { // Omit if you don't want to support chunking. function isValidRestRequest(headerStr, version) { debug("isValidRestRequest()"); + if (!expectedHostname) { + console.log("ERROR: expectedHostname not set, unable to validate rest request"); + return false; + } if (version === 4) { return new RegExp("host:" + expectedHostname).exec(headerStr) != null; } From 6a39a25d8286e5b9c15f957586d741e5cec21048 Mon Sep 17 00:00:00 2001 From: Barrie Treloar Date: Wed, 17 May 2017 13:27:49 +0930 Subject: [PATCH 13/16] Add error messages if SERVER_PUBLIC_KEY or SERVER_SECRET_KEY not defined for AWS SDK calls. --- nodejs/s3/s3handler.js | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/nodejs/s3/s3handler.js b/nodejs/s3/s3handler.js index b9a6d5e..ccf0a82 100644 --- a/nodejs/s3/s3handler.js +++ b/nodejs/s3/s3handler.js @@ -65,6 +65,13 @@ if (!expectedBucket) { if (!expectedHostname) { console.log('WARNING: Chunking will be disabled. Please set environment variable EXPECTED_HOSTNAME'); } +if (!serverPublicKey) { + console.log('WARNING: AWS SDK will be disabled. Please set environment variable SERVER_PUBLIC_KEY'); +} +if (!serverSecretKey) { + console.log('WARNING: AWS SDK will be disabled. Please set environment variable SERVER_SECRET_KEY'); +} + // Init S3, given your server-side keys. Only needed if using the AWS SDK. aws.config.update({ @@ -326,6 +333,9 @@ function deleteFile(bucket, key, callback) { function callS3(type, spec, callback) { debug("callS3()"); + if (!serverPublicKey || !serverSecretKey) { + throw new Error('AWS SDK disabled. Please set environment variable SERVER_PUBLIC_KEY and SERVER_SECRET_KEY'); + } s3[type + "Object"]({ Bucket: spec.bucket, Key: spec.key From 9e9f3be5acb6a289e5eda5afecb90fde2a8fcf23 Mon Sep 17 00:00:00 2001 From: Barrie Treloar Date: Wed, 17 May 2017 13:44:47 +0930 Subject: [PATCH 14/16] Move Access-Control-Allow-Origin handling into express middleware. --- nodejs/s3/s3handler.js | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/nodejs/s3/s3handler.js b/nodejs/s3/s3handler.js index ccf0a82..4e10de1 100644 --- a/nodejs/s3/s3handler.js +++ b/nodejs/s3/s3handler.js @@ -82,12 +82,12 @@ s3 = new aws.S3(); app.use(bodyParser.json()); +app.use(addAccessControlAllowOrigin); app.listen(port); debug(`s3handler listening on port ${port}`); app.options("/*", function(req, res, next){ debug("Accepting OPTIONS to /s3handler"); - addAccessControlAllowOrigin(res); res.header('Access-Control-Allow-Methods', 'POST,DELETE,OPTIONS'); res.header('Access-Control-Allow-Headers', 'Cache-Control, Content-Type, Authorization, Content-Length, X-Requested-With'); res.sendStatus(200); @@ -97,7 +97,6 @@ app.options("/*", function(req, res, next){ // You will need to adjust these paths/conditions based on your setup. app.post("/s3handler", function(req, res) { debug("Accepting POST to /s3handler"); - addAccessControlAllowOrigin(res); if (typeof req.query.success !== "undefined") { verifyFileInS3(req, res); } @@ -110,7 +109,6 @@ app.post("/s3handler", function(req, res) { // Omit if you don't want to support this feature. app.delete("/s3handler/*", function(req, res) { debug("Accepting DELETE to /s3handler"); - addAccessControlAllowOrigin(res); deleteFile(req.query.bucket, req.query.key, function(err) { if (err) { console.log("Problem deleting file: " + err); @@ -122,10 +120,11 @@ app.delete("/s3handler/*", function(req, res) { }); // Adds the Access-Control-Allow-Origin, if configured -function addAccessControlAllowOrigin(res) { +function addAccessControlAllowOrigin(req, res, next) { if (accessControlAllowOrigin) { res.header('Access-Control-Allow-Origin', accessControlAllowOrigin); } + next(); } // Signs any requests. Delegate to a more specific signer based on type of request. From 2aadf1aa91236b72fa14d0b94ed93bf33ace4998 Mon Sep 17 00:00:00 2001 From: Barrie Treloar Date: Wed, 17 May 2017 13:49:49 +0930 Subject: [PATCH 15/16] Remove debugs on function invocation. --- nodejs/s3/s3handler.js | 17 ----------------- 1 file changed, 17 deletions(-) diff --git a/nodejs/s3/s3handler.js b/nodejs/s3/s3handler.js index 4e10de1..e1c5381 100644 --- a/nodejs/s3/s3handler.js +++ b/nodejs/s3/s3handler.js @@ -87,7 +87,6 @@ app.listen(port); debug(`s3handler listening on port ${port}`); app.options("/*", function(req, res, next){ - debug("Accepting OPTIONS to /s3handler"); res.header('Access-Control-Allow-Methods', 'POST,DELETE,OPTIONS'); res.header('Access-Control-Allow-Headers', 'Cache-Control, Content-Type, Authorization, Content-Length, X-Requested-With'); res.sendStatus(200); @@ -96,7 +95,6 @@ app.options("/*", function(req, res, next){ // Handles all signature requests and the success request FU S3 sends after the file is in S3 // You will need to adjust these paths/conditions based on your setup. app.post("/s3handler", function(req, res) { - debug("Accepting POST to /s3handler"); if (typeof req.query.success !== "undefined") { verifyFileInS3(req, res); } @@ -129,7 +127,6 @@ function addAccessControlAllowOrigin(req, res, next) { // Signs any requests. Delegate to a more specific signer based on type of request. function signRequest(req, res) { - debug("signRequest()"); if (req.body.headers) { signRestRequest(req, res); } @@ -140,7 +137,6 @@ function signRequest(req, res) { // Signs multipart (chunked) requests. Omit if you don't want to support chunking. function signRestRequest(req, res) { - debug("signRestRequest()"); var version = req.query.v4 ? 4 : 2, stringToSign = req.body.headers, signature = version === 4 ? signV4RestRequest(stringToSign) : signV2RestRequest(stringToSign); @@ -161,12 +157,10 @@ function signRestRequest(req, res) { } function signV2RestRequest(headersStr) { - debug("signV2RestRequest()"); return getV2SignatureKey(clientSecretKey, headersStr); } function signV4RestRequest(headersStr) { - debug("signV4RestRequest()"); var matches = /.+\n.+\n(\d+)\/(.+)\/s3\/aws4_request\n([\s\S]+)/.exec(headersStr), hashedCanonicalRequest = CryptoJS.SHA256(matches[3]), stringToSign = headersStr.replace(/(.+s3\/aws4_request\n)[\s\S]+/, '$1' + hashedCanonicalRequest); @@ -176,7 +170,6 @@ function signV4RestRequest(headersStr) { // Signs "simple" (non-chunked) upload requests. function signPolicy(req, res) { - debug("signPolicy()"); var policy = req.body, base64Policy = new Buffer(JSON.stringify(policy)).toString("base64"), signature = req.query.v4 ? signV4Policy(policy, base64Policy) : signV2Policy(base64Policy); @@ -198,12 +191,10 @@ function signPolicy(req, res) { } function signV2Policy(base64Policy) { - debug("signV2Policy()"); return getV2SignatureKey(clientSecretKey, base64Policy); } function signV4Policy(policy, base64Policy) { - debug("signV4Policy()"); var conditions = policy.conditions, credentialCondition; @@ -221,7 +212,6 @@ function signV4Policy(policy, base64Policy) { // Ensures the REST request is targeting the correct bucket. // Omit if you don't want to support chunking. function isValidRestRequest(headerStr, version) { - debug("isValidRestRequest()"); if (!expectedHostname) { console.log("ERROR: expectedHostname not set, unable to validate rest request"); return false; @@ -238,7 +228,6 @@ function isValidRestRequest(headerStr, version) { // Comment out the expectedMaxSize and expectedMinSize variables near // the top of this file to disable size validation on the policy document. function isPolicyValid(policy) { - debug("isPolicyValid()"); var bucket, parsedMaxSize, parsedMinSize, isValid; policy.conditions.forEach(function(condition) { @@ -276,9 +265,7 @@ function isPolicyValid(policy) { // After the file is in S3, make sure it isn't too big. // Omit if you don't have a max file size, or add more logic as required. function verifyFileInS3(req, res) { - debug("verifyFileInS3()"); function headReceived(err, data) { - debug("headReceived()"); if (err) { res.status(500); console.log(err); @@ -307,13 +294,11 @@ function verifyFileInS3(req, res) { } function getV2SignatureKey(key, stringToSign) { - debug("getV2SignatureKey()"); var words = CryptoJS.HmacSHA1(stringToSign, key); return CryptoJS.enc.Base64.stringify(words); } function getV4SignatureKey(key, dateStamp, regionName, serviceName, stringToSign) { - debug("getV4SignatureKey()"); var kDate = CryptoJS.HmacSHA256(dateStamp, "AWS4" + key), kRegion = CryptoJS.HmacSHA256(regionName, kDate), kService = CryptoJS.HmacSHA256(serviceName, kRegion), @@ -323,7 +308,6 @@ function getV4SignatureKey(key, dateStamp, regionName, serviceName, stringToSign } function deleteFile(bucket, key, callback) { - debug("deleteFile()"); callS3("delete", { bucket: bucket, key: key @@ -331,7 +315,6 @@ function deleteFile(bucket, key, callback) { } function callS3(type, spec, callback) { - debug("callS3()"); if (!serverPublicKey || !serverSecretKey) { throw new Error('AWS SDK disabled. Please set environment variable SERVER_PUBLIC_KEY and SERVER_SECRET_KEY'); } From 6a8b962f7af05bbddca3eebb58c80570134bb137 Mon Sep 17 00:00:00 2001 From: Barrie Treloar Date: Wed, 17 May 2017 14:02:30 +0930 Subject: [PATCH 16/16] Remove debug. --- nodejs/s3/s3handler.js | 1 - 1 file changed, 1 deletion(-) diff --git a/nodejs/s3/s3handler.js b/nodejs/s3/s3handler.js index e1c5381..a4fb214 100644 --- a/nodejs/s3/s3handler.js +++ b/nodejs/s3/s3handler.js @@ -106,7 +106,6 @@ app.post("/s3handler", function(req, res) { // Handles the standard DELETE (file) request sent by Fine Uploader S3. // Omit if you don't want to support this feature. app.delete("/s3handler/*", function(req, res) { - debug("Accepting DELETE to /s3handler"); deleteFile(req.query.bucket, req.query.key, function(err) { if (err) { console.log("Problem deleting file: " + err);