3 |
4 |
6 |
7 |
35 |
36 |
--------------------------------------------------------------------------------
/assets/html/com/mobile-nav.html:
--------------------------------------------------------------------------------
1 |
2 | <% if (sessionUser) { %>
3 |
4 |
6 | <% } %>
7 |
8 |
10 |
11 |
12 |
47 |
48 |
--------------------------------------------------------------------------------
/assets/html/com/nav.html:
--------------------------------------------------------------------------------
1 | <% include mobile-nav.html %>
2 | <% include full-nav.html %>
3 | <% include session-alerts.html %>
--------------------------------------------------------------------------------
/assets/html/com/session-alerts.html:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/assets/html/com/stdhead.html:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
--------------------------------------------------------------------------------
/assets/html/com/stdjs.html:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
--------------------------------------------------------------------------------
/assets/html/com/tools-cta.html:
--------------------------------------------------------------------------------
1 |
37 |
--------------------------------------------------------------------------------
/assets/html/com/your-archives.html:
--------------------------------------------------------------------------------
1 |
2 |
3 |
Your archives
4 |
5 | <%= bytes(diskUsage) %>/<%= bytes(diskQuota) %>
6 | <% if (diskUsage > diskQuota) { %>
7 |
10 |
11 |
12 | <% if (!sessionUser.archives.length) { %>
13 |
14 | No archives
15 |
16 | <% } %>
17 |
18 |
32 | <% if (sessionUser.archives.length > 10) { %>
33 |
34 | View <%= sessionUser.archives.length - 10 %> more archives...
35 |
36 | <% } %>
37 |
38 |
--------------------------------------------------------------------------------
/assets/html/error.html:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
<%= error.status || 500 %> - <%= appInfo.brandname %>
5 | <% include com/stdhead.html %>
6 |
7 |
8 |
9 | <%- include('com/nav.html', {navClass: ''}) %>
10 |
11 |
12 |
13 |
<%= error.status || 500 %> - Error
14 |
<%= error.message || error.body.message %>
15 |
Lost? Contact Support
16 |
18 |
19 | <% include com/footer.html %>
20 | <% include com/stdjs.html %>
21 |
22 |
23 |
--------------------------------------------------------------------------------
/assets/html/explore-activity.html:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
Activity - <%= appInfo.brandname %>
5 | <% include com/stdhead.html %>
6 |
7 |
8 | <%- include('com/nav.html', {navClass: ''}) %>
9 |
10 |
11 |
12 |
Recent activity
13 | <% include com/activity.html %>
14 |
15 |
16 |
17 | <% include com/footer.html %>
18 | <% include com/stdjs.html %>
19 |
20 |
--------------------------------------------------------------------------------
/assets/html/explore.html:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
Explore - <%= appInfo.brandname %>
5 | <% include com/stdhead.html %>
6 |
7 |
8 | <%- include('com/nav.html', {navClass: ''}) %>
9 |
10 |
11 |
12 |
Explore users
13 |
18 |
20 |
21 | <% include com/footer.html %>
22 | <% include com/stdjs.html %>
23 |
24 |
--------------------------------------------------------------------------------
/assets/html/forgot-password.html:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
Forgot Password - <%= appInfo.brandname %>
5 | <% include com/stdhead.html %>
6 |
7 |
8 | <%- include('com/nav.html', {navClass: ''}) %>
9 |
10 |
11 |
30 |
31 |
32 | New? Create an account
33 |
34 | '
58 |
59 | # login sessions
60 | sessions:
61 | algorithm: HS256
62 | secret: THIS MUST BE REPLACED!
63 | expiresIn: 1h
64 |
--------------------------------------------------------------------------------
/contributors.yml:
--------------------------------------------------------------------------------
1 | ---
2 | name: Paul Frazee
3 | catchphrase: "If it ain't P2P, it ain't free"
4 | website: https://twitter.com/pfrazee
5 | ---
6 | name: Joe Hand
7 | catchphrase: "Building things by hand."
8 | website: https://joeahand.com
9 | ---
10 | name: Yvo Brevoort
11 | catchphrase: "Simply edit all the things"
12 | website: https://twitter.com/YvoBrevoort
--------------------------------------------------------------------------------
/docs/README.md:
--------------------------------------------------------------------------------
1 | # Docs
2 |
3 | - [Contributing Guidelines](../CONTRIBUTING.md)
4 |
5 | ### APIs
6 |
7 | - [Web API](./webapis.md). Complete description of all endpoints.
8 |
9 | ### Flows
10 |
11 | - [Registration Flow](./flows/registration.md). User-registration and verification.
12 | - [Forgot Password Flow](./flows/forgot-password.md). User password reset.
13 | - [Dat Ownership Proof Flow](./flows/dat-ownership-proof.md). How ownership of a dat by a specific user is verified.
14 |
15 | ### Components
16 |
17 | - [Jobs](./components/jobs.md). Behaviors that either get triggered by a message, or auto-triggered by the scheduler.
18 | - [Triggers](./components/triggers.md). Any file-indexing is handled by Triggers, which watch for changes to specific paths and archives, then queue jobs automatically when a change is detected.
19 | - [Locks](./components/locks.md). Locks are used internally to create regions of async code that will only be entered one at a time.
20 |
21 | ### Schemas
22 |
23 | - [Access Scopes](./schemas/access-scopes.md). The different permissions available to users.
24 | - [LevelDB](./schemas/leveldb.md). LevelDB layout and objects.
25 | - [Events](./schemas/events.md). Events emitted by various components.
--------------------------------------------------------------------------------
/docs/components/jobs.md:
--------------------------------------------------------------------------------
1 | # Jobs Component
2 |
3 | Jobs are behaviors that either get triggered by a message, or auto-triggered by the scheduler.
4 |
5 | ## Jobs API
6 |
7 | The jobs manager is an event broker. When it comes time to scale horizontally, it will be internally rewritten to use RabbitMQ.
8 |
9 | ```js
10 | jobs.queue(name[, data]) // add a one-time job
11 | jobs.requeue(job) // remove, then re-add the job to the queue
12 | jobs.markDone(job) // remove the job from the queue
13 | jobs.addHandler(name, job => ...) // add a handler for the job
14 | jobs.removeHandler(handlerId) // remove a handler
15 | ```
16 |
17 | Example of setting up jobs:
18 |
19 | ```js
20 | jobs.queue('verify-profile-dat', { userId: '...', url: '...' })
21 | jobs.queue('clean-unverified-users')
22 | ```
23 |
24 | Example of handling jobs:
25 |
26 | ```js
27 | var { hostname } = config
28 | jobs.addHandler('verify-profile-dat', job => {
29 | var { userId, url } = job.data
30 | readDatFile(`${url}/proofs/${hostname}`, (err, data) => {
31 | // ...
32 | jobs.markDone(job)
33 | })
34 | })
35 | ```
36 |
37 | ## Scheduler API
38 |
39 | The scheduler adds cron-style timers/intervals to queue jobs at certain times.
40 |
41 | ```js
42 | scheduler.add(name, when[, data]) // schedule a job (cron syntax)
43 | scheduler.list([name]) // list active jobs
44 | scheduler.remove(scheduleId) // remove a scheduled job
45 | ```
46 |
47 | Example of scheduling jobs:
48 |
49 | ```js
50 | // should be run during app startup
51 | scheduler.add('clean-unverified-users', '0 0 0 * * *') // run at midnight every day
52 | ```
53 |
54 | ## Jobs
55 |
56 | ### Verify Profile Dat
57 |
58 | - Name: `verify-profile-dat'
59 | - Task: Read the proof file in the profile, verify the proof, and update the user record.
60 | - Data:
61 | - `userId`: ID of the account that is attached to the profile
62 | - `url`: URL of the profile-dat
63 | - Preconditions:
64 | - User account should have its email verified
65 | - Profile-dat and the proof-file should be locally available
66 |
67 | ### Dead Archive Cleanup
68 |
69 | - Name: `clean-dead-archives`
70 | - Task: Deletes any archives referenced in [`dead-archives`](https://github.com/joehand/hypercloud/wiki/Archives-Schema#layout) (no hosting users).
71 |
72 | ### Unverified User Cleanup
73 |
74 | - Name: `clean-unverified-users`
75 | - Task: Deletes any user records older than a day with `isEmailVerified==false`
--------------------------------------------------------------------------------
/docs/components/locks.md:
--------------------------------------------------------------------------------
1 | # Locks Component
2 |
3 | Locks are used internally to create regions of async code that will only be entered one at a time. Locks are necessary to coordinate multi-step changes to the level databases.
4 |
5 | Take care to coordinate the locks across the codebase. Some lock identifiers need to be reused in multiple code regions. Be careful not to use an identifier twice in a row, without first releasing, since that will stall the request.
6 |
7 | ## Usage
8 |
9 | ```js
10 | var lock = require('./lock')
11 |
12 | async function foo () {
13 | var release = await lock('bar')
14 | try {
15 | // do work
16 | } finally {
17 | release()
18 | }
19 | }
20 | ```
21 |
22 | Be sure to always use a try/finally block.
23 |
24 | ## Locks in use
25 |
26 | - `users`. Must be used any time updates are made to the users DB.
27 | - `archives`. Must be used any time an update is made to the archives DB.
28 | - `archiver-job`. Used to make sure only one job runs at once (to avoid overloading the thread).
--------------------------------------------------------------------------------
/docs/components/triggers.md:
--------------------------------------------------------------------------------
1 | # Triggers Component
2 |
3 | Any file-indexing is handled by Triggers, which watch for changes to specific paths and archives, then queue jobs automatically when a change is detected.
4 |
5 | In some ways, Triggers are an alternative control mechanism to HTTP requests. Rather than a GET/POST, clients write and upload files which cause updates in the hypercloud instance.
6 |
7 | ## Triggers API
8 |
9 | ```js
10 | triggers.add(pathSpec, handler) // add a trigger & handler function
11 | triggers.list() // list the active triggers
12 | triggers.remove(handerId) // remove a trigger & handler
13 | ```
14 |
15 | The `pathSpec` may be a string or regex.
16 |
17 | Example usage:
18 |
19 | ```js
20 | triggers.add('/proofs/hypercloud.com', (archive, entry) => {
21 | jobs.queue('verify-profile-dat', { datUrl: archive.url })
22 | })
23 |
24 | triggers.add(new RegExp('/dats/[a-z0-9]'), (archive, entry) => {
25 | // ...
26 | })
27 | ```
--------------------------------------------------------------------------------
/docs/flows/dat-ownership-proof.md:
--------------------------------------------------------------------------------
1 | # Dat Ownership Proof Flow
2 |
3 | This describes a process for asserting ownership of a Dat by writing a pre-defined payload, then syncing the dat to hypercloud.
4 |
5 | > This spec was originally part of the registration flow. It's now being preserved, as a general-purpose flow, until we have a deployment plan for it.
6 |
7 | ## Step 1. Claim ownership (POST /v2/archives/claim)
8 |
9 | User POSTS `/v2/archives/claim` while authenticated with body (JSON):
10 |
11 | ```
12 | {
13 | key: String, they key of the dat, or
14 | url: String, the url of the dat
15 | }
16 | ```
17 |
18 | Server generates the `proof` (a non-expiring JWT) with the following content:
19 |
20 | ```
21 | {
22 | id: String, id of the user
23 | url: String, the URL of the dat
24 | }
25 | ```
26 |
27 | Server responds 200 with the body:
28 |
29 | ```
30 | {
31 | proof: String, the encoded JWT
32 | hostname: String, the hostname of this service
33 | }
34 | ```
35 |
36 | ## Step 2. Write proof
37 |
38 | User writes the `proof` to the `/proofs/:hostname` file of their profile dat. User then syncs the updated dat to the service.
39 |
40 | User GETS `/v2/archives/item/:key?view=proofs` periodically to watch for successful sync.
41 |
42 | ## Step 3. Validate claim
43 |
44 | Server receives proof-file in the dat. After checking the JWT signature, the server updates archive record to indicate the verified ownership.
--------------------------------------------------------------------------------
/docs/flows/forgot-password.md:
--------------------------------------------------------------------------------
1 | # Forgot Password Flow
2 |
3 | ## Step 1. Trigger flow (POST /v2/accounts/forgot-password)
4 |
5 | User POSTS to `/v2/accounts/forgot-password` with body:
6 |
7 | ```
8 | {
9 | email: String
10 | }
11 | ```
12 |
13 | A random 32-byte email-verification nonce is created and saved the user record. The user record indicates:
14 |
15 | forgotPasswordNonce|passwordHash|passwordSalt
16 | ---------------------------------------------
17 | XXX|old|old
18 |
19 | Server sends an email to the user with the `forgotPasswordNonce`.
20 |
21 | Server responds 200 with JSON indicating to check email.
22 |
23 | ## Step 2. Update password (POST /v2/accounts/account/password)
24 |
25 | User POSTS `/v2/accounts/account/password` with body:
26 |
27 | ```
28 | {
29 | username: String, username of the account
30 | nonce: String, verification nonce
31 | newPassword: String, new password
32 | }
33 | ```
34 |
35 | Server updates user record to indicate:
36 |
37 | forgotPasswordNonce|passwordHash|passwordSalt
38 | ---------------------------------------------
39 | null|new|new
--------------------------------------------------------------------------------
/docs/flows/registration.md:
--------------------------------------------------------------------------------
1 | # User Registration Flow
2 |
3 | ## Step 1. Register (POST /v2/accounts/register)
4 |
5 | User POSTS to `/v2/accounts/register` with body:
6 |
7 | ```
8 | {
9 | email: String
10 | username: String
11 | password: String
12 | }
13 | ```
14 |
15 | Server creates a new account for the user. A random 32-byte email-verification nonce is created. The user record indicates:
16 |
17 | scopes|isEmailVerified|emailVerificationNonce
18 | ------|---------------|----------------
19 | none|false|XXX
20 |
21 | Server sends an email to the user with the `emailVerificationNonce`.
22 |
23 | Server responds 200 with HTML/JSON indicating to check email.
24 |
25 | ## Step 2. Verify (GET or POST /v2/accounts/verify)
26 |
27 | User GETS or POSTS `/v2/accounts/verify` with query-params or body:
28 |
29 | ```
30 | {
31 | username: String, username of the account
32 | nonce: String, verification nonce
33 | }
34 | ```
35 |
36 | Server updates user record to indicate:
37 |
38 | scopes|isEmailVerified|emailVerificationNonce
39 | ------|---------------|----------------
40 | user|true|null
41 |
42 | Sever generates session JWT and responds 200 with auth=token.
--------------------------------------------------------------------------------
/docs/schemas/access-scopes.md:
--------------------------------------------------------------------------------
1 | # Access Scopes
2 |
3 | Scopes are hypercloud's term for "permissions"
4 |
5 | - `user` - base permission, must be set for any non-public API to be used
6 | - `admin:dats` - control dats via API
7 | - `admin:users` - control users via API
--------------------------------------------------------------------------------
/docs/schemas/events.md:
--------------------------------------------------------------------------------
1 | ## UsersDB
2 |
3 | Emits:
4 |
5 | ```js
6 | usersDB.on('create', (record) => {})
7 | usersDB.on('put', (record) => {})
8 | usersDB.on('del', (record) => {})
9 | usersDB.on('add-archive', ({userId, archiveKey, name}, record) => {})
10 | usersDB.on('remove-archive', ({userId, archiveKey}, record) => {})
11 | ```
12 |
13 | ## ArchivesDB
14 |
15 | ```js
16 | archivesDB.emit('create', (record) => {})
17 | archivesDB.emit('put', (record) => {})
18 | archivesDB.emit('del', (record) => {})
19 | archivesDB.emit('add-hosting-user', ({key, userId}, record) => {})
20 | archivesDB.emit('remove-hosting-user', ({key, userId}, record) => {})
21 | ```
--------------------------------------------------------------------------------
/docs/schemas/leveldb.md:
--------------------------------------------------------------------------------
1 | # Level Database Schema
2 |
3 | Layout and schemas of the data in the LevelDB.
4 |
5 | ## Layout
6 |
7 | - `main`
8 | - `archives`: Map of `key => Archive object`.
9 | - `archives-index`: Index of `createdAt => key`
10 | - `accounts`: Map of `id => Account object`.
11 | - `accounts-index`: Index of `username => id`, `email => id`, `profileUrl => id`.
12 | - `global-activity`: Map of `timestamp => Event object`.
13 | - `global-activity-users-index`: Set of `username:timestamp => null` for doing user filtering.
14 | - `dead-archives`: Map of `key => undefined`. A listing of archives with no hosting users, and which need to be deleted.
15 |
16 | ## Archive object
17 |
18 | Schema:
19 |
20 | ```
21 | {
22 | key: String, the archive key
23 |
24 | hostingUsers: Array(String), list of user-ids hosting the archive
25 |
26 | updatedAt: Number, the timestamp of the last update
27 | createdAt: Number, the timestamp of creation time
28 | }
29 | ```
30 |
31 | ## Account object
32 |
33 | Schema:
34 |
35 | ```
36 | {
37 | id: String, the assigned id
38 | username: String, the chosen username
39 | passwordHash: String, hashed password
40 | passwordSalt: String, salt used on hashed password
41 |
42 | email: String
43 | pendingEmail: String, the user's new email address pending verification
44 | profileURL: String, the url of the profile dat
45 | archives: [{
46 | key: String, uploaded archive's key
47 | name: String, optional shortname for the archive
48 | }, ..]
49 | scopes: Array(String), the user's access scopes
50 | suspension: String, if suspended, will be set to an explanation
51 | updatedAt: Number, the timestamp of the last update
52 | createdAt: Number, the timestamp of creation time
53 |
54 | isEmailVerified: Boolean
55 | emailVerificationNonce: String, the random verification nonce (register flow)
56 |
57 | forgotPasswordNonce: String, the random verification nonce (forgot password flow)
58 |
59 | isProfileDatVerified: Boolean
60 | profileVerifyToken: String, the profile verification token (stored so the user can refetch it)
61 | }
62 | ```
63 |
64 | ## Report object
65 |
66 | Schema:
67 | ```
68 | {
69 | id: String, the id of this report
70 |
71 | archiveKey: String, the archive key
72 |
73 | archiveOwner: String, the user ID of the archive’s owner
74 | reportingUser: String, the user ID of the user that reported it
75 |
76 | reason: String, the reason for reporting the archive
77 | status: String, the status of the report. Can be ‘open’ or ‘closed’
78 | notes: String, administrative notes on this report (used internally)
79 |
80 | createdAt: Number, the timestamp of the report
81 | updatedAt: Number, the timestamp the report was last updated
82 | }
83 | ```
84 |
85 | ## Event object
86 |
87 | Schema:
88 |
89 | ```
90 | {
91 | ts: Number, the timestamp of the event
92 | userid: String, the user who made the change
93 | username: String, the name of the user who made the change
94 | action: String, the label for the action
95 | params: Object, a set of arbitrary KVs relevant to the action
96 | }
97 | ```
--------------------------------------------------------------------------------
/lib/analytics.js:
--------------------------------------------------------------------------------
1 | const mtb36 = require('monotonic-timestamp-base36')
2 | const ms = require('ms')
3 |
4 | // exported api
5 | // =
6 |
7 | module.exports.middleware = function (cloud) {
8 | return (req, res, next) => {
9 | var peaID = req.cookies['pea-id']
10 | if (!peaID) {
11 | // set analytics cookie
12 | peaID = mtb36()
13 | res.cookie('pea-id', peaID, {
14 | domain: cloud.config.hostname,
15 | httpOnly: true,
16 | maxAge: ms('1y'),
17 | sameSite: 'Lax'
18 | })
19 | }
20 |
21 | req.logAnalytics = function (event, extra = {}) {
22 | var referer = req.headers.referer
23 | if (referer && referer.startsWith('https://' + cloud.config.hostname)) {
24 | referer = null
25 | }
26 | extra.method = req.method
27 | extra.user = res.locals.sessionUser ? res.locals.sessionUser.username : null
28 | cloud.analytics.logEvent({
29 | event: event,
30 | url: req.path,
31 | session: peaID,
32 | userAgent: req.headers['user-agent'],
33 | ip: req.ip,
34 | referer,
35 | extra
36 | })
37 | }
38 |
39 | // log request
40 | req.logAnalytics('visit')
41 |
42 | next()
43 | }
44 | }
45 |
--------------------------------------------------------------------------------
/lib/apis/reports.js:
--------------------------------------------------------------------------------
1 | const {UnauthorizedError, ForbiddenError} = require('../const')
2 |
3 | // exported api
4 | // =
5 |
6 | module.exports = class ReportsAPI {
7 | constructor (cloud) {
8 | this.reportsDB = cloud.reportsDB
9 | this.usersDB = cloud.usersDB
10 | }
11 |
12 | async add (req, res) {
13 | // validate session
14 | if (!res.locals.session) throw new UnauthorizedError()
15 | if (!res.locals.session.scopes.includes('user')) throw new ForbiddenError()
16 |
17 | // validate & sanitize input
18 | req.checkBody('archiveKey').isDatHash()
19 | req.checkBody('archiveOwner').isAlphanumeric()
20 | req.checkBody('reason').isAlphanumeric()
21 | ;(await req.getValidationResult()).throw()
22 |
23 | var { archiveKey, archiveOwner, reason } = req.body
24 |
25 | try {
26 | // fetch the archive owner's record
27 | var archiveOwnerRecord = await this.usersDB.getByUsername(archiveOwner)
28 | var report = Object.assign({}, {
29 | archiveKey,
30 | archiveOwner: archiveOwnerRecord.id,
31 | reason,
32 | reportingUser: res.locals.session.id
33 | })
34 |
35 | // create the report
36 | await this.reportsDB.create(report)
37 | } catch (e) {
38 | return res.status(422).json({
39 | message: 'There were errors in your submission'
40 | })
41 | }
42 |
43 | // respond
44 | res.status(200).end()
45 | }
46 | }
47 |
--------------------------------------------------------------------------------
/lib/apis/service.js:
--------------------------------------------------------------------------------
1 | var {NotImplementedError} = require('../const')
2 |
3 | // exported api
4 | // =
5 |
6 | module.exports = class ServicesAPI {
7 | constructor (cloud) {
8 | this.config = cloud.config
9 | this.usersDB = cloud.usersDB
10 | this.activityDB = cloud.activityDB
11 | this.archivesDB = cloud.archivesDB
12 | }
13 |
14 | async frontpage (req, res, next) {
15 | var contentType = req.accepts(['html', 'json'])
16 | if (contentType === 'json') throw new NotImplementedError()
17 | next()
18 | }
19 |
20 | async psaDoc (req, res) {
21 | return res.status(200).json({
22 | PSA: 1,
23 | title: this.config.brandname,
24 | description: 'A public peer service for Dat',
25 | links: [{
26 | rel: 'https://archive.org/services/purl/purl/datprotocol/spec/pinning-service-account-api',
27 | title: 'User accounts API',
28 | href: '/v2/accounts'
29 | }, {
30 | rel: 'https://archive.org/services/purl/purl/datprotocol/spec/pinning-service-dats-api',
31 | title: 'Dat pinning API',
32 | href: '/v2/archives'
33 | }]
34 | })
35 | }
36 |
37 | async explore (req, res, next) {
38 | if (req.query.view === 'activity') {
39 | return res.json({
40 | activity: await this.activityDB.listGlobalEvents({
41 | limit: 25,
42 | lt: req.query.start,
43 | reverse: true
44 | })
45 | })
46 | }
47 | if (req.query.view === 'featured') {
48 | return res.json({
49 | featured: (await this.archivesDB.list({featuredOnly: true, getExtra: true})).map(mapArchiveObject)
50 | })
51 | }
52 | if (req.query.view === 'popular') {
53 | return res.json({
54 | popular: (await this.archivesDB.list({
55 | sort: 'popular',
56 | limit: 25,
57 | cursor: req.query.start
58 | })).map(mapArchiveObject)
59 | })
60 | }
61 | if (req.query.view === 'recent') {
62 | return res.json({
63 | recent: (await this.archivesDB.list({
64 | sort: 'createdAt',
65 | limit: 25,
66 | cursor: req.query.start,
67 | getExtra: true
68 | })).map(mapArchiveObject)
69 | })
70 | }
71 | next()
72 | }
73 | }
74 |
75 | function mapArchiveObject (archive) {
76 | return {
77 | key: archive.key,
78 | numPeers: archive.numPeers,
79 | name: archive.name,
80 | title: archive.manifest ? archive.manifest.title : null,
81 | description: archive.manifest ? archive.manifest.description : null,
82 | owner: archive.owner ? archive.owner.username : null,
83 | createdAt: archive.createdAt
84 | }
85 | }
86 |
--------------------------------------------------------------------------------
/lib/config.js:
--------------------------------------------------------------------------------
1 | const fs = require('fs')
2 | const path = require('path')
3 | const extend = require('deep-extend')
4 | const yaml = require('js-yaml')
5 | const figures = require('figures')
6 |
7 | function load (name) {
8 | var str, doc
9 | var filepath = path.join(__dirname, `../config.${name}.yml`)
10 |
11 | try {
12 | str = fs.readFileSync(filepath, 'utf8')
13 | } catch (e) {
14 | return {}
15 | }
16 |
17 | try {
18 | doc = yaml.safeLoad(str)
19 | } catch (e) {
20 | console.log('Failed to parse', filepath, e)
21 | return {}
22 | }
23 |
24 | return doc
25 | }
26 |
27 | // load the config
28 | var env = process.env.NODE_ENV || 'development'
29 | var defaultCfg = load('defaults')
30 | var envCfg = load(env)
31 | module.exports = extend(defaultCfg, envCfg, { env })
32 |
33 | // some warnings
34 | if (!module.exports.csrf) {
35 | console.log(figures.warning, 'WARNING: CSRF is DISABLED')
36 | }
37 | if (!module.exports.stripe) {
38 | console.log(figures.warning, 'WARNING: Stripe payments are DISABLED')
39 | }
40 |
--------------------------------------------------------------------------------
/lib/const.js:
--------------------------------------------------------------------------------
1 | exports.DAT_KEY_REGEX = /([0-9a-f]{64})/i
2 | exports.DAT_URL_REGEX = /^(dat:\/\/[0-9a-f]{64})/i
3 | exports.DAT_NAME_REGEX = /^([0-9a-zA-Z-]*)$/i
4 |
5 | exports.ADMIN_MODIFIABLE_FIELDS_USER = [
6 | 'username',
7 | 'email',
8 | 'scopes',
9 | 'suspension',
10 | 'createdAt',
11 | 'plan',
12 | 'diskQuota',
13 | 'namedArchiveQuota',
14 | 'isEmailVerified',
15 | 'stripeCustomerId',
16 | 'stripeSubscriptionId',
17 | 'stripeTokenId',
18 | 'stripeCardId',
19 | 'stripeCardBrand',
20 | 'stripeCardCountry',
21 | 'stripeCardCVCCheck',
22 | 'stripeCardExpMonth',
23 | 'stripeCardExpYear',
24 | 'stripeCardLast4'
25 | ]
26 |
27 | exports.ADMIN_MODIFIABLE_FIELDS_REPORT = [
28 | 'status',
29 | 'notes'
30 | ]
31 |
32 | // active_users cohort states
33 | exports.COHORT_STATE_REGISTERED = 1
34 | exports.COHORT_STATE_ACTIVATED = 2
35 | exports.COHORT_STATE_ACTIVE = 3
36 |
37 | exports.BadRequestError = class BadRequestError extends Error {
38 | constructor (message) {
39 | super(message)
40 | this.name = 'BadRequestError'
41 | this.status = 400
42 | this.body = {
43 | message: message || 'Bad request',
44 | badRequest: true
45 | }
46 | }
47 | }
48 |
49 | exports.NotFoundError = class NotFoundError extends Error {
50 | constructor (message) {
51 | super(message)
52 | this.name = 'NotFoundError'
53 | this.status = 404
54 | this.body = {
55 | message: message || 'Resource not found',
56 | notFound: true
57 | }
58 | }
59 | }
60 |
61 | exports.UnauthorizedError = class UnauthorizedError extends Error {
62 | constructor (message) {
63 | super(message)
64 | this.name = 'UnauthorizedError'
65 | this.status = 401
66 | this.body = {
67 | message: message || 'You must sign in to access this resource',
68 | notAuthorized: true
69 | }
70 | }
71 | }
72 |
73 | exports.ForbiddenError = class ForbiddenError extends Error {
74 | constructor (message) {
75 | super(message)
76 | this.name = 'ForbiddenError'
77 | this.status = 403
78 | this.body = {
79 | message: message || 'You dont have the rights to access this resource',
80 | forbidden: true
81 | }
82 | }
83 | }
84 |
85 | exports.NotImplementedError = class NotImplementedError extends Error {
86 | constructor (message) {
87 | super(message)
88 | this.name = 'NotImplementedError'
89 | this.status = 501
90 | this.body = {
91 | message: message || 'Resources not yet implemented',
92 | notImplemented: true
93 | }
94 | }
95 | }
96 |
--------------------------------------------------------------------------------
/lib/crypto.js:
--------------------------------------------------------------------------------
1 | var promisify = require('es6-promisify')
2 | var { createHash, randomBytes } = require('crypto')
3 |
4 | // promisify some methods
5 | randomBytes = promisify(randomBytes)
6 |
7 | // exported api
8 | // =
9 |
10 | exports.randomBytes = randomBytes
11 |
12 | exports.shasum = shasum
13 | function shasum (buf) {
14 | if (typeof buf !== 'string' && !Buffer.isBuffer(buf)) {
15 | buf = JSON.stringify(buf)
16 | }
17 | return createHash('sha256')
18 | .update(buf, Buffer.isBuffer(buf) ? null : 'utf8')
19 | .digest('hex')
20 | }
21 |
22 | exports.hashPassword = async function (password) {
23 | // generate a new salt and hash the password with it
24 | var passwordSalt = await randomBytes(16)
25 | password = Buffer.from(password, 'utf8')
26 | return {
27 | passwordHash: shasum(Buffer.concat([passwordSalt, password])),
28 | passwordSalt: passwordSalt.toString('hex')
29 | }
30 | }
31 |
32 | exports.verifyPassword = function (password, userRecord) {
33 | // verify that the given password, when hashed, is the same as the password on record
34 | var passwordHash = shasum(Buffer.concat([
35 | Buffer.from(userRecord.passwordSalt, 'hex'),
36 | Buffer.from(password, 'utf8')
37 | ]))
38 | return (passwordHash === userRecord.passwordHash)
39 | }
40 |
--------------------------------------------------------------------------------
/lib/dbs/activity.js:
--------------------------------------------------------------------------------
1 | var assert = require('assert')
2 | var SQL = require('sql-template-strings')
3 |
4 | // constants
5 | // =
6 |
7 | // valid actions
8 | const ACTIONS = [
9 | 'add-archive',
10 | 'del-archive',
11 | 'update-archive'
12 | ]
13 |
14 | // exported api
15 | // =
16 |
17 | class ActivityDB {
18 | constructor (cloud) {
19 | this.sqlite = cloud.db
20 | }
21 |
22 | async setup () {
23 | // noop
24 | }
25 |
26 | // basic ops
27 | // =
28 |
29 | async writeGlobalEvent (record, opts = {}) {
30 | assert(record && typeof record === 'object')
31 | assert(typeof record.userid === 'string', 'Valid userid type')
32 | assert(typeof record.username === 'string', 'Valid username type')
33 | assert(ACTIONS.includes(record.action), 'Valid action type')
34 | if (!opts.doNotModify) {
35 | record.ts = Date.now()
36 | }
37 | var {ts, userid, username, action, params} = ActivityDB.serialize(record)
38 | await this.sqlite.run(SQL`
39 | INSERT INTO activity
40 | (ts, userid, username, action, params)
41 | VALUES
42 | (${ts}, ${userid}, ${username}, ${action}, ${params})
43 | `)
44 | return record
45 | }
46 |
47 | async delGlobalEvent (key) {
48 | assert(typeof key === 'string')
49 | await this.sqlite.run(SQL`DELETE FROM activity WHERE key = ${key}`)
50 | }
51 |
52 | // getters
53 | // =
54 |
55 | async listGlobalEvents ({limit, lt, gt, lte, gte, reverse} = {}) {
56 | var query = SQL`SELECT * FROM activity`
57 | if (lt) query.append(SQL` WHERE key < ${lt}`)
58 | if (lte) query.append(SQL` WHERE key <= ${lte}`)
59 | if (gt) query.append(SQL` WHERE key > ${gt}`)
60 | if (gte) query.append(SQL` WHERE key >= ${gte}`)
61 | if (!reverse) query.append(SQL` ORDER BY key`)
62 | else query.append(SQL` ORDER BY key DESC`)
63 | if (limit) query.append(SQL` LIMIT ${limit}`)
64 | var records = await this.sqlite.all(query)
65 | return records.map(ActivityDB.deserialize)
66 | }
67 |
68 | async listUserEvents (username, {limit, lt, gt, lte, gte, reverse} = {}) {
69 | var query = SQL`SELECT * FROM activity WHERE username = ${username}`
70 | if (lt) query.append(SQL` AND key < ${lt}`)
71 | if (lte) query.append(SQL` AND key <= ${lte}`)
72 | if (gt) query.append(SQL` AND key > ${gt}`)
73 | if (gte) query.append(SQL` AND key >= ${gte}`)
74 | if (!reverse) query.append(SQL` ORDER BY key`)
75 | else query.append(SQL` ORDER BY key DESC`)
76 | if (limit) query.append(SQL` LIMIT ${limit}`)
77 | var records = await this.sqlite.all(query)
78 | return records.map(ActivityDB.deserialize)
79 | }
80 |
81 | // helpers
82 | // =
83 |
84 | static serialize (record) {
85 | if (!record) return null
86 | var r2 = Object.assign({}, record)
87 | if ('params' in r2) r2.params = JSON.stringify(record.params)
88 | return r2
89 | }
90 |
91 | static deserialize (record) {
92 | if (!record) return null
93 | var r2 = Object.assign({}, record)
94 | if ('params' in r2) r2.params = JSON.parse(r2.params)
95 | return r2
96 | }
97 | }
98 | module.exports = ActivityDB
99 |
--------------------------------------------------------------------------------
/lib/dbs/base.js:
--------------------------------------------------------------------------------
1 | var EventEmitter = require('events')
2 | var SQL = require('sql-template-strings')
3 |
4 | class Base extends EventEmitter {
5 | constructor (cloud, table, primaryKey) {
6 | super()
7 | this.cloud = cloud
8 | this.table = table
9 | this.primaryKey = primaryKey
10 | this.columns = []
11 | }
12 |
13 | async setup () {
14 | this.columns = (await this.cloud.db.all(`pragma table_info(${this.table});`)).map(column => column.name)
15 | }
16 |
17 | createInsertQuery (record) {
18 | var query = SQL`INSERT INTO`
19 | query.append(` ${this.table} `)
20 |
21 | var first = true
22 | query.append(`(`)
23 | this.columns.forEach(k => {
24 | if (!(k in record)) return
25 | if (!first) query.append(`, `)
26 | query.append(k)
27 | first = false
28 | })
29 | query.append(`)`)
30 |
31 | query.append(` VALUES `)
32 |
33 | first = true
34 | query.append(`(`)
35 | this.columns.forEach(k => {
36 | if (!(k in record)) return
37 | if (!first) query.append(`, `)
38 | query.append(SQL`${record[k]}`)
39 | first = false
40 | })
41 | query.append(`)`)
42 |
43 | // console.log('createInsertQuery', this.table, this.primaryKey, this.columns, record, query)
44 |
45 | return query
46 | }
47 |
48 | createUpdateQuery (record) {
49 | var query = SQL`UPDATE`
50 | query.append(` ${this.table} SET `)
51 |
52 | var first = true
53 | this.columns.forEach(k => {
54 | if (k === this.primaryKey) return
55 | if (!(k in record)) return
56 | if (!first) query.append(`, `)
57 | query.append(k)
58 | query.append(SQL` = ${record[k]}`)
59 | first = false
60 | })
61 |
62 | query.append(` WHERE ${this.primaryKey}`)
63 | query.append(SQL` = ${record[this.primaryKey]}`)
64 |
65 | // console.log('createUpdateQuery', this.table, this.primaryKey, this.columns, record, query)
66 | return query
67 | }
68 | }
69 |
70 | module.exports = Base
71 |
--------------------------------------------------------------------------------
/lib/dbs/legacy-leveldb/activity.js:
--------------------------------------------------------------------------------
1 | var sublevel = require('subleveldown')
2 | var collect = require('stream-collector')
3 |
4 | // exported api
5 | // =
6 |
7 | class ActivityDB {
8 | constructor (db) {
9 | // create levels
10 | this.globalActivityDB = sublevel(db, 'global-activity', { valueEncoding: 'json' })
11 | }
12 |
13 | // getters
14 | // =
15 |
16 | listGlobalEvents (opts) {
17 | return new Promise((resolve, reject) => {
18 | collect(this.globalActivityDB.createReadStream(opts), (err, res) => {
19 | if (err) reject(err)
20 | else resolve(res.map(toNiceObj))
21 | })
22 | })
23 | }
24 | }
25 | module.exports = ActivityDB
26 |
27 | // default user-record values
28 | ActivityDB.defaults = () => ({
29 | ts: null,
30 | userid: null,
31 | username: null,
32 | action: null,
33 | params: {}
34 | })
35 |
36 | // helper to convert {key:, value:} to just {values...}
37 | function toNiceObj (obj) {
38 | obj.value.key = obj.key
39 | return obj.value
40 | }
41 |
--------------------------------------------------------------------------------
/lib/dbs/legacy-leveldb/archives.js:
--------------------------------------------------------------------------------
1 | var EventEmitter = require('events')
2 | var assert = require('assert')
3 | var sublevel = require('subleveldown')
4 | var collect = require('stream-collector')
5 | var through = require('through2')
6 |
7 | // exported api
8 | // =
9 |
10 | class ArchivesDB extends EventEmitter {
11 | constructor (db) {
12 | super()
13 | this.archivesDB = sublevel(db, 'archives', { valueEncoding: 'json' })
14 | }
15 |
16 | // getters
17 | // =
18 |
19 | async getByKey (key) {
20 | assert(typeof key === 'string')
21 | try {
22 | return await this.archivesDB.get(key)
23 | } catch (e) {
24 | if (e.notFound) return null
25 | throw e
26 | }
27 | }
28 |
29 | list ({cursor, limit, reverse, sort, getExtra} = {}) {
30 | return new Promise((resolve, reject) => {
31 | var opts = {limit, reverse}
32 | // find indexes require a start- and end-point
33 | if (sort === 'createdAt') {
34 | if (reverse) {
35 | opts.lt = cursor || '\xff'
36 | opts.gte = 0
37 | } else {
38 | opts.gt = cursor || 0
39 | opts.lte = '\xff'
40 | }
41 | } else if (typeof cursor !== 'undefined') {
42 | // set cursor according to reverse
43 | if (reverse) opts.lt = cursor
44 | else opts.gt = cursor
45 | }
46 | // fetch according to sort
47 | var stream = this.archivesDB.createValueStream(opts)
48 | // "join" additional info
49 | if (getExtra) {
50 | stream = stream.pipe(through.obj(async (record, enc, cb) => {
51 | try {
52 | cb(null, await this.getByKey(record.key))
53 | } catch (e) {
54 | cb(e)
55 | }
56 | }))
57 | }
58 | // collect into an array
59 | collect(stream, (err, res) => {
60 | if (err) reject(err)
61 | else resolve(res.filter(Boolean))
62 | })
63 | })
64 | }
65 | }
66 | module.exports = ArchivesDB
67 |
68 | // default user-record values
69 | ArchivesDB.defaults = () => ({
70 | key: null,
71 |
72 | hostingUsers: [], // NOTE currently just 1 entry is allowed
73 |
74 | // denormalized data
75 | name: false, // stored canonically in the hosting user record
76 | ownerName: '', // stored canonically in the hosting user record
77 |
78 | // stats
79 | diskUsage: undefined,
80 | numBlocks: 0,
81 | numDownloadedBlocks: 0,
82 | numBytes: 0,
83 | numFiles: 0,
84 |
85 | updatedAt: 0,
86 | createdAt: 0
87 | })
88 |
--------------------------------------------------------------------------------
/lib/dbs/legacy-leveldb/featured-archives.js:
--------------------------------------------------------------------------------
1 | const assert = require('assert')
2 | const sublevel = require('subleveldown')
3 |
4 | // exported api
5 | // =
6 |
7 | class FeaturedArchivesDB {
8 | constructor (db) {
9 | this.featuredDB = sublevel(db, 'featured-archives', { valueEncoding: 'json' })
10 | }
11 |
12 | // getters
13 | // =
14 |
15 | async has (key) {
16 | assert(typeof key === 'string')
17 | try {
18 | await this.featuredDB.get(key)
19 | return true // if it doesnt fail, the key exists
20 | } catch (e) {
21 | return false
22 | }
23 | }
24 | }
25 | module.exports = FeaturedArchivesDB
26 |
--------------------------------------------------------------------------------
/lib/dbs/legacy-leveldb/reports.js:
--------------------------------------------------------------------------------
1 | var EventEmitter = require('events')
2 | var assert = require('assert')
3 | var sublevel = require('subleveldown')
4 | var collect = require('stream-collector')
5 |
6 | // exported api
7 | // =
8 |
9 | class ReportsDB extends EventEmitter {
10 | constructor (db) {
11 | super()
12 | this.reportsDB = sublevel(db, 'reports', { valueEncoding: 'json' })
13 | }
14 |
15 | // getters
16 | // =
17 |
18 | list ({cursor, limit, reverse, sort} = {}) {
19 | return new Promise((resolve, reject) => {
20 | var opts = {limit, reverse}
21 | // find indexes require a start- and end-point
22 | if (sort && sort !== 'id') {
23 | if (reverse) {
24 | opts.lt = cursor || '\xff'
25 | opts.gte = '\x00'
26 | } else {
27 | opts.gt = cursor || '\x00'
28 | opts.lte = '\xff'
29 | }
30 | } else if (typeof cursor !== 'undefined') {
31 | // set cursor according to reverse
32 | if (reverse) opts.lt = cursor
33 | else opts.gt = cursor
34 | }
35 | // fetch according to sort
36 | var stream = this.reportsDB.createValueStream(opts)
37 | // collect into an array
38 | collect(stream, (err, res) => {
39 | if (err) reject(err)
40 | else resolve(res)
41 | })
42 | })
43 | }
44 |
45 | async getByID (id) {
46 | assert(typeof id === 'string')
47 | try {
48 | return await this.reportsDB.get(id)
49 | } catch (e) {
50 | if (e.notFound) return null
51 | throw e
52 | }
53 | }
54 | }
55 |
56 | module.exports = ReportsDB
57 |
58 | // default user-record values
59 | ReportsDB.defaults = () => ({
60 | archiveKey: null,
61 |
62 | archiveOwner: null,
63 | reportingUser: null,
64 |
65 | reason: '',
66 | status: 'open',
67 | notes: '',
68 |
69 | createdAt: 0
70 | })
71 |
--------------------------------------------------------------------------------
/lib/dbs/legacy-leveldb/users.js:
--------------------------------------------------------------------------------
1 | var assert = require('assert')
2 | var sublevel = require('subleveldown')
3 | var collect = require('stream-collector')
4 | var EventEmitter = require('events')
5 |
6 | // exported api
7 | // =
8 |
9 | class UsersDB extends EventEmitter {
10 | constructor (db) {
11 | super()
12 | this.accountsDB = sublevel(db, 'accounts', { valueEncoding: 'json' })
13 | }
14 |
15 | // getters
16 | // =
17 |
18 | async getByID (id) {
19 | assert(typeof id === 'string')
20 | try {
21 | return await this.accountsDB.get(id)
22 | } catch (e) {
23 | if (e.notFound) return null
24 | throw e
25 | }
26 | }
27 |
28 | list ({cursor, limit, reverse, sort} = {}) {
29 | return new Promise((resolve, reject) => {
30 | var opts = {limit, reverse}
31 | // find indexes require a start- and end-point
32 | if (sort && sort !== 'id') {
33 | if (reverse) {
34 | opts.lt = cursor || '\xff'
35 | opts.gte = '\x00'
36 | } else {
37 | opts.gt = cursor || '\x00'
38 | opts.lte = '\xff'
39 | }
40 | } else if (typeof cursor !== 'undefined') {
41 | // set cursor according to reverse
42 | if (reverse) opts.lt = cursor
43 | else opts.gt = cursor
44 | }
45 | // fetch according to sort
46 | var stream = this.accountsDB.createValueStream(opts)
47 | // collect into an array
48 | collect(stream, (err, res) => {
49 | if (err) reject(err)
50 | else resolve(res)
51 | })
52 | })
53 | }
54 |
55 | createValueStream (opts) {
56 | return this.accountsDB.createValueStream(opts)
57 | }
58 | }
59 | module.exports = UsersDB
60 |
61 | // default user-record values
62 | UsersDB.defaults = () => ({
63 | username: null,
64 | passwordHash: null,
65 | passwordSalt: null,
66 |
67 | email: null,
68 | profileURL: null,
69 | scopes: [],
70 | suspension: null,
71 | archives: [],
72 | updatedAt: 0,
73 | createdAt: 0,
74 |
75 | plan: 'basic',
76 | diskUsage: 0,
77 |
78 | diskQuota: null,
79 | namedArchiveQuota: undefined,
80 |
81 | isEmailVerified: false,
82 | emailVerifyNonce: null,
83 |
84 | forgotPasswordNonce: null,
85 |
86 | isProfileDatVerified: false,
87 | profileVerifyToken: null,
88 |
89 | stripeCustomerId: null,
90 | stripeSubscriptionId: null,
91 | stripeTokenId: null,
92 | stripeCardId: null,
93 | stripeCardBrand: null,
94 | stripeCardCountry: null,
95 | stripeCardCVCCheck: null,
96 | stripeCardExpMonth: null,
97 | stripeCardExpYear: null,
98 | stripeCardLast4: null
99 | })
100 |
101 | // default user-record archive values
102 | UsersDB.archiveDefaults = () => ({
103 | key: null,
104 | name: null
105 | })
106 |
--------------------------------------------------------------------------------
/lib/dbs/reports.js:
--------------------------------------------------------------------------------
1 | var Base = require('./base')
2 | var assert = require('assert')
3 | var SQL = require('sql-template-strings')
4 |
5 | // exported api
6 | // =
7 |
8 | class ReportsDB extends Base {
9 | constructor (cloud) {
10 | super(cloud, 'reports', 'id')
11 | this.sqlite = cloud.db
12 | }
13 |
14 | // basic ops
15 | // =
16 |
17 | async create (record) {
18 | assert(record && typeof record === 'object')
19 | assert(typeof record.archiveKey === 'string')
20 | assert(typeof record.archiveOwner === 'string')
21 | assert(typeof record.reportingUser === 'string')
22 | assert(typeof record.reason === 'string')
23 | let {archiveKey, archiveOwner, reportingUser, reason} = record
24 | await this.sqlite.run(SQL`
25 | INSERT INTO reports
26 | (archiveKey, archiveOwner, reportingUser, reason, createdAt, updatedAt)
27 | VALUES
28 | (${archiveKey}, ${archiveOwner}, ${reportingUser}, ${reason}, ${Date.now()}, ${Date.now()})
29 | `)
30 | this.emit('create', record)
31 | return record
32 | }
33 |
34 | async put (record) {
35 | assert(record && typeof record === 'object')
36 | assert(typeof record.id === 'number')
37 | record.updatedAt = Date.now()
38 | await this.sqlite.run(this.createUpdateQuery(record))
39 | this.emit('put', record)
40 | }
41 |
42 | async del (record) {
43 | assert(record && typeof record === 'object')
44 | assert(typeof record.id === 'string')
45 | await this.sqlite.run(SQL`DELETE FROM reports WHERE id = ${record.id}`)
46 | this.emit('del', record)
47 | }
48 |
49 | // getters
50 |
51 | async getByID (id) {
52 | assert(typeof id === 'string')
53 | return this.sqlite.get(SQL`SELECT * FROM reports WHERE id = ${id}`)
54 | }
55 |
56 | async getByArchiveKey (key) {
57 | assert(typeof key === 'string')
58 | return this.sqlite.all(SQL`SELECT * FROM reports WHERE archiveKey = ${key}`)
59 | }
60 |
61 | async getByArchiveOwner (id) {
62 | assert(typeof id === 'string')
63 | return this.sqlite.all(SQL`SELECT * FROM reports WHERE archiveOwner = ${id}`)
64 | }
65 |
66 | async getByReportingUser (id) {
67 | assert(typeof id === 'string')
68 | return this.sqlite.all(SQL`SELECT * FROM reports WHERE reportingUser = ${id}`)
69 | }
70 |
71 | list ({cursor, limit, reverse, sort} = {}) {
72 | // construct query
73 | var query = SQL`SELECT * FROM reports`
74 | sort = sort || 'id'
75 | if (cursor) {
76 | query.append(` WHERE ${sort} `)
77 | if (reverse) query.append(SQL`< ${cursor}`)
78 | else query.append(SQL`> ${cursor}`)
79 | }
80 | query.append(` ORDER BY ${sort}`)
81 | if (reverse) query.append(SQL` DESC`)
82 | if (limit) query.append(SQL` LIMIT ${limit}`)
83 |
84 | // run query
85 | return this.sqlite.all(query)
86 | }
87 | }
88 |
89 | module.exports = ReportsDB
90 |
--------------------------------------------------------------------------------
/lib/dbs/schemas.js:
--------------------------------------------------------------------------------
1 | const LegacyLeveldb = require('./legacy-leveldb')
2 |
3 | // exported api
4 | // =
5 |
6 | class Schemas {
7 | constructor (cloud) {
8 | this.cloud = cloud
9 | }
10 |
11 | async runCorrections () {
12 | // none currently
13 | }
14 |
15 | async migrate () {
16 | await this.cloud.db.migrate({migrationsPath: './lib/dbs/migrations'})
17 | await LegacyLeveldb.migrateAsNeeded(this.cloud, this.cloud.config.dir)
18 | }
19 | }
20 | module.exports = Schemas
21 |
--------------------------------------------------------------------------------
/lib/lock.js:
--------------------------------------------------------------------------------
1 | var AwaitLock = require('await-lock')
2 |
3 | // wraps await-lock in a simpler interface, with many possible locks
4 | // usage:
5 | /*
6 | var lock = require('./lock')
7 | async function foo () {
8 | var release = await lock('bar')
9 | // ...
10 | release()
11 | }
12 | */
13 |
14 | var locks = {}
15 | module.exports = async function (key) {
16 | if (!(key in locks)) locks[key] = new AwaitLock()
17 |
18 | var lock = locks[key]
19 | await lock.acquireAsync()
20 | return lock.release.bind(lock)
21 | }
22 |
--------------------------------------------------------------------------------
/lib/mailer.js:
--------------------------------------------------------------------------------
1 | var assert = require('assert')
2 | var nodemailer = require('nodemailer')
3 | var templates = {
4 | verification: require('./templates/mail/verification'),
5 | 'forgot-password': require('./templates/mail/forgot-password'),
6 | 'verify-update-email': require('./templates/mail/verify-update-email'),
7 | 'support': require('./templates/mail/support')
8 | }
9 |
10 | // exported api
11 | // =
12 |
13 | module.exports = class Mailer {
14 | constructor (config) {
15 | this.hostname = config.hostname
16 | this.brandname = config.brandname
17 | this.sender = config.email.sender
18 | this._mailer = nodemailer.createTransport(config.email)
19 | }
20 |
21 | async send (tmpl, params) {
22 | assert(params.email)
23 | params = Object.assign({}, params, this)
24 | tmpl = templates[tmpl]
25 | try {
26 | return await this._mailer.sendMail({
27 | from: this.sender,
28 | to: params.email,
29 | subject: tmpl.subject(params),
30 | text: tmpl.text(params),
31 | html: tmpl.html(params)
32 | })
33 | } catch (err) {
34 | this.logError(err, tmpl, params)
35 | throw err
36 | }
37 | }
38 |
39 | get transport () {
40 | return this._mailer.transporter
41 | }
42 |
43 | logError (err, tmpl, params) {
44 | console.error('[ERROR] Failed to send email', tmpl, 'To:', params.email, 'Error:', err)
45 | }
46 | }
47 |
--------------------------------------------------------------------------------
/lib/proofs.js:
--------------------------------------------------------------------------------
1 | var assert = require('assert')
2 | var jwt = require('jsonwebtoken')
3 |
4 | // exported api
5 | // =
6 |
7 | module.exports = class Proofs {
8 | constructor (config) {
9 | this.secret = config.proofs.secret
10 | this.options = config.proofs
11 | delete this.options.secret
12 | assert(this.secret, 'config.proofs.secret is required')
13 | assert(this.options.algorithm, 'config.sessions.algorithm is required')
14 | }
15 |
16 | verify (token) {
17 | try {
18 | // return decoded session or null on failure
19 | return jwt.verify(token, this.secret, { algorithms: [this.options.algorithm] })
20 | } catch (e) {
21 | return null
22 | }
23 | }
24 |
25 | generate (userRecord) {
26 | return jwt.sign(
27 | {
28 | id: userRecord.id,
29 | profileURL: userRecord.profileURL
30 | },
31 | this.secret,
32 | { algorithm: this.options.algorithm }
33 | )
34 | }
35 | }
36 |
--------------------------------------------------------------------------------
/lib/sanitizers.js:
--------------------------------------------------------------------------------
1 | const bytes = require('bytes')
2 | const { DAT_KEY_REGEX } = require('./const')
3 |
4 | exports.toDatDomain = value => {
5 | return 'dat://' + DAT_KEY_REGEX.exec(value)[1] + '/'
6 | }
7 |
8 | exports.toBytes = value => {
9 | return bytes.parse(value)
10 | }
11 |
12 | exports.toLowerCase = value => value.toLowerCase()
13 |
--------------------------------------------------------------------------------
/lib/sessions.js:
--------------------------------------------------------------------------------
1 | const assert = require('assert')
2 | const jwt = require('jsonwebtoken')
3 | const wrap = require('co-express')
4 |
5 | // TODO s/sessionAccount/sessionUser/
6 |
7 | // exported api
8 | // =
9 |
10 | module.exports = class Sessions {
11 | constructor (cloud) {
12 | this.config = cloud.config
13 | this.options = cloud.config.sessions
14 | this.secret = cloud.config.sessions.secret
15 | this.usersDB = cloud.usersDB
16 | delete this.options.secret
17 | assert(this.secret, 'config.sessions.secret is required')
18 | assert(this.options.algorithm, 'config.sessions.algorithm is required')
19 | }
20 |
21 | middleware () {
22 | return wrap(async (req, res, next) => {
23 | res.locals.sessionAlerts = []
24 |
25 | // pull token out of auth or cookie header
26 | var authHeader = req.header('authorization')
27 | if (authHeader && authHeader.indexOf('Bearer') > -1) {
28 | res.locals.session = this.verify(authHeader.slice('Bearer '.length))
29 | } else if (req.cookies && req.cookies.sess) {
30 | res.locals.session = this.verify(req.cookies.sess)
31 | }
32 |
33 | // fetch user record if there's a session
34 | if (res.locals.session) {
35 | var sessionUser = await this.usersDB.getByID(res.locals.session.id)
36 | if (!sessionUser) {
37 | res.locals.session = null
38 | return next()
39 | }
40 | res.locals.sessionUser = sessionUser
41 |
42 | // add any alerts
43 | var pct = this.config.getUserDiskQuotaPct(sessionUser)
44 | if (pct > 1) {
45 | res.locals.sessionAlerts.push({
46 | type: 'warning',
47 | message: 'You are out of disk space!',
48 | details: 'Click here to review your account.',
49 | href: '/account'
50 | })
51 | } else if (pct > 0.9) {
52 | res.locals.sessionAlerts.push({
53 | type: '',
54 | message: 'You are almost out of disk space!',
55 | details: 'Click here to review your account.',
56 | href: '/account'
57 | })
58 | }
59 | }
60 | next()
61 | })
62 | }
63 |
64 | verify (token) {
65 | try {
66 | // return decoded session or null on failure
67 | return jwt.verify(token, this.secret, { algorithms: [this.options.algorithm] })
68 | } catch (e) {
69 | return null
70 | }
71 | }
72 |
73 | generate (userRecord) {
74 | return jwt.sign(
75 | {
76 | id: userRecord.id,
77 | scopes: userRecord.scopes
78 | },
79 | this.secret,
80 | this.options
81 | )
82 | }
83 | }
84 |
--------------------------------------------------------------------------------
/lib/templates/mail/forgot-password.js:
--------------------------------------------------------------------------------
1 | exports.subject = function () {
2 | return 'Forgotten password reset'
3 | }
4 |
5 | exports.text = function (params) {
6 | return `
7 | \n
8 | **Forgotten password reset for ${params.username}.**\n
9 | \n
10 | We received a request at ${params.hostname} to reset your password.\n
11 | \n
12 | If this was you, follow this link:\n
13 | \n
14 | ${params.forgotPasswordLink}\n
15 | \n
16 | If you did not request to reset your password, please ignore this email.\n
17 | \n
18 | \n
19 | `
20 | }
21 |
22 | exports.html = function (params) {
23 | return `
24 | Forgotten password reset for ${params.username}.
25 | We received a request at ${params.hostname} to reset your password. If this was you, follow this link:
26 |
27 | If you did not request to reset your password, please ignore this email.
28 | `
29 | }
30 |
--------------------------------------------------------------------------------
/lib/templates/mail/support.js:
--------------------------------------------------------------------------------
1 | exports.subject = function (params) {
2 | return params.subject
3 | }
4 |
5 | exports.text = function (params) {
6 | return `
7 | ${params.username},\n
8 | \n
9 | ${params.message}\n
10 | \n
11 | Thanks,\n
12 | The ${params.brandname} team
13 | `
14 | }
15 |
16 | exports.html = function (params) {
17 | return `
18 | ${params.username},
19 | ${params.message}
20 | Thanks,
21 | `
22 | }
23 |
--------------------------------------------------------------------------------
/lib/templates/mail/verification.js:
--------------------------------------------------------------------------------
1 | exports.subject = function () {
2 | return 'Verify your email address'
3 | }
4 |
5 | exports.text = function (params) {
6 | return `
7 | \n
8 | Welcome, ${params.username}, to ${params.brandname}.\n
9 | \n
10 | To verify your account, follow this link:\n
11 | \n
12 | ${params.emailVerificationLink}\n
13 | \n
14 | \n
15 | `
16 | }
17 |
18 | exports.html = function (params) {
19 | return `
20 | Welcome, ${params.username}, to ${params.brandname}.
21 | To verify your account, follow this link:
22 |
23 | `
24 | }
25 |
--------------------------------------------------------------------------------
/lib/templates/mail/verify-update-email.js:
--------------------------------------------------------------------------------
1 | exports.subject = function () {
2 | return 'Verify your email address'
3 | }
4 |
5 | exports.text = function (params) {
6 | return `
7 | \n
8 | Hi ${params.username},\n
9 | \n
10 | You requested to change the email address assocatied with your account at ${params.brandname}.
11 | \n
12 | To verify this change, follow this link:\n
13 | \n
14 | ${params.emailVerificationLink}\n
15 | \n
16 | \n
17 | `
18 | }
19 |
20 | exports.html = function (params) {
21 | return `
22 | Hi, ${params.username}.
23 | You requested to change the email address associated with your account at ${params.brandname}.
24 | To verify this change, follow this link:
25 |
26 | `
27 | }
28 |
--------------------------------------------------------------------------------
/lib/validators.js:
--------------------------------------------------------------------------------
1 | const bytes = require('bytes')
2 | const { DAT_URL_REGEX, DAT_KEY_REGEX, DAT_NAME_REGEX } = require('./const')
3 |
4 | exports.isDatURL = value => {
5 | return DAT_URL_REGEX.test(value)
6 | }
7 |
8 | exports.isDatHash = value => {
9 | return value.length === 64 && DAT_KEY_REGEX.test(value)
10 | }
11 |
12 | exports.isDatHashOrURL = value => {
13 | return exports.isDatURL(value) || exports.isDatHash(value)
14 | }
15 |
16 | exports.isDatName = value => {
17 | return DAT_NAME_REGEX.test(value)
18 | }
19 |
20 | exports.isScopesArray = value => {
21 | return Array.isArray(value) && value.filter(v => typeof v !== 'string').length === 0
22 | }
23 |
24 | exports.isSimpleEmail = value => {
25 | return typeof value === 'string' && value.indexOf('+') === -1
26 | }
27 |
28 | exports.isPassword = value => {
29 | return typeof value === 'string' && value.length >= 6 && value.length <= 100
30 | }
31 |
32 | exports.isBytes = value => {
33 | return value === null || typeof value === 'number' || !!bytes(value)
34 | }
35 |
--------------------------------------------------------------------------------
/pm2.config.js:
--------------------------------------------------------------------------------
1 | 'use strict'
2 | const {hostname} = require('os')
3 | const env = 'production'
4 | process.env.NODE_ENV = env
5 | const config = require('./lib/config')
6 |
7 | module.exports = {
8 | apps: [{
9 | script: './bin.js',
10 | name: 'hashbase',
11 | combine_logs: false,
12 | pid_file: `${config.dir}/hashbase.pid`,
13 | out_file: `${config.dir}/logs/hashbase_${hostname()}_out.log`,
14 | err_file: `${config.dir}/logs/hashbase_${hostname()}_err.log`,
15 | max_memory_restart: '2G',
16 | env: {
17 | NODE_ENV: env
18 | }
19 | }]
20 | }
21 |
--------------------------------------------------------------------------------
/test/lib/dat.js:
--------------------------------------------------------------------------------
1 | const path = require('path')
2 | const rimraf = require('rimraf')
3 | const Dat = require('dat-node')
4 | const util = require('./util')
5 |
6 | exports.makeDatFromFolder = function (dir, cb) {
7 | rimraf.sync(path.join(dir, '.dat'))
8 | Dat(dir, (err, dat) => {
9 | if (err) return cb(err)
10 |
11 | dat.archive.on('error', console.log)
12 | dat.importFiles(() => {
13 | dat.joinNetwork()
14 |
15 | var key = dat.key.toString('hex')
16 | console.log('created dat', key, 'from', dir)
17 | cb(null, dat, key)
18 | })
19 | })
20 | }
21 |
22 | exports.downloadDatFromSwarm = function (key, { timeout = 5e3 }, cb) {
23 | var dir = util.mktmpdir()
24 | Dat(dir, {key}, (err, dat) => {
25 | if (err) return cb(err)
26 |
27 | dat.archive.on('error', console.log)
28 |
29 | dat.joinNetwork()
30 | dat.network.once('connection', (...args) => {
31 | console.log('got connection')
32 | })
33 |
34 | dat.archive.metadata.on('download', (index, block) => {
35 | console.log('meta download event', index)
36 | })
37 |
38 | var to = setTimeout(() => cb(new Error('timed out waiting for download')), timeout)
39 | dat.archive.metadata.on('sync', () => {
40 | console.log('meta download finished')
41 | })
42 | dat.archive.once('content', () => {
43 | console.log('opened')
44 | dat.archive.content.on('download', (index, block) => {
45 | console.log('content download event', index)
46 | })
47 | dat.archive.content.on('sync', () => {
48 | console.log('content download finished')
49 | clearTimeout(to)
50 | dat.close()
51 | cb(null, dat, key)
52 | })
53 | })
54 | })
55 | }
56 |
--------------------------------------------------------------------------------
/test/lib/server.js:
--------------------------------------------------------------------------------
1 | const request = require('request-promise-native')
2 | const createApp = require('../../index.js')
3 | const util = require('./util')
4 |
5 | var portCounter = 10000
6 |
7 | module.exports = function (cb) {
8 | if (process.env.REMOTE_URL) {
9 | return createRemoteApp(cb)
10 | } else {
11 | return createLocalApp(cb)
12 | }
13 | }
14 |
15 | function createRemoteApp (cb) {
16 | var url = process.env.REMOTE_URL
17 | console.log(`connecting to ${url}`)
18 | var app = {
19 | url,
20 | isRemote: true,
21 | req: request.defaults({ baseUrl: url, timeout: 10e3, resolveWithFullResponse: true, simple: false }),
22 | close: cb => cb()
23 | }
24 | cb(null, app)
25 | }
26 |
27 | async function createLocalApp (cb) {
28 | // setup config
29 | // =
30 |
31 | var tmpdir = util.mktmpdir()
32 | var config = {
33 | hostname: 'test.local',
34 | dir: tmpdir,
35 | port: portCounter++,
36 | defaultDiskUsageLimit: '100mb',
37 | defaultNamedArchivesLimit: 3,
38 | bandwidthLimit: {up: '600kb', down: '600kb'},
39 | pm2: false,
40 | admin: {
41 | password: 'foobar'
42 | },
43 | jobs: {
44 | popularArchivesIndex: '15m',
45 | userDiskUsage: '30m',
46 | deleteDeadArchives: '30m'
47 | },
48 | registration: {
49 | open: true,
50 | reservedNames: ['reserved', 'blacklisted']
51 | },
52 | email: {
53 | transport: 'mock',
54 | sender: '"Test Server" '
55 | },
56 | cache: {
57 | metadataStorage: 65536,
58 | contentStorage: 65536,
59 | tree: 65536
60 | },
61 | sessions: {
62 | algorithm: 'HS256',
63 | secret: 'super secret',
64 | expiresIn: '1h'
65 | },
66 | proofs: {
67 | algorithm: 'HS256',
68 | secret: 'super secret 2'
69 | },
70 | stripe: {
71 | secretKey: 'foo',
72 | publishableKey: 'bar'
73 | }
74 | }
75 |
76 | // create server
77 | // =
78 |
79 | var app = await createApp(config)
80 | var server = app.listen(config.port, (err) => {
81 | if (!err) console.log(`server started on http://127.0.0.1:${config.port}`)
82 | cb(err, app)
83 | })
84 |
85 | app.isRemote = false
86 | app.url = `http://127.0.0.1:${config.port}`
87 | app.req = request.defaults({
88 | baseUrl: app.url,
89 | resolveWithFullResponse: true,
90 | simple: false
91 | })
92 |
93 | // wrap app.close to stop the server
94 | var orgClose = app.close
95 | app.close = cb => orgClose.call(app, () => server.close(cb))
96 |
97 | return app
98 | }
99 |
--------------------------------------------------------------------------------
/test/lib/util.js:
--------------------------------------------------------------------------------
1 | const os = require('os')
2 | const path = require('path')
3 | const fs = require('fs')
4 |
5 | exports.mktmpdir = function () {
6 | if (fs.mkdtempSync) {
7 | return fs.mkdtempSync(os.tmpdir() + path.sep + 'hypercloud-test-')
8 | }
9 | var p = (os.tmpdir() + path.sep + 'beaker-test-' + Date.now())
10 | fs.mkdirSync(p)
11 | return p
12 | }
13 |
--------------------------------------------------------------------------------
/test/scaffold/testdat1/dat.json:
--------------------------------------------------------------------------------
1 | {
2 | "title": "Test Dat 1",
3 | "description": "The first test dat"
4 | }
--------------------------------------------------------------------------------
/test/scaffold/testdat1/hello.txt:
--------------------------------------------------------------------------------
1 | world
--------------------------------------------------------------------------------