stream/manage: fix and clean up verifyStream function
- no longer throws an incorrect type of error - checks whether cache exists before attempting to decrypt it
This commit is contained in:
parent
9234581c5e
commit
2ce033b754
1 changed files with 23 additions and 19 deletions
|
@ -5,6 +5,15 @@ import { nanoid } from 'nanoid';
|
||||||
import { decryptStream, encryptStream, generateHmac } from "../sub/crypto.js";
|
import { decryptStream, encryptStream, generateHmac } from "../sub/crypto.js";
|
||||||
import { streamLifespan } from "../config.js";
|
import { streamLifespan } from "../config.js";
|
||||||
|
|
||||||
|
const streamNoAccess = {
|
||||||
|
error: "i couldn't verify if you have access to this stream. go back and try again!",
|
||||||
|
status: 401
|
||||||
|
}
|
||||||
|
const streamNoExist = {
|
||||||
|
error: "this download link has expired or doesn't exist. go back and try again!",
|
||||||
|
status: 400
|
||||||
|
}
|
||||||
|
|
||||||
const streamCache = new NodeCache({
|
const streamCache = new NodeCache({
|
||||||
stdTTL: streamLifespan/1000,
|
stdTTL: streamLifespan/1000,
|
||||||
checkperiod: 10,
|
checkperiod: 10,
|
||||||
|
@ -61,29 +70,24 @@ export function createStream(obj) {
|
||||||
export function verifyStream(id, hmac, exp, secret, iv) {
|
export function verifyStream(id, hmac, exp, secret, iv) {
|
||||||
try {
|
try {
|
||||||
const ghmac = generateHmac(`${id},${exp},${iv},${secret}`, hmacSalt);
|
const ghmac = generateHmac(`${id},${exp},${iv},${secret}`, hmacSalt);
|
||||||
|
const cache = streamCache.get(id.toString());
|
||||||
|
|
||||||
if (ghmac !== String(hmac)) {
|
if (ghmac !== String(hmac)) return streamNoAccess;
|
||||||
return {
|
if (!cache) return streamNoExist;
|
||||||
error: "i couldn't verify if you have access to this stream. go back and try again!",
|
|
||||||
status: 401
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
const streamInfo = JSON.parse(decryptStream(streamCache.get(id.toString()), iv, secret));
|
const streamInfo = JSON.parse(decryptStream(cache, iv, secret));
|
||||||
|
|
||||||
if (!streamInfo) return {
|
|
||||||
error: "this download link has expired or doesn't exist. go back and try again!",
|
|
||||||
status: 400
|
|
||||||
}
|
|
||||||
|
|
||||||
if (String(exp) === String(streamInfo.exp) && Number(exp) > new Date().getTime()) {
|
if (!streamInfo) return streamNoExist;
|
||||||
return streamInfo;
|
|
||||||
}
|
if (Number(exp) <= new Date().getTime())
|
||||||
|
return streamNoExist;
|
||||||
|
|
||||||
|
return streamInfo;
|
||||||
|
}
|
||||||
|
catch (e) {
|
||||||
return {
|
return {
|
||||||
error: "i couldn't verify if you have access to this stream. go back and try again!",
|
error: "something went wrong and i couldn't verify this stream. go back and try again!",
|
||||||
status: 401
|
status: 500
|
||||||
}
|
}
|
||||||
} catch (e) {
|
|
||||||
return { status: 500, body: { status: "error", text: "couldn't verify this stream. request a new one!" } };
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue