Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

No access denied error and also missing other errors #315

Open
PolGuixe opened this issue Nov 15, 2016 · 0 comments
Open

No access denied error and also missing other errors #315

PolGuixe opened this issue Nov 15, 2016 · 0 comments

Comments

@PolGuixe
Copy link

I'have being testing Knox for errors such as:

  • Access Denied: when the user don't have permissions.
  • Incorrect client options: when the bucket doesn't exist, or region is not support.

But it is never returns an error.

This is how it is implemented:

import {FilesCollection} from 'meteor/ostrio:files';
import {Meteor} from 'meteor/meteor';
import {Random} from 'meteor/random';
import _ from 'lodash';
import knox from 'knox';
import Request from 'request';


export const MAX_ALLOWED_SIZE_MB = 2;
export const MAX_ALLOWED_SIZE_KB = MAX_ALLOWED_SIZE_MB * 1024;
export const MAX_ALLOWED_SIZE_B = MAX_ALLOWED_SIZE_KB * 1024;
export const ALLOWED_FILE_TYPES = ['png', 'jpg', 'jpeg'];
export const ALLOWED_FILE_TYPES_REGEXP = new RegExp(ALLOWED_FILE_TYPES.join('|'), 'i');

// Declaring variables outside the isServer
let bound;
let client;
let cfdomain;

if (Meteor.isServer) {
  // Fix CloudFront certificate issue Read:
  // https://github.com/chilts/awssum/issues/164
  process.env.NODE_TLS_REJECT_UNAUTHORIZED = 0;
  bound = Meteor.bindEnvironment(function (callback) {
    return callback();
  });
  // Setup CloudFront domain and S3 client config
  const config = Meteor.settings.amazonAWSS3.productImages;
  cfdomain = config.cfdomain;
  client = knox.createClient({key: config.client.key, secret: config.client.secret, bucket: config.client.bucket, region: config.client.region});
}

const ProductImages = new FilesCollection({
  debug: false,
  throttle: false,
  storagePath: 'assets/app/uploads/productImages',
  collectionName: 'productImages',
  allowClientCode: false, // Disallow remove files from Client
  onBeforeUpload(file) {
    if (file.size > MAX_ALLOWED_SIZE_B) {
      return 'exceed-max-allowed-size';
    }
    if (!ALLOWED_FILE_TYPES_REGEXP.test(file.extension)) {
      return 'invalid-file-type';
    }

    return true;
  },
  onAfterUpload: function (fileRef) {
    // In onAfterUpload callback we will move file to AWS:S3
    const self = this;
    _.each(fileRef.versions, function (vRef, version) {
      // We use Random.id() instead of real file's _id to secure files from reverse
      // engineering as after viewing this code it will be easy to get access to
      // unlisted and protected files
      const filePath = "product_images/originals/" + (Random.id()) + "-" + version + "." + fileRef.extension;
      client.putFile(vRef.path, filePath, function (error, res) {
        console.log(error); // Error is always null
        bound(function () {
          let upd;
          if (error) {
            console.error(error);
          } else {
            upd = {
              $set: {}
            };
            upd['$set']["versions." + version + ".meta.pipeFrom"] = cfdomain + '/' + filePath;
            upd['$set']["versions." + version + ".meta.pipePath"] = filePath;
            self.collection.update({
              _id: fileRef._id
            }, upd, function (error) {
              if (error) {
                console.error(error);
              } else {
                // Unlink original files from FS after successful upload to AWS:S3
                self.unlink(self.collection.findOne(fileRef._id), version);
                res.resume(); // Recommended in Knox docs.
              }
            });
          }
        });
      });
    });
  },
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant