Pass access manager strategy to mw instead of proxy 🎨

Author: MiroDojkic

server/app.js

@@ -41,8 +41,8 @@ app.use(origin());
 app.use(express.static(path.join(__dirname, '../dist/')));
 if (STORAGE_PATH) app.use(express.static(STORAGE_PATH));
 if (storageProxy.isSelfHosted) {
-  const { proxy: middleware } = require('./shared/storage/proxy/mw')(storage, storageProxy);
-  app.use(storageProxy.path, middleware);
+  const { proxy: middleware } = require('./shared/storage/proxy/mw');
+  app.use(storageProxy.path, middleware(storage, storageProxy.accessManager));
 }
 
 // Mount main router.

server/repository/index.js

@@ -12,7 +12,7 @@ const proxyAccessManager = require('./proxy');
 const { Repository } = require('../shared/database');
 const router = require('express').Router();
 const storage = require('./storage');
-const { setSignedCookies } = require('../shared/storage/proxy/mw')(storage, proxyAccessManager);
+const { setSignedCookies } = require('../shared/storage/proxy/mw');
 
 /* eslint-disable require-sort/require-sort */
 const activity = require('../activity');
@@ -30,7 +30,7 @@ router
 
 router
   .param('repositoryId', getRepository)
-  .use('/:repositoryId', hasAccess, setSignedCookies);
+  .use('/:repositoryId', hasAccess, setSignedCookies(proxyAccessManager));
 
 router.route('/')
   .get(processQuery({ limit: 100 }), ctrl.index)

server/repository/proxy.js

@@ -1,13 +1,13 @@
 'use strict';
 
+const { AccessManagerPrototype, config } = require('../shared/storage/proxy');
 const path = require('path');
-const proxy = require('../shared/storage/proxy');
 
 const storageCookies = {
   REPOSITORY: 'Storage-Repository'
 };
 
-class RepositoryProxyAccessManager extends proxy.AccessManager {
+class RepositoryProxyAccessManager extends AccessManagerPrototype {
   getSignedCookies(repositoryId, maxAge) {
     const resource = path.join('repository', `${repositoryId}`);
     return {
@@ -30,4 +30,4 @@ class RepositoryProxyAccessManager extends proxy.AccessManager {
   }
 }
 
-module.exports = new RepositoryProxyAccessManager(proxy.config);
+module.exports = new RepositoryProxyAccessManager(config);

server/shared/storage/proxy/index.js

@@ -31,29 +31,13 @@ class Proxy {
     return this.isSelfHosted && this.provider.path;
   }
 
-  get AccessManager() {
-    return this.provider.AccessManager;
-  }
-
-  getSignedCookies(resource, maxAge, accessManager) {
-    return this.provider.getSignedCookies(resource, maxAge, accessManager);
-  }
-
-  verifyCookies(cookies, resource, accessManager) {
-    return this.provider.verifyCookies(cookies, resource, accessManager);
-  }
-
-  hasCookies(cookies, ...params) {
-    return this.provider.hasCookies(cookies, ...params);
+  get AccessManagerPrototype() {
+    return this.provider.AccessManagerPrototype;
   }
 
   getFileUrl(key) {
     return this.provider.getFileUrl(key);
   }
-
-  getCookieNames(accessManager) {
-    return this.provider.getCookieNames(accessManager);
-  }
 }
 
 module.exports = new Proxy(config);

server/shared/storage/proxy/mw.js

@@ -3,31 +3,32 @@
 const { FORBIDDEN } = require('http-status-codes');
 const miss = require('mississippi');
 const path = require('path');
-const proxy = require('.');
 const router = require('express').Router();
 
-module.exports = (storage, proxyAccessManager) => {
-  function getFile(req, res, next) {
+function proxy(storage, accessManager) {
+  return router.get('/*', (req, res, next) => {
     const key = req.params[0];
-    const hasValidCookies = proxy.verifyCookies(req.cookies, key, proxyAccessManager);
+    const hasValidCookies = accessManager.verifyCookies(req.cookies, key);
     if (!hasValidCookies) return res.status(FORBIDDEN).end();
     res.type(path.extname(key));
     miss.pipe(storage.createReadStream(key), res, err => {
       if (err) return next(err);
       res.end();
     });
-  }
+  });
+}
 
-  function setSignedCookies(req, res, next) {
+function setSignedCookies(accessManager) {
+  return (req, res, next) => {
     const repositoryId = req.repository.id;
-    if (proxy.hasCookies(req.cookies, repositoryId, proxyAccessManager)) return next();
+    if (accessManager.hasCookies(req.cookies, repositoryId)) return next();
     const maxAge = 1000 * 60 * 60; // 1 hour in ms
-    const cookies = proxy.getSignedCookies(repositoryId, maxAge, proxyAccessManager);
+    const cookies = accessManager.getSignedCookies(repositoryId, maxAge);
     Object.entries(cookies).forEach(([cookie, value]) => {
       res.cookie(cookie, value, { maxAge, httpOnly: true });
     });
     next();
-  }
+  };
+}
 
-  return { proxy: router.get('/*', getFile), setSignedCookies };
-};
+module.exports = { proxy, setSignedCookies };

server/shared/storage/proxy/providers/local/access-manager.js

@@ -13,7 +13,8 @@ class LocalAccessManager {
     this.signer = new NodeRSA(config.privateKey, 'private');
   }
 
-  getSignedCookies(resource, expires) {
+  getSignedCookies(resource, maxAge) {
+    const expires = getExpirationTime(maxAge);
     const signature = this.signer.encrypt({ resource, expires }, 'base64');
     return {
       [storageCookies.SIGNATURE]: signature,
@@ -40,3 +41,8 @@ class LocalAccessManager {
 }
 
 module.exports = LocalAccessManager;
+
+function getExpirationTime(maxAge) {
+  // Expiration unix timestamp in ms
+  return new Date().getTime() + maxAge;
+}

server/shared/storage/proxy/providers/local/index.js

@@ -1,7 +1,6 @@
 'use strict';
 
 const AccessManager = require('./access-manager');
-const last = require('lodash/last');
 const { origin } = require('../../../../../../config/server');
 const urlJoin = require('url-join');
 const { validateConfig } = require('../../../validation');
@@ -25,36 +24,13 @@ class Local {
     return new this(config);
   }
 
-  get AccessManager() {
+  get AccessManagerPrototype() {
     return AccessManager;
   }
 
-  getSignedCookies(resource, maxAge, accessManager = this.accessManager) {
-    const expires = getExpirationTime(maxAge);
-    return accessManager.getSignedCookies(resource, expires);
-  }
-
-  verifyCookies(cookies, key, accessManager = this.accessManager) {
-    return accessManager.verifyCookies(cookies, key);
-  }
-
-  hasCookies(cookies, ...params) {
-    const accessManager = last(params) || this.accessManager;
-    return accessManager.hasCookies(cookies, ...params);
-  }
-
-  getCookieNames(accessManager = this.accessManager) {
-    return accessManager.getCookieNames();
-  }
-
   getFileUrl(key) {
     return urlJoin(origin, this.path, key);
   }
 }
 
 module.exports = { create: Local.create.bind(Local) };
-
-function getExpirationTime(maxAge) {
-  // Expiration unix timestamp in ms
-  return new Date().getTime() + maxAge;
-}