fix file uploads, serve them properly, put behind auth wall, decrypt secret message in frontend

2022-02-22 00:16:51 -05:00
parent cac3757723
commit 2ac596b8c8
20 changed files with 420 additions and 148 deletions
--- a/lib/entendu_web/controllers/auth_controller.ex
+++ b/lib/entendu_web/controllers/auth_controller.ex
@@ -8,6 +8,8 @@ defmodule EntenduWeb.AuthController do
  plug Ueberauth

  alias Entendu.UserFromAuth
+  alias EntenduWeb.LinkView
+  alias Entendu.EncryptedLink

  def delete(conn, _params) do
    conn
@@ -23,27 +25,32 @@ defmodule EntenduWeb.AuthController do
  end

  def callback(%{assigns: %{ueberauth_auth: auth}} = conn, _params) do
-    # TODO: turn this into plug that only proceeds if current_link session var exists
-    %{ id: link_id, recipient: recipient } = get_session(conn, :current_link)
+    link = get_session(conn, :intended_link)

-    with {:ok, user} <- UserFromAuth.find_or_create(auth),
-      true <- UserFromAuth.can_access?(recipient, user.emails) do
-        # TODO: send over encrypted data that the frontend can decrypt
-        conn
-        |> put_session(:current_user, user)
-        |> configure_session(renew: true)
-        |> redirect(to: "/just/for/you/#{link_id}")
+    with %{id: link_id, recipient: recipient} <- link,
+         {:ok, user} <- UserFromAuth.find_or_create(auth),
+         true <- UserFromAuth.can_access?(recipient, user.emails) do
+      # TODO: send over encrypted data that the frontend can decrypt

+      conn
+      |> put_session(:current_user, user)
+      |> configure_session(renew: true)
+      |> redirect(to: "/just/for/you/#{link_id}")
    else
+      nil ->
+        conn
+        |> put_flash(:error, "Could not find link to authenticate against")
+        |> redirect(to: "/just/for/you/")
+
      false ->
        conn
-        |> put_flash(:error, "#{recipient} was not found in your list of verified emails")
-        |> redirect(to: "/just/for/you/#{link_id}")
+        |> put_flash(:error, "#{link.recipient} was not found in your list of verified emails")
+        |> redirect(to: "/just/for/you/#{link.id}")

      {:error, reason} ->
        conn
        |> put_flash(:error, reason)
-        |> redirect(to: "/just/for/you/#{link_id}")
+        |> redirect(to: "/just/for/you/#{link.id}")
    end
  end
 end
--- a/lib/entendu_web/controllers/file_not_found_controller.ex
+++ b/lib/entendu_web/controllers/file_not_found_controller.ex
@@ -0,0 +1,9 @@
+defmodule EntenduWeb.FileNotFoundController do
+  use EntenduWeb, :controller
+
+  def index(conn, _params) do
+    conn
+    |> put_status(404)
+    |> text("File Not Found")
+  end
+end
--- a/lib/entendu_web/controllers/link_controller.ex
+++ b/lib/entendu_web/controllers/link_controller.ex
@@ -9,6 +9,11 @@ defmodule EntenduWeb.LinkController do
  alias Entendu.Links
  alias Links.Link
  alias EntenduWeb.FallbackController
+  alias Entendu.EncryptedLink
+  alias Entendu.UserFromAuth
+  alias EntenduWeb.Plugs.AuthorizeLink
+
+  plug AuthorizeLink when action in [:text, :file]

  action_fallback(FallbackController)

@@ -17,12 +22,9 @@ defmodule EntenduWeb.LinkController do
  end

  def just(conn, params) do
-    with {:ok, %Link{} = link} <- Links.create_link(params) do
+    with {:ok, %{link_with_file: %Link{} = link}} <- Links.create_link(params) do
      conn
      |> render("show_authorized.json", %{link: link})
-         else
-          test ->
-            IO.inspect(test)
    end
  end

@@ -32,7 +34,7 @@ defmodule EntenduWeb.LinkController do

  def for(conn, %{"link_id" => link_id, "recipient" => recipient, "service" => service}) do
    with %Link{} = link <- Links.get_link(link_id),
-         Links.update_link(link, %{ recipient: recipient, service: service}) do
+         Links.update_link(link, %{recipient: recipient, service: service}) do
      conn
      |> render("show_authorized.json", %{link: link})
    end
@@ -42,11 +44,29 @@ defmodule EntenduWeb.LinkController do
    render(conn, "you.html")
  end

-  def auth_page(conn, %{ "id" => link_id}) do
+  def auth_page(conn, %{"id" => link_id}) do
    with %Link{service: service, recipient: recipient} = link <- Links.get_link(link_id) do
      conn
-      |> put_session(:current_link, link)
-      |> render("auth.html", %{ service: service, recipient: recipient })
+      |> put_session(:intended_link, link)
+      |> render("auth.html", %{intended_link: %{service: service, recipient: recipient}})
+    end
+  end
+
+  def text(conn, %{"id" => link_id}) do
+    with user = get_session(conn, :current_user),
+         %Link{recipient: recipient} = link <- Links.get_link(link_id),
+         true <- UserFromAuth.can_access?(recipient, user.emails) do
+      path = EncryptedLink.url({link.text_content, link})
+      send_file(conn, 200, path)
+    end
+  end
+
+  def file(conn, %{"id" => link_id}) do
+    with user = get_session(conn, :current_user),
+         %Link{recipient: recipient} = link <- Links.get_link(link_id),
+         true <- UserFromAuth.can_access?(recipient, user.emails) do
+      path = EncryptedLink.url({link.file_content, link})
+      send_file(conn, 200, path)
    end
  end
 end