import { HttpError } from '../error.mjs' import decode from '../jwt/decode.mjs' import config from '../config.mjs' export function verifyToken(ctx) { let token = ctx.query.get('token') if (!token) { throw new HttpError('Token is missing in query', 422) } let org = config.get('sites') let sites = {} for (let key in org) { if (org.hasOwnProperty(key)) { sites[key] = org[key].keys } } try { let decoded = decode(token, sites, []) return decoded.iss } catch (err) { ctx.log.error(err, 'Error decoding token: ' + token) throw new HttpError('Token was invalid', 422) } } export function throwIfNotPublic(site) { let sites = config.get('sites') if (!sites[site] || sites[site].public !== true) { throw new HttpError(`Requested site ${site} did not exist`, 404) } } export function verifyBody(ctx) { let keys = Object.keys(ctx.req.body) for (let key of keys) { if (key === 'filename' || key === 'path') { throw new HttpError('Body item with name filename or path is not allowed', 422) } let item = ctx.req.body[key] if (typeof(item) !== 'object' || !item || Array.isArray(item)) { throw new HttpError(`Body item ${key} was not valid`, 422) } if (typeof(item.format) !== 'string' || !item.format || item.format === 'resize' || item.format === 'out') { throw new HttpError(`Body item ${key} missing valid format`, 422) } if (typeof(item[item.format]) !== 'object' || !item[item.format] || Array.isArray(item[item.format])) { throw new HttpError(`Body item ${key} options for format ${item.format} was not valid`, 422) } if (item.out != null) { if (typeof(item.out) !== 'string' || (item.out !== '' && item.out !== 'file' && item.out !== 'base64') ) { throw new HttpError(`Body item ${key} key out was invalid`, 422) } } if (item.resize != null) { if (typeof(item.resize) !== 'object' || Array.isArray(item.resize)) { throw new HttpError(`Body item ${key} key resize was invalid`, 422) } } } }