No access denied error and also missing other errors #315
Description
I'have being testing Knox for errors such as:
- Access Denied: when the user don't have permissions.
- Incorrect client options: when the bucket doesn't exist, or region is not support.
But it is never returns an error.
This is how it is implemented:
import {FilesCollection} from 'meteor/ostrio:files';
import {Meteor} from 'meteor/meteor';
import {Random} from 'meteor/random';
import _ from 'lodash';
import knox from 'knox';
import Request from 'request';
export const MAX_ALLOWED_SIZE_MB = 2;
export const MAX_ALLOWED_SIZE_KB = MAX_ALLOWED_SIZE_MB * 1024;
export const MAX_ALLOWED_SIZE_B = MAX_ALLOWED_SIZE_KB * 1024;
export const ALLOWED_FILE_TYPES = ['png', 'jpg', 'jpeg'];
export const ALLOWED_FILE_TYPES_REGEXP = new RegExp(ALLOWED_FILE_TYPES.join('|'), 'i');
// Declaring variables outside the isServer
let bound;
let client;
let cfdomain;
if (Meteor.isServer) {
// Fix CloudFront certificate issue Read:
// https://github.com/chilts/awssum/issues/164
process.env.NODE_TLS_REJECT_UNAUTHORIZED = 0;
bound = Meteor.bindEnvironment(function (callback) {
return callback();
});
// Setup CloudFront domain and S3 client config
const config = Meteor.settings.amazonAWSS3.productImages;
cfdomain = config.cfdomain;
client = knox.createClient({key: config.client.key, secret: config.client.secret, bucket: config.client.bucket, region: config.client.region});
}
const ProductImages = new FilesCollection({
debug: false,
throttle: false,
storagePath: 'assets/app/uploads/productImages',
collectionName: 'productImages',
allowClientCode: false, // Disallow remove files from Client
onBeforeUpload(file) {
if (file.size > MAX_ALLOWED_SIZE_B) {
return 'exceed-max-allowed-size';
}
if (!ALLOWED_FILE_TYPES_REGEXP.test(file.extension)) {
return 'invalid-file-type';
}
return true;
},
onAfterUpload: function (fileRef) {
// In onAfterUpload callback we will move file to AWS:S3
const self = this;
_.each(fileRef.versions, function (vRef, version) {
// We use Random.id() instead of real file's _id to secure files from reverse
// engineering as after viewing this code it will be easy to get access to
// unlisted and protected files
const filePath = "product_images/originals/" + (Random.id()) + "-" + version + "." + fileRef.extension;
client.putFile(vRef.path, filePath, function (error, res) {
console.log(error); // Error is always null
bound(function () {
let upd;
if (error) {
console.error(error);
} else {
upd = {
$set: {}
};
upd['$set']["versions." + version + ".meta.pipeFrom"] = cfdomain + '/' + filePath;
upd['$set']["versions." + version + ".meta.pipePath"] = filePath;
self.collection.update({
_id: fileRef._id
}, upd, function (error) {
if (error) {
console.error(error);
} else {
// Unlink original files from FS after successful upload to AWS:S3
self.unlink(self.collection.findOne(fileRef._id), version);
res.resume(); // Recommended in Knox docs.
}
});
}
});
});
});
},
}