Commit 81c02f2e authored by Aral Balkan's avatar Aral Balkan
Browse files

Now returning name of the file as response. Mutler is only being added to the...

Now returning name of the file as response. Mutler is only being added to the /upload route (security enhancement). File name is a unique short hash.
parent 9d628efc
...@@ -2,17 +2,16 @@ express = require 'express' ...@@ -2,17 +2,16 @@ express = require 'express'
multer = require 'multer' multer = require 'multer'
fs = require 'fs' fs = require 'fs'
moment = require 'moment' moment = require 'moment'
shorthash = require 'shorthash'
app = express() app = express()
# We can remove this now that the Node app is serving the static assets also. #
# app.all '*', (req, res, next) -> # Use mutler only on the /upload URL
# # Cross-Origin Resource Sharing (CORS) — courtesy http://enable-cors.org/server_expressjs.html # (See https://github.com/expressjs/multer/issues/59)
# res.header "Access-Control-Allow-Origin", "*" # Also see: https://github.com/jpfluger/multer/blob/examples/multer-upload-files-to-different-directories.md
# res.header "Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept" #
# next() app.use '/upload', multer {
app.use multer {
dest: './videos/' dest: './videos/'
limits: limits:
...@@ -20,13 +19,17 @@ app.use multer { ...@@ -20,13 +19,17 @@ app.use multer {
fileSize: 50000000 # 50MB fileSize: 50000000 # 50MB
rename: (fieldname, filename) -> rename: (fieldname, filename) ->
return (fieldname + '-' + moment().format().replace(/:/g, '_').replace(/\+/g, '_').replace(/-/g, '_') + '-' + filename).toLowerCase() #
# Create a short hash of the unique name so that it is easier to type, etc.
# and isn’t intimidating when the user sees the URL for sharing.
#
return shorthash.unique(fieldname).toLowerCase()
onFileUploadStart: (file) -> onFileUploadStart: (file) ->
console.log file.fieldname + ' is about to start uploading…' console.log file.fieldname + ' is about to start uploading…'
console.log file console.log file
# Do some security checks. # Security checks.
fieldnameIsWrong = (file.fieldname != 'video-message') fieldnameIsWrong = (file.fieldname != 'video-message')
mimetypeIsWrong = (/^video.*/.test(file.mimetype) == false) mimetypeIsWrong = (/^video.*/.test(file.mimetype) == false)
...@@ -36,12 +39,42 @@ app.use multer { ...@@ -36,12 +39,42 @@ app.use multer {
} }
#
# Serve static files from the /public folder.
#
app.use(express.static(__dirname + '/public')); app.use(express.static(__dirname + '/public'));
app.post '/upload', (request, response) -> app.post '/upload', (request, response) ->
console.log 'POST /upload called.' console.log 'POST /upload called.'
# console.dir(request.files) console.dir(request.files)
# console.log request.files['video-message']['size']
# The URL of the video is the file name portion of the video name
# (sans the extension).
error = false
responseString = null
videoMessage = request.files['video-message']
if videoMessage
videoPath = videoMessage['name']
if videoPath
responseString = videoPath
else
error = true
else
error=true
if error
# Something went wrong and we didn’t get the
# upload we were looking for. This really
# shouldn’t happen.
response.status(500).send('Video upload failed.')
else
#
# OK, return the path of the video
#
response.end responseString
server = app.listen 3000, -> server = app.listen 3000, ->
console.log "Listening on port %d", server.address().port console.log "Listening on port %d", server.address().port
\ No newline at end of file
...@@ -12,6 +12,7 @@ ...@@ -12,6 +12,7 @@
"connect-busboy": "0.0.2", "connect-busboy": "0.0.2",
"express": "^4.9.7", "express": "^4.9.7",
"moment": "^2.8.3", "moment": "^2.8.3",
"multer": "^0.1.6" "multer": "^0.1.6",
"shorthash": "0.0.2"
} }
} }
...@@ -123,7 +123,7 @@ uploadItButton.addEventListener('click', function(evt) { ...@@ -123,7 +123,7 @@ uploadItButton.addEventListener('click', function(evt) {
var xhr = new XMLHttpRequest(); var xhr = new XMLHttpRequest();
xhr.open('post', 'http://192.168.0.95:3000/upload', true); xhr.open('post', '/upload', true);
xhr.upload.addEventListener('loadstart', function(e) { xhr.upload.addEventListener('loadstart', function(e) {
// When the request starts. // When the request starts.
...@@ -200,6 +200,8 @@ uploadItButton.addEventListener('click', function(evt) { ...@@ -200,6 +200,8 @@ uploadItButton.addEventListener('click', function(evt) {
if( this.readyState === 4 ) { if( this.readyState === 4 ) {
// the transfer has completed and the server closed the connection. // the transfer has completed and the server closed the connection.
console.log('xhr readystatechange'); console.log('xhr readystatechange');
console.log('Received: ');
console.log(e.target.responseText);
} }
}); });
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment