From 4270852346bc9626be70ed972d48f2cd5752d5f9 Mon Sep 17 00:00:00 2001 From: kyle hoell Date: Thu, 3 Dec 2020 03:42:12 -0500 Subject: [PATCH] removed 401 errors and replaced with 403 --- .../ChunkService/FileSystemService.ts | 19 ++++++++++--------- backend/services/ChunkService/MongoService.ts | 19 ++++++++++--------- backend/services/ChunkService/S3Service.ts | 19 ++++++++++--------- backend/services/UserService/index.ts | 9 +++++---- 4 files changed, 35 insertions(+), 31 deletions(-) diff --git a/backend/services/ChunkService/FileSystemService.ts b/backend/services/ChunkService/FileSystemService.ts index db79838..d2322fb 100644 --- a/backend/services/ChunkService/FileSystemService.ts +++ b/backend/services/ChunkService/FileSystemService.ts @@ -27,6 +27,7 @@ import fixStartChunkLength from "./utils/fixStartChunkLength"; import Folder, { FolderInterface } from "../../models/folder"; import addToStoageSize from "./utils/addToStorageSize"; import subtractFromStorageSize from "./utils/subtractFromStorageSize"; +import ForbiddenError from "../../utils/ForbiddenError"; const StreamSkip = require("stream-skip"); const dbUtilsFile = new DbUtilFile(); @@ -42,7 +43,7 @@ class FileSystemService implements ChunkInterface { const password = user.getEncryptionKey(); - if (!password) throw new NotAuthorizedError("Invalid Encryption Key") + if (!password) throw new ForbiddenError("Invalid Encryption Key") const initVect = crypto.randomBytes(16); @@ -113,7 +114,7 @@ class FileSystemService implements ChunkInterface { const password = user.getEncryptionKey(); - if (!password) throw new NotAuthorizedError("Invalid Encryption Key") + if (!password) throw new ForbiddenError("Invalid Encryption Key") const initVect = crypto.randomBytes(16); @@ -158,7 +159,7 @@ class FileSystemService implements ChunkInterface { const password = user.getEncryptionKey(); - if (!password) throw new NotAuthorizedError("Invalid Encryption Key") + if (!password) throw new ForbiddenError("Invalid Encryption Key") const filePath = currentFile.metadata.filePath!; @@ -187,7 +188,7 @@ class FileSystemService implements ChunkInterface { const password = user.getEncryptionKey(); - if (!password) throw new NotAuthorizedError("Invalid Encryption Key") + if (!password) throw new ForbiddenError("Invalid Encryption Key") const filePath = currentFile.metadata.filePath!; @@ -206,13 +207,13 @@ class FileSystemService implements ChunkInterface { const password = user.getEncryptionKey(); - if (!password) throw new NotAuthorizedError("Invalid Encryption Key") + if (!password) throw new ForbiddenError("Invalid Encryption Key") const thumbnail = await Thumbnail.findById(id) as ThumbnailInterface; if (thumbnail.owner !== user._id.toString()) { - throw new NotAuthorizedError('Thumbnail Unauthorized Error'); + throw new ForbiddenError('Thumbnail Unauthorized Error'); } const iv = thumbnail.IV!; @@ -242,7 +243,7 @@ class FileSystemService implements ChunkInterface { const password = user.getEncryptionKey(); const IV = file.metadata.IV.buffer as Buffer; - if (!password) throw new NotAuthorizedError("Invalid Encryption Key") + if (!password) throw new ForbiddenError("Invalid Encryption Key") const readStream = fs.createReadStream(file.metadata.filePath!); @@ -276,7 +277,7 @@ class FileSystemService implements ChunkInterface { const password = user.getEncryptionKey(); - if (!password) throw new NotAuthorizedError("Invalid Encryption Key") + if (!password) throw new ForbiddenError("Invalid Encryption Key") const fileSize = currentFile.metadata.size; @@ -381,7 +382,7 @@ class FileSystemService implements ChunkInterface { const password = user.getEncryptionKey(); - if (!password) throw new NotAuthorizedError("Invalid Encryption Key"); + if (!password) throw new ForbiddenError("Invalid Encryption Key"); const IV = file.metadata.IV.buffer as Buffer; diff --git a/backend/services/ChunkService/MongoService.ts b/backend/services/ChunkService/MongoService.ts index 0d60354..a889404 100644 --- a/backend/services/ChunkService/MongoService.ts +++ b/backend/services/ChunkService/MongoService.ts @@ -22,6 +22,7 @@ import getPrevIVMongo from "./utils/getPrevIVMongo"; import awaitStreamVideo from "./utils/awaitStreamVideo"; import addToStoageSize from "./utils/addToStorageSize"; import subtractFromStorageSize from "./utils/subtractFromStorageSize"; +import ForbiddenError from "../../utils/ForbiddenError"; const conn = mongoose.connection; @@ -37,7 +38,7 @@ class MongoService implements ChunkInterface { const password = user.getEncryptionKey(); - if (!password) throw new NotAuthorizedError("Invalid Encryption Key") + if (!password) throw new ForbiddenError("Invalid Encryption Key") let bucketStream: GridFSBucketWriteStream; @@ -96,7 +97,7 @@ class MongoService implements ChunkInterface { const password = user.getEncryptionKey(); - if (!password) throw new NotAuthorizedError("Invalid Encryption Key") + if (!password) throw new ForbiddenError("Invalid Encryption Key") const initVect = crypto.randomBytes(16); @@ -140,7 +141,7 @@ class MongoService implements ChunkInterface { const password = user.getEncryptionKey(); - if (!password) throw new NotAuthorizedError("Invalid Encryption Key") + if (!password) throw new ForbiddenError("Invalid Encryption Key") const bucket = new mongoose.mongo.GridFSBucket(conn.db); @@ -168,7 +169,7 @@ class MongoService implements ChunkInterface { const password = user.getEncryptionKey(); - if (!password) throw new NotAuthorizedError("Invalid Encryption Key") + if (!password) throw new ForbiddenError("Invalid Encryption Key") const bucket = new mongoose.mongo.GridFSBucket(conn.db); @@ -186,13 +187,13 @@ class MongoService implements ChunkInterface { const password = user.getEncryptionKey(); - if (!password) throw new NotAuthorizedError("Invalid Encryption Key") + if (!password) throw new ForbiddenError("Invalid Encryption Key") const thumbnail = await Thumbnail.findById(id) as ThumbnailInterface; if (thumbnail.owner !== user._id.toString()) { - throw new NotAuthorizedError('Thumbnail Unauthorized Error'); + throw new ForbiddenError('Thumbnail Unauthorized Error'); } const iv = thumbnail.data.slice(0, 16); @@ -220,7 +221,7 @@ class MongoService implements ChunkInterface { const password = user.getEncryptionKey(); const IV = file.metadata.IV.buffer as Buffer; - if (!password) throw new NotAuthorizedError("Invalid Encryption Key") + if (!password) throw new ForbiddenError("Invalid Encryption Key") const readStream = bucket.openDownloadStream(new ObjectID(fileID)) @@ -249,7 +250,7 @@ class MongoService implements ChunkInterface { const password = user.getEncryptionKey(); - if (!password) throw new NotAuthorizedError("Invalid Encryption Key"); + if (!password) throw new ForbiddenError("Invalid Encryption Key"); const bucket = new mongoose.mongo.GridFSBucket(conn.db); @@ -292,7 +293,7 @@ class MongoService implements ChunkInterface { const password = user.getEncryptionKey(); - if (!password) throw new NotAuthorizedError("Invalid Encryption Key") + if (!password) throw new ForbiddenError("Invalid Encryption Key") const fileSize = currentFile.metadata.size; diff --git a/backend/services/ChunkService/S3Service.ts b/backend/services/ChunkService/S3Service.ts index 3313ddb..49a8162 100644 --- a/backend/services/ChunkService/S3Service.ts +++ b/backend/services/ChunkService/S3Service.ts @@ -26,6 +26,7 @@ import DbUtilFile from "../../db/utils/fileUtils/index"; import s3Auth from "../../db/S3Personal"; import addToStoageSize from "./utils/addToStorageSize"; import subtractFromStorageSize from "./utils/subtractFromStorageSize"; +import ForbiddenError from "../../utils/ForbiddenError"; const dbUtilsFile = new DbUtilFile(); @@ -39,7 +40,7 @@ class S3Service implements ChunkInterface { const password = user.getEncryptionKey(); - if (!password) throw new NotAuthorizedError("Invalid Encryption Key") + if (!password) throw new ForbiddenError("Invalid Encryption Key") const initVect = crypto.randomBytes(16); @@ -116,7 +117,7 @@ class S3Service implements ChunkInterface { const password = user.getEncryptionKey(); - if (!password) throw new NotAuthorizedError("Invalid Encryption Key") + if (!password) throw new ForbiddenError("Invalid Encryption Key") const initVect = crypto.randomBytes(16); @@ -191,7 +192,7 @@ class S3Service implements ChunkInterface { const password = user.getEncryptionKey(); - if (!password) throw new NotAuthorizedError("Invalid Encryption Key"); + if (!password) throw new ForbiddenError("Invalid Encryption Key"); const {s3Storage, bucket} = await this.getS3Auth(currentFile, user); @@ -224,7 +225,7 @@ class S3Service implements ChunkInterface { const password = user.getEncryptionKey(); - if (!password) throw new NotAuthorizedError("Invalid Encryption Key"); + if (!password) throw new ForbiddenError("Invalid Encryption Key"); const {s3Storage, bucket} = await this.getS3Auth(currentFile, user); @@ -258,7 +259,7 @@ class S3Service implements ChunkInterface { const password = user.getEncryptionKey(); - if (!password) throw new NotAuthorizedError("Invalid Encryption Key") + if (!password) throw new ForbiddenError("Invalid Encryption Key") const fileSize = currentFile.metadata.size; @@ -367,13 +368,13 @@ class S3Service implements ChunkInterface { const password = user.getEncryptionKey(); - if (!password) throw new NotAuthorizedError("Invalid Encryption Key") + if (!password) throw new ForbiddenError("Invalid Encryption Key") const thumbnail = await Thumbnail.findById(id) as ThumbnailInterface; if (thumbnail.owner !== user._id.toString()) { - throw new NotAuthorizedError('Thumbnail Unauthorized Error'); + throw new ForbiddenError('Thumbnail Unauthorized Error'); } const iv = thumbnail.IV!; @@ -406,7 +407,7 @@ class S3Service implements ChunkInterface { const password = user.getEncryptionKey(); const IV = file.metadata.IV.buffer as Buffer; - if (!password) throw new NotAuthorizedError("Invalid Encryption Key") + if (!password) throw new ForbiddenError("Invalid Encryption Key") const {s3Storage, bucket} = await this.getS3Auth(file, user); @@ -439,7 +440,7 @@ class S3Service implements ChunkInterface { const password = user.getEncryptionKey(); - if (!password) throw new NotAuthorizedError("Invalid Encryption Key"); + if (!password) throw new ForbiddenError("Invalid Encryption Key"); const IV = file.metadata.IV.buffer as Buffer; diff --git a/backend/services/UserService/index.ts b/backend/services/UserService/index.ts index 516fc47..656774f 100644 --- a/backend/services/UserService/index.ts +++ b/backend/services/UserService/index.ts @@ -11,6 +11,7 @@ import { google } from "googleapis"; import jwt from "jsonwebtoken" import sendVerificationEmail from "../../utils/sendVerificationEmail"; import sendPasswordResetEmail from "../../utils/sendPasswordResetEmail"; +import ForbiddenError from "../../utils/ForbiddenError"; type UserDataType = { email: string, @@ -132,7 +133,7 @@ class UserService { const isMatch = await bcrypt.compare(oldPassword, user.password); - if (!isMatch) throw new NotAuthorizedError("Change Passwords Do Not Match Error"); + if (!isMatch) throw new ForbiddenError("Change Passwords Do Not Match Error"); const encryptionKey = user.getEncryptionKey(); @@ -276,7 +277,7 @@ class UserService { user.emailVerified = true; await user.save(); } else { - throw new NotAuthorizedError('Email Token Verification Failed') + throw new ForbiddenError('Email Token Verification Failed') } } @@ -294,7 +295,7 @@ class UserService { await sendVerificationEmail(user, emailToken); } else { - throw new NotAuthorizedError("Email Already Authorized") + throw new ForbiddenError("Email Already Authorized") } } @@ -333,7 +334,7 @@ class UserService { await user.changeEncryptionKey(encryptionKey!); } else { - throw new NotAuthorizedError("Reset Password Token Do Not Match") + throw new ForbiddenError("Reset Password Token Do Not Match") } }