Abort user request with Node.js/formidable - web-services

I'm using formidable to receive a file upload with node.js. I send some fields together with a file in a multipart request.
As soon as certain fields arrived, I'm able to validate the authenticity of the request for instance, and I would like to abort the whole request if this is not correct to avoid waisting resources.
I have not found a right way to abort the incoming request. I tried to use req.connection.destroy(); as follow:
form
.on('field', function(field, value) {
fields[field] = value;
if (!fields['token'] || !fields['id'] || !fields['timestamp']) {
return;
}
if (!validateToken(fields['token'], fields['id'], fields['timestamp'])) {
res.writeHead(401, {'Content-Type' : 'text/plain' });
res.end('Unauthorized');
req.connection.destroy();
}
})
However, this triggers the following error:
events.js:45
throw arguments[1]; // Unhandled 'error' event
^
Error: Cannot resume() closed Socket.
at Socket.resume (net.js:764:11)
at IncomingMessage.resume (http.js:254:15)
at IncomingForm.resume (node_modules/formidable/lib/incoming_form.js:52:11)
at node_modules/formidable/lib/incoming_form.js:181:12
at node_modules/formidable/lib/file.js:51:5
at fs.js:1048:7
at wrapper (fs.js:295:17)
I also tried req.connection.end() but the file keeps uploading.
Any thoughts? Thanks in advance!

The problem is that formidable didn't understand that you want it to stop. Try this:
req.connection.destroy();
req.connection.resume = function(){};
Of course, this is a somewhat ugly workaround, I'd open an issue on github.

Related

WinRT | C++ - HTTP Post File - The certificate authority is invalid or incorrect

Basically I have two concerns, however the focus is on how to get around the certification.
I am having a hard time understanding how to make an HTTP post request in WinRT|C++. I have an ASP.Net-6-Web-Api-Project, which I have already been able to communicate with via a Python project and a C++ project (via Curl). I also tested the api via Postman. Every time doing so I had to ignore the validation of certification and it worked fine.
But now I have a WinRT/C++ project and have thrown together the following code. I want to be able to upload a file. In my case it is a point cloud in a .ply syntax as a string.
My Concerns:
In WinRT I got the expected error for invalid/untrusted certification, so I looked up what to do and ended up using IgnorableServerCertificateErrors from HttpBaseProtocolFilter, like you can see at the end of my code. But that did not fix my error. What am I missing? I still get the errors:
WinRT originate error - 0x80072F0D : 'The certificate authority is invalid or incorrect'.
WinRT originate error - 0x80190190 : 'The response status code does not indicate success: 400 ().'.
From the point of view of a developer familiar with WinRT, is the implementation correct in terms of an HTTP post request? Especially the lines
binaryContent.Headers().Append(L"Content-Type", L"image/jpeg"); andHttpContentDispositionHeaderValue disposition{ L"form-data" }; And what are the follow lines for? Is this just about assigning arbitrary names?
disposition.Name(L"fileForUpload");
disposition.FileName(L"test.ply");
Code:
void HL2ResearchMode::SendPLY(std::wstring const& pointCloud)
{
OutputDebugString(L"--- SendPLY()\n");
if (pointCloud.size() == 0)
return;
init_apartment();
auto buffer{
winrt::Windows::Security::Cryptography::CryptographicBuffer::ConvertStringToBinary(
pointCloud,
winrt::Windows::Security::Cryptography::BinaryStringEncoding::Utf8
)
};
winrt::Windows::Web::Http::HttpBufferContent binaryContent{ buffer };
// binaryContent.Headers().Append(L"Content-Type", L"text/plain;charset=utf8");
binaryContent.Headers().Append(L"Content-Type", L"image/jpeg");
winrt::Windows::Web::Http::Headers::HttpContentDispositionHeaderValue disposition{ L"form-data" };
//winrt::Windows::Web::Http::Headers::HttpContentDispositionHeaderValue disposition{ L"multipart/form-data" };
binaryContent.Headers().ContentDisposition(disposition);
disposition.Name(L"fileForUpload");
disposition.FileName(L"test.ply");
winrt::Windows::Web::Http::HttpMultipartFormDataContent postContent;
postContent.Add(binaryContent);
winrt::Windows::Web::Http::HttpResponseMessage httpResponseMessage;
std::wstring httpResponseBody;
try
{
// Send the POST request.
winrt::Windows::Foundation::Uri requestUri{ L"https://192.168.178.41:5001/api/meshes/uploadPointCloud" };
winrt::Windows::Web::Http::Filters::HttpBaseProtocolFilter myFilter;
auto fu = myFilter.IgnorableServerCertificateErrors();
fu.Append(ChainValidationResult::Expired);
fu.Append(ChainValidationResult::Untrusted);
fu.Append(ChainValidationResult::InvalidName);
fu.Append(ChainValidationResult::InvalidSignature);
fu.Append(ChainValidationResult::InvalidCertificateAuthorityPolicy);
winrt::Windows::Web::Http::HttpClient httpClient(myFilter);
httpResponseMessage = httpClient.PostAsync(requestUri, postContent).get();
httpResponseMessage.EnsureSuccessStatusCode();
httpResponseBody = httpResponseMessage.Content().ReadAsStringAsync().get();
}
catch (winrt::hresult_error const& ex)
{
httpResponseBody = ex.message();
}
std::wcout << httpResponseBody;
}

Remove uploaded files with filepond

I really enjoy the filepond library and would like to implement it in my flask app. Since I was not able to find any useful examples online, I started to write my own, small, proof of concept web application. I would like to upload multiple images to the server and save the filenames in the database. Furthermore, I would like to edit an entry and add additional files or remove the existing ones.
So far I figured out how to upload and revert files before the form is submitted. I am also able to load existing files inside the edit form. Just when I click the 'x' button on a loaded image inside the edit form the image is removed from the filepond window and a 'removefile' event is fired, but the file still remains on the server. Is it possible to trigger the revert request on a loaded file or is there a better solution altogether?
x-button does not remove the file from the server
Here are the relevant snippets from my js file:
FilePond.registerPlugin(
FilePondPluginFileValidateSize,
FilePondPluginImagePreview,
FilePondPluginFileRename,
FilePondPluginFileValidateType
);
inputElement = document.querySelector(".filepond");
token = document
.querySelector('input[name="csrf_token"]')
.getAttribute("value");
FilePond.setOptions({
server: {
headers: { "X-CSRF-TOKEN": token },
process: "./process",
revert: "./revert",
load: {
url: "../",
}
},
});
const filepond = FilePond.create(inputElement, {
// Here I pass the files to my edit form in the following format:
//
// files: [
// {
// source: 'static/images/some_name.png',
// options: {
// type: 'local'
// }
// }]
});
The relevant code from .py file:
#app.route("/process", methods=["POST"])
#app.route("/edit/process", methods=["POST"])
def process():
upload_dir = "static/images"
file_names = []
for key in request.files:
file = request.files[key]
picture_fn = file.filename
file_names.append(picture_fn)
picture_path = os.path.join(upload_dir, picture_fn)
try:
file.save(picture_path)
except:
print("save fail: " + picture_path)
return json.dumps({"filename": [f for f in file_names]})
#app.route("/revert", methods=["DELETE"])
#app.route("/edit/revert", methods=["DELETE"])
def revert():
upload_dir = "static/images"
parsed = json.loads(request.data)
picture_fn = parsed["filename"][0]
picture_path = os.path.join(upload_dir, picture_fn)
try:
os.remove(picture_path)
except:
print("delete fail: " + picture_path)
return json.dumps({"filename": picture_fn})
Here is the repository to my full flask-filepond app:
https://github.com/AugeJevgenij/flask_filepond
Please excuse me if the question is unclear, does not make sense or the code is written poorly.
I just started programming a few months ago.
Acording to filepond documentation you can remove a file stored locally on the server like this:
FilePond.setOptions({
server: {
remove: (source, load, error) {
// 'source' is the path of the file and should be sent to a server endpoint via http
// call the load method before ending the function
load()
}
}
})
then on your server where you receive the source (path), use it to delete the file. Keep in mind that this is a risky approach to get your website hacked!

Flutter/Dart - Suggestions for how to Troubleshoot a Future?

Though it was working previously, for some reason my code has now stopped working. Though it fetches the required json data, the build doesn't render. The error on my app page which is supposed to display a page view was;
type String is not a subtype of 'Map<String,dynamic>'
But after some tweaks, now the error is;
invalid arguments(s)
I think I may have narrowed it down to the Future;
FutureBuilder<List<SpeakContent>> futureStage() {
return new FutureBuilder<List<SpeakContent>>(
future: downloadJSON(),
builder: (context, snapshot) {
if (snapshot.hasData) {
print("Snapshot has data.");
List<SpeakContent> speakcrafts = snapshot.data;
return new CustomPageView(speakcrafts);
} else if (snapshot.hasError) {
return Text('${snapshot.error}');
}
return new CircularProgressIndicator();
},
);
}
Future<List<SpeakContent>> downloadJSON() async {
final jsonEndpoint =
"http://example.com/getContent.php?";
final response = await get(jsonEndpoint);
if (response.statusCode == 200) {
List speakcrafts = json.decode(response.body);
debugPrint(speakcrafts.toString());
return speakcrafts
.map((speakcraft) => new SpeakContent.fromJson(speakcraft))
.toList();
} else
throw Exception('We were not able to successfully download the json data.');
}
Although it doesn't throw an error, I've noticed that it doesn't print my test statement after the "if (snapshot.hasData)" line.
Shouldn't I see "Snapshot has data." appear in my Android Studio console?
Based on what you provided, this
type String is not a subtype of 'Map<String,dynamic>'
must be this:
return Text('${snapshot.error}');
which means that your downloadJSON() threw an exception. In that case, print('Snapshot has data.'); never executes and the next case that I quoted above is executed.
Please put a breakpoint in the body of downloadJSON(), run it line by line and see what's thrown where.
ALSO, you are making an irrelevant but big mistake here. Do not call downloadJSON() like this. This function is executed at every re-render, which can be many times. You are initiating a JSON download at every redraw of your widget. This may stack up your backend bills... I explain it in this talk in more detail: https://youtu.be/vPHxckiSmKY?t=4771
After performing the troubleshooting tips as suggested by Gazihan Alankus and scrimau, I've found the culprit which was a single null entry in the MYSQL Database. Scary... gotta find out how to prevent that problem in the future.

VCR is not recording cassettes on successful requests, only on failed ones

I have a simple test to fetch one Facebook object. I'm using Curl for the request.
it "gets an object from Facebook" do
VCR.use_cassette('facebook') do
url = "https://graph.facebook.com/<ID>?access_token=#{#access_token}&#{query_string}"
curl = Curl::Easy.perform(url)
expect(curl.body_str).to eql('<my object>')
end
end
My VCR configs are:
VCR.configure do |c|
c.cassette_library_dir = 'spec/fixtures/vcr_cassettes'
c.hook_into :webmock
end
When I run the tests, it passes, and the following is logged:
[Cassette: 'facebook'] Initialized with options: {:record=>:once, :match_requests_on=>[:method, :uri], :allow_unused_http_interactions=>true, :serialize_with=>:yaml, :persist_with=>:file_system}
[webmock] Handling request: [get https://graph.facebook.com/<ID>?access_token=<TOKEN>&fields=%5B%22id%22,%22account_id%22,%22name%22,%22campaign_group_status%22,%22objective%22%5D] (disabled: false)
[Cassette: 'facebook'] Initialized HTTPInteractionList with request matchers [:method, :uri] and 0 interaction(s): { }
[webmock] Identified request type (recordable) for [get https://graph.facebook.com/<ID>?access_token=<TOKEN>&fields=%5B%22id%22,%22account_id%22,%22name%22,%22campaign_group_status%22,%22objective%22%5D]
But the cassette is not recorded and the dir is empty. I've tried :record => :all to same results.
Usually, people encountered this error when using incompatible hooks for the library they're using, but that's not the case. I'm using webmock and curb.
Curiously, the cassette is recorded when there's a failure in the request, e.g., the token is expired. When it's fixed, and I delete the file, it's not recorded again.
Have anyone had the same problem?
It turns out that my code was a little more complicated than above and was executing a callback after perfoming the request. Something like:
success_handler = Proc.new { return c.body_str }
curl.on_success do |easy|
success_handler.call(easy)
end
That bypasses VCR and the file is not written. Refactoring the code to not use callbacks works.

How to forcefully remove a record from the store, and find it again

Whenever my backend replies with an error, I would like to:
Discard the record as it is in the store. I do not care what state the record is in, I just want it out of the store.
Request it again from the backend. The record should be in a normal state now.
Is it possible to do this? Can I do it in a becameError? How?
This is currently my code:
var entry = this.get('content');
this.transaction = this.get('store').transaction();
this.transaction.add(entry);
...
this.transaction.commit();
entry.on('becameError', this, function () { this.handleFailure(); });
And handleFailure:
handleFailure : function() {
console.error('handleFailure > ');
this.transaction.rollback();
this.goBack();
},
What can I do in handleFailure so that the record is forgotten and requested again?
Or, as alternative, how can I clear any flag in the record so that I can continue to use it normally, without getting problems like:
Uncaught Error: Attempted to handle event `becomeDirty` on <SettingsApp.Scvoicemail:ember1027:08b8fc66-cd90-47a1-9053-4f6fefabdfe3> while in state root.error.
record.unload() is the way to do it, but it wasn't introduced until 1.0 beta, and it's a ton easier without the unnecessary transaction stuff.