wip

7 files changed, 30 insertions, 16 deletions

diff --git a/src/server/api/api-handler.ts b/src/server/api/api-handler.ts
index 2c50234317..947794a20e 100644
--- a/src/server/api/api-handler.ts
+++ b/src/server/api/api-handler.ts
@@ -25,11 +25,21 @@ export default async (endpoint: Endpoint, ctx: Koa.Context) => {
 
 	// Authentication
 	try {
-		[user, app] = await authenticate(ctx.body['i']);
+		[user, app] = await authenticate(ctx.request.body['i']);
 	} catch (e) {
-		return reply(403, 'AUTHENTICATION_FAILED');
+		reply(403, 'AUTHENTICATION_FAILED');
+		return;
 	}
 
+	let res;
+
 	// API invoking
-	call(endpoint, user, app, ctx.body, ctx.req).then(reply).catch(e => reply(400, e));
+	try {
+		res = await call(endpoint, user, app, ctx.request.body, ctx.req);
+	} catch (e) {
+		reply(400, e);
+		return;
+	}
+
+	reply(res);
 };
diff --git a/src/server/api/bot/interfaces/line.ts b/src/server/api/bot/interfaces/line.ts
index 454630161a..733315391d 100644
--- a/src/server/api/bot/interfaces/line.ts
+++ b/src/server/api/bot/interfaces/line.ts
@@ -226,7 +226,7 @@ if (config.line_bot) {
 
 		// シグネチャ比較
 		if (sig1 === sig2) {
-			ctx.body.events.forEach(ev => {
+			ctx.request.body.events.forEach(ev => {
 				handler.emit('event', ev);
 			});
 		} else {
diff --git a/src/server/api/call.ts b/src/server/api/call.ts
index c25f55ed3f..cc40294657 100644
--- a/src/server/api/call.ts
+++ b/src/server/api/call.ts
@@ -6,11 +6,9 @@ import limitter from './limitter';
 import { IUser } from '../../models/user';
 import { IApp } from '../../models/app';
 
-export default (endpoint: string | Endpoint, user: IUser, app: IApp, data: any, req?: http.IncomingMessage) => new Promise(async (ok, rej) => {
+export default (endpoint: string | Endpoint, user: IUser, app: IApp, data: any, req?: http.IncomingMessage) => new Promise<any>(async (ok, rej) => {
 	const isSecure = user != null && app == null;
 
-	//console.log(endpoint, user, app, data);
-
 	const ep = typeof endpoint == 'string' ? endpoints.find(e => e.name == endpoint) : endpoint;
 
 	if (ep.secure && !isSecure) {
diff --git a/src/server/api/index.ts b/src/server/api/index.ts
index c383e1cf8d..2ea5fccb5b 100644
--- a/src/server/api/index.ts
+++ b/src/server/api/index.ts
@@ -13,7 +13,9 @@ const handler = require('./api-handler').default;
 
 // Init app
 const app = new Koa();
-app.use(bodyParser);
+app.use(bodyParser({
+	detectJSON: () => true
+}));
 
 // Init multer instance
 const upload = multer({
diff --git a/src/server/api/private/signin.ts b/src/server/api/private/signin.ts
index 55326deeaf..1737007206 100644
--- a/src/server/api/private/signin.ts
+++ b/src/server/api/private/signin.ts
@@ -11,9 +11,9 @@ export default async (ctx: Koa.Context) => {
 	ctx.set('Access-Control-Allow-Origin', config.url);
 	ctx.set('Access-Control-Allow-Credentials', 'true');
 
-	const username = ctx.body['username'];
-	const password = ctx.body['password'];
-	const token = ctx.body['token'];
+	const username = ctx.request.body['username'];
+	const password = ctx.request.body['password'];
+	const token = ctx.request.body['token'];
 
 	if (typeof username != 'string') {
 		ctx.status = 400;
diff --git a/src/server/api/private/signup.ts b/src/server/api/private/signup.ts
index a4554be4ae..15257b869f 100644
--- a/src/server/api/private/signup.ts
+++ b/src/server/api/private/signup.ts
@@ -37,7 +37,7 @@ export default async (ctx: Koa.Context) => {
 	// Verify recaptcha
 	// ただしテスト時はこの機構は障害となるため無効にする
 	if (process.env.NODE_ENV !== 'test') {
-		const success = await recaptcha(ctx.body['g-recaptcha-response']);
+		const success = await recaptcha(ctx.request.body['g-recaptcha-response']);
 
 		if (!success) {
 			ctx.throw(400, 'recaptcha-failed');
@@ -45,8 +45,8 @@ export default async (ctx: Koa.Context) => {
 		}
 	}
 
-	const username = ctx.body['username'];
-	const password = ctx.body['password'];
+	const username = ctx.request.body['username'];
+	const password = ctx.request.body['password'];
 
 	// Validate username
 	if (!validateUsername(username)) {
diff --git a/src/server/api/service/github.ts b/src/server/api/service/github.ts
index ee226cc5cc..cd9760a36d 100644
--- a/src/server/api/service/github.ts
+++ b/src/server/api/service/github.ts
@@ -35,10 +35,14 @@ if (config.github_bot != null) {
 	const secret = config.github_bot.hook_secret;
 
 	router.post('/hooks/github', ctx => {
+		const body = JSON.stringify(ctx.request.body);
+		const hash = crypto.createHmac('sha1', secret).update(body).digest('hex');
 		const sig1 = new Buffer(ctx.headers['x-hub-signature']);
-		const sig2 = new Buffer(`sha1=${crypto.createHmac('sha1', secret).update(JSON.stringify(ctx.body)).digest('hex')}`);
+		const sig2 = new Buffer(`sha1=${hash}`);
+
+		// シグネチャ比較
 		if (sig1.equals(sig2)) {
-			handler.emit(ctx.headers['x-github-event'], ctx.body);
+			handler.emit(ctx.headers['x-github-event'], ctx.request.body);
 			ctx.status = 204;
 		} else {
 			ctx.status = 400;