added fxa auth to /params

server/routes/index.js

@@ -87,7 +87,12 @@ module.exports = function(app) {
   app.post('/api/upload', auth.fxa, require('./upload'));
   app.post(`/api/delete/:id${ID_REGEX}`, auth.owner, require('./delete'));
   app.post(`/api/password/:id${ID_REGEX}`, auth.owner, require('./password'));
-  app.post(`/api/params/:id${ID_REGEX}`, auth.owner, require('./params'));
+  app.post(
+    `/api/params/:id${ID_REGEX}`,
+    auth.owner,
+    auth.fxa,
+    require('./params')
+  );
   app.post(`/api/info/:id${ID_REGEX}`, auth.owner, require('./info'));
 
   app.get('/__version__', function(req, res) {

server/routes/params.js

@@ -2,9 +2,9 @@ const config = require('../config');
 const storage = require('../storage');
 
 module.exports = function(req, res) {
+  const max = req.user ? config.max_downloads : config.anon_max_downloads;
   const dlimit = req.body.dlimit;
-  // TODO: fxa auth
-  if (!dlimit || dlimit > config.max_downloads) {
+  if (!dlimit || dlimit > max) {
     return res.sendStatus(400);
   }