added array with blocked file extensions

Added an option to add file extensions to the config which will be rejected (https://github.com/WeebDev/loli-safe/issues/19)
author: Onestay <[email protected]> 2017-03-27 23:07:00 +0200
committer: Onestay <[email protected]> 2017-03-27 23:07:00 +0200
commit: ad6b7d25de44678bb99ad55d4270243d7b4ae596 (patch)
tree: 9273627f5f8466facc12b3685765410a79d441cb /controllers/uploadController.js
parent: Merge pull request #21 from RyoshiKayo/patch-2 (diff)
download: host.fuwn.me-ad6b7d25de44678bb99ad55d4270243d7b4ae596.tar.xz
host.fuwn.me-ad6b7d25de44678bb99ad55d4270243d7b4ae596.zip
1 files changed, 7 insertions, 1 deletions
diff --git a/controllers/uploadController.js b/controllers/uploadController.js
index 39a9364..d9ca04e 100644
--- a/controllers/uploadController.js
+++ b/controllers/uploadController.js
@@ -20,7 +20,13 @@ const storage = multer.diskStorage({
 
 const upload = multer({
 	storage: storage,
-	limits: { fileSize: config.uploads.maxSize }
+	limits: { fileSize: config.uploads.maxSize },
+	fileFilter: function(req, file, cb) {
+		if (config.blockedExtensions.some((extension) => { return path.extname(file.originalname) === extension; })) {
+			return cb('This file extension is not allowed');
+		}
+		return cb(null, true);
+	}
 }).array('files[]')
 
 uploadsController.upload = function(req, res, next) {
author	Onestay <[email protected]>	2017-03-27 23:07:00 +0200
committer	Onestay <[email protected]>	2017-03-27 23:07:00 +0200
commit	ad6b7d25de44678bb99ad55d4270243d7b4ae596 (patch)
tree	9273627f5f8466facc12b3685765410a79d441cb /controllers/uploadController.js
parent	Merge pull request #21 from RyoshiKayo/patch-2 (diff)
download	host.fuwn.me-ad6b7d25de44678bb99ad55d4270243d7b4ae596.tar.xz host.fuwn.me-ad6b7d25de44678bb99ad55d4270243d7b4ae596.zip