diff options
| author | Zephyrrus <[email protected]> | 2021-01-05 00:25:53 +0200 |
|---|---|---|
| committer | Zephyrrus <[email protected]> | 2021-01-07 10:47:16 +0200 |
| commit | 53f5015c99b3040e955632525bde4ad70250af9a (patch) | |
| tree | e07e259351e7bfe2e9a07ac7bba4fab3db4ed736 /src/api/routes/uploads | |
| parent | fix: normalize url and thumbnail response (diff) | |
| download | host.fuwn.me-53f5015c99b3040e955632525bde4ad70250af9a.tar.xz host.fuwn.me-53f5015c99b3040e955632525bde4ad70250af9a.zip | |
feat: check for real mimetype using file-type
For now, if file-type returns undefined, we take the value from the browser. In the future this should be removed to ensure people can't bypass the real mime checking using a special file that can't be recognized by file-type.
Diffstat (limited to 'src/api/routes/uploads')
| -rw-r--r-- | src/api/routes/uploads/uploadPOST.js | 36 |
1 files changed, 19 insertions, 17 deletions
diff --git a/src/api/routes/uploads/uploadPOST.js b/src/api/routes/uploads/uploadPOST.js index bba7989..8e26079 100644 --- a/src/api/routes/uploads/uploadPOST.js +++ b/src/api/routes/uploads/uploadPOST.js @@ -1,6 +1,7 @@ const path = require('path'); const jetpack = require('fs-jetpack'); const multer = require('multer'); + const Util = require('../../utils/Util'); const Route = require('../../structures/Route'); const multerStorage = require('../../utils/multerStorage'); @@ -10,6 +11,22 @@ const chunkedUploadsTimeout = 1800000; const chunksDir = path.join(__dirname, '../../../../', process.env.UPLOAD_FOLDER, 'chunks'); const uploadDir = path.join(__dirname, '../../../../', process.env.UPLOAD_FOLDER); + +const cleanUpChunks = async (uuid, onTimeout) => { + // Remove tmp file + await jetpack.removeAsync(path.join(chunksData[uuid].root, chunksData[uuid].filename)) + .catch(error => { + if (error.code !== 'ENOENT') console.error(error); + }); + + // Remove UUID dir + await jetpack.removeAsync(chunksData[uuid].root); + + // Delete cached chunks data + if (!onTimeout) chunksData[uuid].clearTimeout(); + delete chunksData[uuid]; +}; + class ChunksData { constructor(uuid, root) { this.uuid = uuid; @@ -134,7 +151,7 @@ const uploadFile = async (req, res) => { // If the uploaded file is a chunk then just say that it was a success const uuid = req.body.uuid; if (chunksData[uuid] !== undefined) { - req.files.forEach(file => { + req.files.forEach(() => { chunksData[uuid].chunks++; }); res.json({ success: true }); @@ -149,7 +166,7 @@ const uploadFile = async (req, res) => { return infoMap[0]; }; -const finishChunks = async (req, res) => { +const finishChunks = async req => { const check = file => typeof file.uuid !== 'string' || !chunksData[file.uuid] || chunksData[file.uuid].chunks < 2; @@ -228,21 +245,6 @@ const finishChunks = async (req, res) => { } }; -const cleanUpChunks = async (uuid, onTimeout) => { - // Remove tmp file - await jetpack.removeAsync(path.join(chunksData[uuid].root, chunksData[uuid].filename)) - .catch(error => { - if (error.code !== 'ENOENT') console.error(error); - }); - - // Remove UUID dir - await jetpack.removeAsync(chunksData[uuid].root); - - // Delete cached chunks data - if (!onTimeout) chunksData[uuid].clearTimeout(); - delete chunksData[uuid]; -}; - class uploadPOST extends Route { constructor() { super('/upload', 'post', { |