From 53f5015c99b3040e955632525bde4ad70250af9a Mon Sep 17 00:00:00 2001 From: Zephyrrus Date: Tue, 5 Jan 2021 00:25:53 +0200 Subject: feat: check for real mimetype using file-type For now, if file-type returns undefined, we take the value from the browser. In the future this should be removed to ensure people can't bypass the real mime checking using a special file that can't be recognized by file-type. --- src/api/utils/multerStorage.js | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) (limited to 'src/api/utils/multerStorage.js') diff --git a/src/api/utils/multerStorage.js b/src/api/utils/multerStorage.js index a2d01a4..9c4d94f 100644 --- a/src/api/utils/multerStorage.js +++ b/src/api/utils/multerStorage.js @@ -8,7 +8,7 @@ function DiskStorage(opts) { if (typeof opts.destination === 'string') { jetpack.dir(opts.destination); - this.getDestination = function($0, $1, cb) { cb(null, opts.destination); }; + this.getDestination = ($0, $1, cb) => { cb(null, opts.destination); }; } else { this.getDestination = opts.destination; } @@ -86,6 +86,4 @@ DiskStorage.prototype._removeFile = function _removeFile(req, file, cb) { fs.unlink(path, cb); }; -module.exports = function(opts) { - return new DiskStorage(opts); -}; +module.exports = opts => new DiskStorage(opts); -- cgit v1.2.3 From e0801f0c195baf677247193c274426b2483eafb1 Mon Sep 17 00:00:00 2001 From: Zephyrrus Date: Wed, 6 Jan 2021 23:31:10 +0200 Subject: fix: use PassThrough from FileType to get the real mimetype of a file while it's being saved to the disk --- src/api/utils/multerStorage.js | 50 +++++++++++++++++++++++++++++------------- 1 file changed, 35 insertions(+), 15 deletions(-) (limited to 'src/api/utils/multerStorage.js') diff --git a/src/api/utils/multerStorage.js b/src/api/utils/multerStorage.js index 9c4d94f..1f1f0dd 100644 --- a/src/api/utils/multerStorage.js +++ b/src/api/utils/multerStorage.js @@ -2,6 +2,7 @@ const fs = require('fs'); const path = require('path'); const blake3 = require('blake3'); const jetpack = require('fs-jetpack'); +const FileType = require('file-type'); function DiskStorage(opts) { this.getFilename = opts.filename; @@ -52,25 +53,44 @@ DiskStorage.prototype._handleFile = function _handleFile(req, file, cb) { file.stream.on('data', d => hash.update(d)); if (file._isChunk) { - file.stream.on('end', () => { - cb(null, { - destination, - filename, - path: finalPath + if (file._chunksData.chunks === 0) { + FileType.stream(file.stream).then(ftStream => { + file._chunksData.fileType = ftStream.fileType; + file.stream.on('end', () => { + cb(null, { + destination, + filename, + path: finalPath, + fileType: file._chunksData.fileType + }); + }); + ftStream.pipe(outStream, { end: false }); }); - }); - file.stream.pipe(outStream, { end: false }); + } else { + file.stream.on('end', () => { + cb(null, { + destination, + filename, + path: finalPath, + fileType: file._chunksData.fileType + }); + }); + file.stream.pipe(outStream, { end: false }); + } } else { - outStream.on('finish', () => { - cb(null, { - destination, - filename, - path: finalPath, - size: outStream.bytesWritten, - hash: hash.digest('hex') + FileType.stream(file.stream).then(ftStream => { + outStream.on('finish', () => { + cb(null, { + destination, + filename, + path: finalPath, + size: outStream.bytesWritten, + hash: hash.digest('hex'), + fileType: ftStream.fileType + }); }); + ftStream.pipe(outStream); }); - file.stream.pipe(outStream); } }); }); -- cgit v1.2.3