From 53f5015c99b3040e955632525bde4ad70250af9a Mon Sep 17 00:00:00 2001 From: Zephyrrus Date: Tue, 5 Jan 2021 00:25:53 +0200 Subject: feat: check for real mimetype using file-type For now, if file-type returns undefined, we take the value from the browser. In the future this should be removed to ensure people can't bypass the real mime checking using a special file that can't be recognized by file-type. --- src/api/utils/Util.js | 5 +++++ src/api/utils/multerStorage.js | 6 ++---- 2 files changed, 7 insertions(+), 4 deletions(-) (limited to 'src/api/utils') diff --git a/src/api/utils/Util.js b/src/api/utils/Util.js index ae13eb5..9d5021d 100644 --- a/src/api/utils/Util.js +++ b/src/api/utils/Util.js @@ -35,6 +35,10 @@ class Util { return blockedExtensions.includes(extension); } + static getMimeFromType(fileTypeMimeObj) { + return fileTypeMimeObj ? fileTypeMimeObj.mime : undefined; + } + static constructFilePublicLink(file) { /* TODO: This wont work without a reverse proxy serving both @@ -225,6 +229,7 @@ class Util { static async storeFileToDb(req, res, user, file, db) { const dbFile = await db.table('files') + // eslint-disable-next-line func-names .where(function() { if (user === undefined) { this.whereNull('userId'); diff --git a/src/api/utils/multerStorage.js b/src/api/utils/multerStorage.js index a2d01a4..9c4d94f 100644 --- a/src/api/utils/multerStorage.js +++ b/src/api/utils/multerStorage.js @@ -8,7 +8,7 @@ function DiskStorage(opts) { if (typeof opts.destination === 'string') { jetpack.dir(opts.destination); - this.getDestination = function($0, $1, cb) { cb(null, opts.destination); }; + this.getDestination = ($0, $1, cb) => { cb(null, opts.destination); }; } else { this.getDestination = opts.destination; } @@ -86,6 +86,4 @@ DiskStorage.prototype._removeFile = function _removeFile(req, file, cb) { fs.unlink(path, cb); }; -module.exports = function(opts) { - return new DiskStorage(opts); -}; +module.exports = opts => new DiskStorage(opts); -- cgit v1.2.3