mirror of
https://github.com/plankanban/planka.git
synced 2025-12-24 17:25:00 +03:00
feat: Improve mime type detection, limit image processing size
This commit is contained in:
Maksim Eltyshev
@@ -5,12 +5,12 @@
|
||||
|
||||
const fsPromises = require('fs').promises;
|
||||
const { rimraf } = require('rimraf');
|
||||
const { fileTypeFromFile } = require('file-type');
|
||||
const { getEncoding } = require('istextorbinary');
|
||||
const mime = require('mime');
|
||||
const sharp = require('sharp');
|
||||
|
||||
const filenamify = require('../../../utils/filenamify');
|
||||
const { MAX_SIZE_TO_GET_ENCODING } = require('../../../constants');
|
||||
const { MAX_SIZE_TO_GET_ENCODING, MAX_SIZE_TO_PROCESS_AS_IMAGE } = require('../../../constants');
|
||||
|
||||
module.exports = {
|
||||
inputs: {
|
||||
@@ -24,7 +24,8 @@ module.exports = {
|
||||
const fileManager = sails.hooks['file-manager'].getInstance();
|
||||
|
||||
const filename = filenamify(inputs.file.filename);
|
||||
const mimeType = mime.getType(filename);
|
||||
const fileType = await fileTypeFromFile(inputs.file.fd);
|
||||
const { mime: mimeType = null } = fileType || {};
|
||||
const { size } = inputs.file;
|
||||
|
||||
const { id: uploadedFileId } = await UploadedFile.qm.createOne({
|
||||
@@ -65,7 +66,7 @@ module.exports = {
|
||||
image: null,
|
||||
};
|
||||
|
||||
if (!['image/svg+xml', 'application/pdf'].includes(mimeType)) {
|
||||
if (mimeType && mimeType.startsWith('image/') && size <= MAX_SIZE_TO_PROCESS_AS_IMAGE) {
|
||||
let image = sharp(buffer || filePath || inputs.file.fd, {
|
||||
animated: true,
|
||||
});
|
||||
|
||||
@@ -5,9 +5,11 @@
|
||||
|
||||
const { v4: uuid } = require('uuid');
|
||||
const { rimraf } = require('rimraf');
|
||||
const mime = require('mime');
|
||||
const { fileTypeFromFile } = require('file-type');
|
||||
const sharp = require('sharp');
|
||||
|
||||
const { MAX_SIZE_TO_PROCESS_AS_IMAGE } = require('../../../constants');
|
||||
|
||||
module.exports = {
|
||||
inputs: {
|
||||
file: {
|
||||
@@ -21,8 +23,13 @@ module.exports = {
|
||||
},
|
||||
|
||||
async fn(inputs) {
|
||||
const mimeType = mime.getType(inputs.file.filename);
|
||||
if (['image/svg+xml', 'application/pdf'].includes(mimeType)) {
|
||||
const fileManager = sails.hooks['file-manager'].getInstance();
|
||||
|
||||
const fileType = await fileTypeFromFile(inputs.file.fd);
|
||||
const { mime: mimeType = null } = fileType || {};
|
||||
const { size } = inputs.file;
|
||||
|
||||
if (!mimeType || !mimeType.startsWith('image/') || size > MAX_SIZE_TO_PROCESS_AS_IMAGE) {
|
||||
await rimraf(inputs.file.fd);
|
||||
throw 'fileIsNotImage';
|
||||
}
|
||||
@@ -47,11 +54,6 @@ module.exports = {
|
||||
throw 'fileIsNotImage';
|
||||
}
|
||||
|
||||
const fileManager = sails.hooks['file-manager'].getInstance();
|
||||
|
||||
const extension = metadata.format === 'jpeg' ? 'jpg' : metadata.format;
|
||||
const size = originalBuffer.length;
|
||||
|
||||
const { id: uploadedFileId } = await UploadedFile.qm.createOne({
|
||||
mimeType,
|
||||
size,
|
||||
@@ -60,6 +62,7 @@ module.exports = {
|
||||
});
|
||||
|
||||
const dirPathSegment = `${sails.config.custom.backgroundImagesPathSegment}/${uploadedFileId}`;
|
||||
const extension = metadata.format === 'jpeg' ? 'jpg' : metadata.format;
|
||||
|
||||
try {
|
||||
await fileManager.save(
|
||||
|
||||
@@ -5,9 +5,11 @@
|
||||
|
||||
const { v4: uuid } = require('uuid');
|
||||
const { rimraf } = require('rimraf');
|
||||
const mime = require('mime');
|
||||
const { fileTypeFromFile } = require('file-type');
|
||||
const sharp = require('sharp');
|
||||
|
||||
const { MAX_SIZE_TO_PROCESS_AS_IMAGE } = require('../../../constants');
|
||||
|
||||
module.exports = {
|
||||
inputs: {
|
||||
file: {
|
||||
@@ -21,8 +23,13 @@ module.exports = {
|
||||
},
|
||||
|
||||
async fn(inputs) {
|
||||
const mimeType = mime.getType(inputs.file.filename);
|
||||
if (['image/svg+xml', 'application/pdf'].includes(mimeType)) {
|
||||
const fileManager = sails.hooks['file-manager'].getInstance();
|
||||
|
||||
const fileType = await fileTypeFromFile(inputs.file.fd);
|
||||
const { mime: mimeType = null } = fileType || {};
|
||||
const { size } = inputs.file;
|
||||
|
||||
if (!mimeType || !mimeType.startsWith('image/') || size > MAX_SIZE_TO_PROCESS_AS_IMAGE) {
|
||||
await rimraf(inputs.file.fd);
|
||||
throw 'fileIsNotImage';
|
||||
}
|
||||
@@ -47,11 +54,6 @@ module.exports = {
|
||||
throw 'fileIsNotImage';
|
||||
}
|
||||
|
||||
const fileManager = sails.hooks['file-manager'].getInstance();
|
||||
|
||||
const extension = metadata.format === 'jpeg' ? 'jpg' : metadata.format;
|
||||
const size = originalBuffer.length;
|
||||
|
||||
const { id: uploadedFileId } = await UploadedFile.qm.createOne({
|
||||
mimeType,
|
||||
size,
|
||||
@@ -60,6 +62,7 @@ module.exports = {
|
||||
});
|
||||
|
||||
const dirPathSegment = `${sails.config.custom.userAvatarsPathSegment}/${uploadedFileId}`;
|
||||
const extension = metadata.format === 'jpeg' ? 'jpg' : metadata.format;
|
||||
|
||||
try {
|
||||
await fileManager.save(
|
||||
|
||||
Reference in New Issue
Block a user