Andreas/wekan
1
0
Fork 0
mirror of https://github.com/wekan/wekan.git synced 2026-01-06 09:38:49 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

Add support to validate uploaded avatars

Browse source
This commit is contained in:
Tobias Wolf 2022-08-19 14:31:34 +02:00
parent 469d81f8a5
commit c64a221453
10 changed files with 87 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

46
models/avatars.js
View file

@ -1,13 +1,40 @@
import { Meteor } from 'meteor/meteor';
import { FilesCollection } from 'meteor/ostrio:files';
import { formatFleURL } from 'meteor/ostrio:files/lib';
import { isFileValid } from './fileValidation';
import { createBucket } from './lib/grid/createBucket';
import fs from 'fs';
import path from 'path';
import FileStoreStrategyFactory, { FileStoreStrategyFilesystem, FileStoreStrategyGridFs} from '/models/lib/fileStoreStrategy';
import FileStoreStrategyFactory, { FileStoreStrategyFilesystem, FileStoreStrategyGridFs, STORAGE_NAME_FILESYSTEM } from '/models/lib/fileStoreStrategy';
let avatarsUploadExternalProgram;
let avatarsUploadMimeTypes = [];
let avatarsUploadSize = 72000;
let avatarsBucket;
let storagePath;
if (Meteor.isServer) {
if (process.env.AVATARS_UPLOAD_MIME_TYPES) {
avatarsUploadMimeTypes = process.env.AVATARS_UPLOAD_MIME_TYPES.split(',');
avatarsUploadMimeTypes = avatarsUploadMimeTypes.map(value => value.trim());
}
if (process.env.AVATARS_UPLOAD_MAX_SIZE) {
avatarsUploadSize = parseInt(process.env.AVATARS_UPLOAD_MAX_SIZE);
if (isNaN(avatarsUploadSize)) {
avatarsUploadSize = 0
}
}
if (process.env.AVATARS_UPLOAD_EXTERNAL_PROGRAM) {
avatarsUploadExternalProgram = process.env.AVATARS_UPLOAD_EXTERNAL_PROGRAM;
if (!avatarsUploadExternalProgram.includes("{file}")) {
avatarsUploadExternalProgram = undefined;
}
}
avatarsBucket = createBucket('avatars');
storagePath = path.join(process.env.WRITABLE_PATH, 'avatars');
}
@ -23,7 +50,7 @@ Avatars = new FilesCollection({
return ret;
},
onBeforeUpload(file) {
if (file.size <= 72000 && file.type.startsWith('image/')) {
if (file.size <= avatarsUploadSize && file.type.startsWith('image/')) {
return true;
}
return 'avatar-too-big';
@ -31,9 +58,20 @@ Avatars = new FilesCollection({
onAfterUpload(fileObj) {
// current storage is the filesystem, update object and database
Object.keys(fileObj.versions).forEach(versionName => {
fileObj.versions[versionName].storage = "fs";
fileObj.versions[versionName].storage = STORAGE_NAME_FILESYSTEM;
});
Avatars.update({ _id: fileObj._id }, { $set: { "versions" : fileObj.versions } });
Avatars.update({ _id: fileObj._id }, { $set: { "versions": fileObj.versions } });
const isValid = Promise.await(isFileValid(fileObj, avatarsUploadMimeTypes, avatarsUploadSize, avatarsUploadExternalProgram));
const user = Users.findOne(fileObj.userId);
if (isValid) {
user.setAvatarUrl(`${formatFleURL(fileObj)}?auth=false&brokenIsFine=true`);
} else {
user.setAvatarUrl('');
Avatars.remove(fileObj._id);
}
},
interceptDownload(http, fileObj, versionName) {
const ret = fileStoreStrategyFactory.getFileStrategy(fileObj, versionName).interceptDownload(http, this.cacheControl);