:sparkles: avatars + attachments

7 files changed, 81 insertions, 13 deletions

diff --git a/.gitignore b/.gitignore
index 7d04eaee..f2e69ff6 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,4 +2,5 @@
 node_modules/
 .DS_Store
 .env
-dist/
\ No newline at end of file
+dist/
+files/
\ No newline at end of file
diff --git a/package-lock.json b/package-lock.json
index c51b11e5..fe21ab20 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -9,7 +9,7 @@
 			"version": "1.0.0",
 			"license": "ISC",
 			"dependencies": {
-				"@fosscord/server-util": "^1.3.8",
+				"@fosscord/server-util": "^1.3.10",
 				"body-parser": "^1.19.0",
 				"btoa": "^1.2.1",
 				"cheerio": "^1.0.0-rc.5",
@@ -17,6 +17,7 @@
 				"express": "^4.17.1",
 				"express-async-errors": "^3.1.1",
 				"file-type": "^16.5.0",
+				"image-size": "^1.0.0",
 				"lambert-db": "^1.2.3",
 				"lambert-server": "^1.2.1",
 				"missing-native-js-functions": "^1.0.8",
@@ -35,9 +36,9 @@
 			}
 		},
 		"node_modules/@fosscord/server-util": {
-			"version": "1.3.8",
-			"resolved": "https://registry.npmjs.org/@fosscord/server-util/-/server-util-1.3.8.tgz",
-			"integrity": "sha512-bqCoCcuXRCDvloWcmQDSGVEAeHTgme4idBquL93Q/AxVe0l8J2hv+qm6bJ9mtK+TYPJhUlzku4H+jnMbH9msGg==",
+			"version": "1.3.10",
+			"resolved": "https://registry.npmjs.org/@fosscord/server-util/-/server-util-1.3.10.tgz",
+			"integrity": "sha512-pu+XAoerl/WLFxoNxT1NV7Nj0QT+QigK5ghr1VCXkN5N/pUAJUyC72fJPYk+5Ug0CbJkPb0XNsRVJpuz8k0R2g==",
 			"dependencies": {
 				"@types/jsonwebtoken": "^8.5.0",
 				"@types/mongoose-autopopulate": "^0.10.1",
@@ -849,6 +850,20 @@
 				}
 			]
 		},
+		"node_modules/image-size": {
+			"version": "1.0.0",
+			"resolved": "https://registry.npmjs.org/image-size/-/image-size-1.0.0.tgz",
+			"integrity": "sha512-JLJ6OwBfO1KcA+TvJT+v8gbE6iWbj24LyDNFgFEN0lzegn6cC6a/p3NIDaepMsJjQjlUWqIC7wJv8lBFxPNjcw==",
+			"dependencies": {
+				"queue": "6.0.2"
+			},
+			"bin": {
+				"image-size": "bin/image-size.js"
+			},
+			"engines": {
+				"node": ">=12.0.0"
+			}
+		},
 		"node_modules/inherits": {
 			"version": "2.0.3",
 			"resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.3.tgz",
@@ -1329,6 +1344,14 @@
 				"node": ">=0.6"
 			}
 		},
+		"node_modules/queue": {
+			"version": "6.0.2",
+			"resolved": "https://registry.npmjs.org/queue/-/queue-6.0.2.tgz",
+			"integrity": "sha512-iHZWu+q3IdFZFX36ro/lKBkSvfkztY5Y7HMiPlOUjhupPcG2JMfst2KKEpu5XndviX/3UhFbRngUPNKtgvtZiA==",
+			"dependencies": {
+				"inherits": "~2.0.3"
+			}
+		},
 		"node_modules/range-parser": {
 			"version": "1.2.1",
 			"resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz",
@@ -1658,9 +1681,9 @@
 	},
 	"dependencies": {
 		"@fosscord/server-util": {
-			"version": "1.3.8",
-			"resolved": "https://registry.npmjs.org/@fosscord/server-util/-/server-util-1.3.8.tgz",
-			"integrity": "sha512-bqCoCcuXRCDvloWcmQDSGVEAeHTgme4idBquL93Q/AxVe0l8J2hv+qm6bJ9mtK+TYPJhUlzku4H+jnMbH9msGg==",
+			"version": "1.3.10",
+			"resolved": "https://registry.npmjs.org/@fosscord/server-util/-/server-util-1.3.10.tgz",
+			"integrity": "sha512-pu+XAoerl/WLFxoNxT1NV7Nj0QT+QigK5ghr1VCXkN5N/pUAJUyC72fJPYk+5Ug0CbJkPb0XNsRVJpuz8k0R2g==",
 			"requires": {
 				"@types/jsonwebtoken": "^8.5.0",
 				"@types/mongoose-autopopulate": "^0.10.1",
@@ -2353,6 +2376,14 @@
 			"resolved": "https://registry.npmjs.org/ieee754/-/ieee754-1.2.1.tgz",
 			"integrity": "sha512-dcyqhDvX1C46lXZcVqCpK+FtMRQVdIMN6/Df5js2zouUsqG7I6sFxitIC+7KYK29KdXOLHdu9zL4sFnoVQnqaA=="
 		},
+		"image-size": {
+			"version": "1.0.0",
+			"resolved": "https://registry.npmjs.org/image-size/-/image-size-1.0.0.tgz",
+			"integrity": "sha512-JLJ6OwBfO1KcA+TvJT+v8gbE6iWbj24LyDNFgFEN0lzegn6cC6a/p3NIDaepMsJjQjlUWqIC7wJv8lBFxPNjcw==",
+			"requires": {
+				"queue": "6.0.2"
+			}
+		},
 		"inherits": {
 			"version": "2.0.3",
 			"resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.3.tgz",
@@ -2733,6 +2764,14 @@
 			"resolved": "https://registry.npmjs.org/qs/-/qs-6.7.0.tgz",
 			"integrity": "sha512-VCdBRNFTX1fyE7Nb6FYoURo/SPe62QCaAyzJvUjwRaIsc+NePBEniHlvxFmmX56+HZphIGtV0XeCirBtpDrTyQ=="
 		},
+		"queue": {
+			"version": "6.0.2",
+			"resolved": "https://registry.npmjs.org/queue/-/queue-6.0.2.tgz",
+			"integrity": "sha512-iHZWu+q3IdFZFX36ro/lKBkSvfkztY5Y7HMiPlOUjhupPcG2JMfst2KKEpu5XndviX/3UhFbRngUPNKtgvtZiA==",
+			"requires": {
+				"inherits": "~2.0.3"
+			}
+		},
 		"range-parser": {
 			"version": "1.2.1",
 			"resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz",
diff --git a/package.json b/package.json
index da374117..a6ac35ce 100644
--- a/package.json
+++ b/package.json
@@ -20,7 +20,7 @@
 	},
 	"homepage": "https://github.com/discord-open-source/discord-cdn#readme",
 	"dependencies": {
-		"@fosscord/server-util": "^1.3.8",
+		"@fosscord/server-util": "^1.3.10",
 		"body-parser": "^1.19.0",
 		"btoa": "^1.2.1",
 		"cheerio": "^1.0.0-rc.5",
@@ -28,6 +28,7 @@
 		"express": "^4.17.1",
 		"express-async-errors": "^3.1.1",
 		"file-type": "^16.5.0",
+		"image-size": "^1.0.0",
 		"lambert-db": "^1.2.3",
 		"lambert-server": "^1.2.1",
 		"missing-native-js-functions": "^1.0.8",
diff --git a/src/Server.ts b/src/Server.ts
index 15868129..57dfa536 100644
--- a/src/Server.ts
+++ b/src/Server.ts
@@ -31,8 +31,8 @@ export class CDNServer extends Server {
 export const multer = multerConfig({
 	storage: multerConfig.memoryStorage(),
 	limits: {
-		fields: 0,
-		files: 1,
+		fields: 10,
+		files: 10,
 		fileSize: 1024 * 1024 * 100, // 100 mb
 	},
 });
diff --git a/src/routes/attachments.ts b/src/routes/attachments.ts
index 3bbced31..e99b8d87 100644
--- a/src/routes/attachments.ts
+++ b/src/routes/attachments.ts
@@ -4,10 +4,14 @@ import { storage } from "../util/Storage";
 import FileType from "file-type";
 import { HTTPError } from "lambert-server";
 import { multer } from "../Server";
+import imageSize from "image-size";
 
 const router = Router();
 
 router.post("/:channel_id", multer.single("file"), async (req, res) => {
+	if (req.headers.signature !== Config.get().security.requestSignature)
+		throw new HTTPError("Invalid request signature");
+
 	const { buffer, mimetype, size, originalname, fieldname } = req.file;
 	const { channel_id } = req.params;
 	const filename = originalname.replaceAll(" ", "_").replace(/[^a-zA-Z0-9._]+/g, "");
@@ -17,6 +21,15 @@ router.post("/:channel_id", multer.single("file"), async (req, res) => {
 	const endpoint = Config.get().cdn.endpoint || "http://localhost:3003";
 
 	await storage.set(path, buffer);
+	var width;
+	var height;
+	if (mimetype.includes("image")) {
+		const dimensions = imageSize(buffer);
+		if (dimensions) {
+			width = dimensions.width;
+			height = dimensions.height;
+		}
+	}
 
 	const file = {
 		id,
@@ -24,6 +37,8 @@ router.post("/:channel_id", multer.single("file"), async (req, res) => {
 		filename: filename,
 		size,
 		url: `${endpoint}/${path}`,
+		width,
+		height,
 	};
 
 	return res.json(file);
@@ -42,6 +57,9 @@ router.get("/:channel_id/:id/:filename", async (req, res) => {
 });
 
 router.delete("/:channel_id/:id/:filename", async (req, res) => {
+	if (req.headers.signature !== Config.get().security.requestSignature)
+		throw new HTTPError("Invalid request signature");
+
 	const { channel_id, id, filename } = req.params;
 	const path = `attachments/${channel_id}/${id}/${filename}`;
 
diff --git a/src/routes/avatars.ts b/src/routes/avatars.ts
index c447db9f..973c45fc 100644
--- a/src/routes/avatars.ts
+++ b/src/routes/avatars.ts
@@ -4,6 +4,7 @@ import { storage } from "../util/Storage";
 import FileType from "file-type";
 import { HTTPError } from "lambert-server";
 import { multer } from "../Server";
+import crypto from "crypto";
 
 // TODO: check premium and animated pfp are allowed in the config
 // TODO: generate different sizes of avatar
@@ -18,10 +19,13 @@ const ALLOWED_MIME_TYPES = [...ANIMATED_MIME_TYPES, ...STATIC_MIME_TYPES];
 const router = Router();
 
 router.post("/:user_id", multer.single("file"), async (req, res) => {
+	if (req.headers.signature !== Config.get().security.requestSignature)
+		throw new HTTPError("Invalid request signature");
+	if (!req.file) throw new HTTPError("Missing file");
 	const { buffer, mimetype, size, originalname, fieldname } = req.file;
 	const { user_id } = req.params;
 
-	const id = Snowflake.generate();
+	const id = crypto.createHash("md5").update(Snowflake.generate()).digest("hex");
 
 	const type = await FileType.fromBuffer(buffer);
 	if (!type || !ALLOWED_MIME_TYPES.includes(type.mime)) throw new HTTPError("Invalid file type");
@@ -39,7 +43,8 @@ router.post("/:user_id", multer.single("file"), async (req, res) => {
 });
 
 router.get("/:user_id/:id", async (req, res) => {
-	const { user_id, id } = req.params;
+	var { user_id, id } = req.params;
+	id = id.split(".")[0];
 	const path = `avatars/${user_id}/${id}`;
 
 	const file = await storage.get(path);
@@ -52,6 +57,8 @@ router.get("/:user_id/:id", async (req, res) => {
 });
 
 router.delete("/:user_id/:id", async (req, res) => {
+	if (req.headers.signature !== Config.get().security.requestSignature)
+		throw new HTTPError("Invalid request signature");
 	const { user_id, id } = req.params;
 	const path = `avatars/${user_id}/${id}`;
 
diff --git a/src/routes/external.ts b/src/routes/external.ts
index 2f8de5d9..dcf56c8c 100644
--- a/src/routes/external.ts
+++ b/src/routes/external.ts
@@ -30,6 +30,8 @@ const DEFAULT_FETCH_OPTIONS: any = {
 };
 
 router.post("/", bodyParser.json(), async (req, res) => {
+	if (req.headers.signature !== Config.get().security.requestSignature)
+		throw new HTTPError("Invalid request signature");
 	if (!req.body) throw new HTTPError("Invalid Body");
 	const { url } = req.body;
 	if (!url || typeof url !== "string") throw new HTTPError("Invalid url");