diff options
| author | Flam3rboy <34555296+Flam3rboy@users.noreply.github.com> | 2021-05-30 01:44:46 +0200 |
|---|---|---|
| committer | Flam3rboy <34555296+Flam3rboy@users.noreply.github.com> | 2021-05-30 01:44:46 +0200 |
| commit | e87bebc3a3bd3b9408aca527b374f703c980070b (patch) | |
| tree | f2a813d8bd86a427f4731ef453c522eaeac52b6f /src/routes | |
| parent | :sparkles: avatars (diff) | |
| download | server-e87bebc3a3bd3b9408aca527b374f703c980070b.tar.xz | |
:sparkles: avatars + attachments
Diffstat (limited to 'src/routes')
| -rw-r--r-- | src/routes/attachments.ts | 18 | ||||
| -rw-r--r-- | src/routes/avatars.ts | 11 | ||||
| -rw-r--r-- | src/routes/external.ts | 2 |
3 files changed, 29 insertions, 2 deletions
diff --git a/src/routes/attachments.ts b/src/routes/attachments.ts index 3bbced31..e99b8d87 100644 --- a/src/routes/attachments.ts +++ b/src/routes/attachments.ts @@ -4,10 +4,14 @@ import { storage } from "../util/Storage"; import FileType from "file-type"; import { HTTPError } from "lambert-server"; import { multer } from "../Server"; +import imageSize from "image-size"; const router = Router(); router.post("/:channel_id", multer.single("file"), async (req, res) => { + if (req.headers.signature !== Config.get().security.requestSignature) + throw new HTTPError("Invalid request signature"); + const { buffer, mimetype, size, originalname, fieldname } = req.file; const { channel_id } = req.params; const filename = originalname.replaceAll(" ", "_").replace(/[^a-zA-Z0-9._]+/g, ""); @@ -17,6 +21,15 @@ router.post("/:channel_id", multer.single("file"), async (req, res) => { const endpoint = Config.get().cdn.endpoint || "http://localhost:3003"; await storage.set(path, buffer); + var width; + var height; + if (mimetype.includes("image")) { + const dimensions = imageSize(buffer); + if (dimensions) { + width = dimensions.width; + height = dimensions.height; + } + } const file = { id, @@ -24,6 +37,8 @@ router.post("/:channel_id", multer.single("file"), async (req, res) => { filename: filename, size, url: `${endpoint}/${path}`, + width, + height, }; return res.json(file); @@ -42,6 +57,9 @@ router.get("/:channel_id/:id/:filename", async (req, res) => { }); router.delete("/:channel_id/:id/:filename", async (req, res) => { + if (req.headers.signature !== Config.get().security.requestSignature) + throw new HTTPError("Invalid request signature"); + const { channel_id, id, filename } = req.params; const path = `attachments/${channel_id}/${id}/${filename}`; diff --git a/src/routes/avatars.ts b/src/routes/avatars.ts index c447db9f..973c45fc 100644 --- a/src/routes/avatars.ts +++ b/src/routes/avatars.ts @@ -4,6 +4,7 @@ import { storage } from "../util/Storage"; import FileType from "file-type"; import { HTTPError } from "lambert-server"; import { multer } from "../Server"; +import crypto from "crypto"; // TODO: check premium and animated pfp are allowed in the config // TODO: generate different sizes of avatar @@ -18,10 +19,13 @@ const ALLOWED_MIME_TYPES = [...ANIMATED_MIME_TYPES, ...STATIC_MIME_TYPES]; const router = Router(); router.post("/:user_id", multer.single("file"), async (req, res) => { + if (req.headers.signature !== Config.get().security.requestSignature) + throw new HTTPError("Invalid request signature"); + if (!req.file) throw new HTTPError("Missing file"); const { buffer, mimetype, size, originalname, fieldname } = req.file; const { user_id } = req.params; - const id = Snowflake.generate(); + const id = crypto.createHash("md5").update(Snowflake.generate()).digest("hex"); const type = await FileType.fromBuffer(buffer); if (!type || !ALLOWED_MIME_TYPES.includes(type.mime)) throw new HTTPError("Invalid file type"); @@ -39,7 +43,8 @@ router.post("/:user_id", multer.single("file"), async (req, res) => { }); router.get("/:user_id/:id", async (req, res) => { - const { user_id, id } = req.params; + var { user_id, id } = req.params; + id = id.split(".")[0]; const path = `avatars/${user_id}/${id}`; const file = await storage.get(path); @@ -52,6 +57,8 @@ router.get("/:user_id/:id", async (req, res) => { }); router.delete("/:user_id/:id", async (req, res) => { + if (req.headers.signature !== Config.get().security.requestSignature) + throw new HTTPError("Invalid request signature"); const { user_id, id } = req.params; const path = `avatars/${user_id}/${id}`; diff --git a/src/routes/external.ts b/src/routes/external.ts index 2f8de5d9..dcf56c8c 100644 --- a/src/routes/external.ts +++ b/src/routes/external.ts @@ -30,6 +30,8 @@ const DEFAULT_FETCH_OPTIONS: any = { }; router.post("/", bodyParser.json(), async (req, res) => { + if (req.headers.signature !== Config.get().security.requestSignature) + throw new HTTPError("Invalid request signature"); if (!req.body) throw new HTTPError("Invalid Body"); const { url } = req.body; if (!url || typeof url !== "string") throw new HTTPError("Invalid url"); |