From e87bebc3a3bd3b9408aca527b374f703c980070b Mon Sep 17 00:00:00 2001 From: Flam3rboy <34555296+Flam3rboy@users.noreply.github.com> Date: Sun, 30 May 2021 01:44:46 +0200 Subject: :sparkles: avatars + attachments --- .gitignore | 3 ++- package-lock.json | 53 ++++++++++++++++++++++++++++++++++++++++------- package.json | 3 ++- src/Server.ts | 4 ++-- src/routes/attachments.ts | 18 ++++++++++++++++ src/routes/avatars.ts | 11 ++++++++-- src/routes/external.ts | 2 ++ 7 files changed, 81 insertions(+), 13 deletions(-) diff --git a/.gitignore b/.gitignore index 7d04eaee..f2e69ff6 100644 --- a/.gitignore +++ b/.gitignore @@ -2,4 +2,5 @@ node_modules/ .DS_Store .env -dist/ \ No newline at end of file +dist/ +files/ \ No newline at end of file diff --git a/package-lock.json b/package-lock.json index c51b11e5..fe21ab20 100644 --- a/package-lock.json +++ b/package-lock.json @@ -9,7 +9,7 @@ "version": "1.0.0", "license": "ISC", "dependencies": { - "@fosscord/server-util": "^1.3.8", + "@fosscord/server-util": "^1.3.10", "body-parser": "^1.19.0", "btoa": "^1.2.1", "cheerio": "^1.0.0-rc.5", @@ -17,6 +17,7 @@ "express": "^4.17.1", "express-async-errors": "^3.1.1", "file-type": "^16.5.0", + "image-size": "^1.0.0", "lambert-db": "^1.2.3", "lambert-server": "^1.2.1", "missing-native-js-functions": "^1.0.8", @@ -35,9 +36,9 @@ } }, "node_modules/@fosscord/server-util": { - "version": "1.3.8", - "resolved": "https://registry.npmjs.org/@fosscord/server-util/-/server-util-1.3.8.tgz", - "integrity": "sha512-bqCoCcuXRCDvloWcmQDSGVEAeHTgme4idBquL93Q/AxVe0l8J2hv+qm6bJ9mtK+TYPJhUlzku4H+jnMbH9msGg==", + "version": "1.3.10", + "resolved": "https://registry.npmjs.org/@fosscord/server-util/-/server-util-1.3.10.tgz", + "integrity": "sha512-pu+XAoerl/WLFxoNxT1NV7Nj0QT+QigK5ghr1VCXkN5N/pUAJUyC72fJPYk+5Ug0CbJkPb0XNsRVJpuz8k0R2g==", "dependencies": { "@types/jsonwebtoken": "^8.5.0", "@types/mongoose-autopopulate": "^0.10.1", @@ -849,6 +850,20 @@ } ] }, + "node_modules/image-size": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/image-size/-/image-size-1.0.0.tgz", + "integrity": "sha512-JLJ6OwBfO1KcA+TvJT+v8gbE6iWbj24LyDNFgFEN0lzegn6cC6a/p3NIDaepMsJjQjlUWqIC7wJv8lBFxPNjcw==", + "dependencies": { + "queue": "6.0.2" + }, + "bin": { + "image-size": "bin/image-size.js" + }, + "engines": { + "node": ">=12.0.0" + } + }, "node_modules/inherits": { "version": "2.0.3", "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.3.tgz", @@ -1329,6 +1344,14 @@ "node": ">=0.6" } }, + "node_modules/queue": { + "version": "6.0.2", + "resolved": "https://registry.npmjs.org/queue/-/queue-6.0.2.tgz", + "integrity": "sha512-iHZWu+q3IdFZFX36ro/lKBkSvfkztY5Y7HMiPlOUjhupPcG2JMfst2KKEpu5XndviX/3UhFbRngUPNKtgvtZiA==", + "dependencies": { + "inherits": "~2.0.3" + } + }, "node_modules/range-parser": { "version": "1.2.1", "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz", @@ -1658,9 +1681,9 @@ }, "dependencies": { "@fosscord/server-util": { - "version": "1.3.8", - "resolved": "https://registry.npmjs.org/@fosscord/server-util/-/server-util-1.3.8.tgz", - "integrity": "sha512-bqCoCcuXRCDvloWcmQDSGVEAeHTgme4idBquL93Q/AxVe0l8J2hv+qm6bJ9mtK+TYPJhUlzku4H+jnMbH9msGg==", + "version": "1.3.10", + "resolved": "https://registry.npmjs.org/@fosscord/server-util/-/server-util-1.3.10.tgz", + "integrity": "sha512-pu+XAoerl/WLFxoNxT1NV7Nj0QT+QigK5ghr1VCXkN5N/pUAJUyC72fJPYk+5Ug0CbJkPb0XNsRVJpuz8k0R2g==", "requires": { "@types/jsonwebtoken": "^8.5.0", "@types/mongoose-autopopulate": "^0.10.1", @@ -2353,6 +2376,14 @@ "resolved": "https://registry.npmjs.org/ieee754/-/ieee754-1.2.1.tgz", "integrity": "sha512-dcyqhDvX1C46lXZcVqCpK+FtMRQVdIMN6/Df5js2zouUsqG7I6sFxitIC+7KYK29KdXOLHdu9zL4sFnoVQnqaA==" }, + "image-size": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/image-size/-/image-size-1.0.0.tgz", + "integrity": "sha512-JLJ6OwBfO1KcA+TvJT+v8gbE6iWbj24LyDNFgFEN0lzegn6cC6a/p3NIDaepMsJjQjlUWqIC7wJv8lBFxPNjcw==", + "requires": { + "queue": "6.0.2" + } + }, "inherits": { "version": "2.0.3", "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.3.tgz", @@ -2733,6 +2764,14 @@ "resolved": "https://registry.npmjs.org/qs/-/qs-6.7.0.tgz", "integrity": "sha512-VCdBRNFTX1fyE7Nb6FYoURo/SPe62QCaAyzJvUjwRaIsc+NePBEniHlvxFmmX56+HZphIGtV0XeCirBtpDrTyQ==" }, + "queue": { + "version": "6.0.2", + "resolved": "https://registry.npmjs.org/queue/-/queue-6.0.2.tgz", + "integrity": "sha512-iHZWu+q3IdFZFX36ro/lKBkSvfkztY5Y7HMiPlOUjhupPcG2JMfst2KKEpu5XndviX/3UhFbRngUPNKtgvtZiA==", + "requires": { + "inherits": "~2.0.3" + } + }, "range-parser": { "version": "1.2.1", "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz", diff --git a/package.json b/package.json index da374117..a6ac35ce 100644 --- a/package.json +++ b/package.json @@ -20,7 +20,7 @@ }, "homepage": "https://github.com/discord-open-source/discord-cdn#readme", "dependencies": { - "@fosscord/server-util": "^1.3.8", + "@fosscord/server-util": "^1.3.10", "body-parser": "^1.19.0", "btoa": "^1.2.1", "cheerio": "^1.0.0-rc.5", @@ -28,6 +28,7 @@ "express": "^4.17.1", "express-async-errors": "^3.1.1", "file-type": "^16.5.0", + "image-size": "^1.0.0", "lambert-db": "^1.2.3", "lambert-server": "^1.2.1", "missing-native-js-functions": "^1.0.8", diff --git a/src/Server.ts b/src/Server.ts index 15868129..57dfa536 100644 --- a/src/Server.ts +++ b/src/Server.ts @@ -31,8 +31,8 @@ export class CDNServer extends Server { export const multer = multerConfig({ storage: multerConfig.memoryStorage(), limits: { - fields: 0, - files: 1, + fields: 10, + files: 10, fileSize: 1024 * 1024 * 100, // 100 mb }, }); diff --git a/src/routes/attachments.ts b/src/routes/attachments.ts index 3bbced31..e99b8d87 100644 --- a/src/routes/attachments.ts +++ b/src/routes/attachments.ts @@ -4,10 +4,14 @@ import { storage } from "../util/Storage"; import FileType from "file-type"; import { HTTPError } from "lambert-server"; import { multer } from "../Server"; +import imageSize from "image-size"; const router = Router(); router.post("/:channel_id", multer.single("file"), async (req, res) => { + if (req.headers.signature !== Config.get().security.requestSignature) + throw new HTTPError("Invalid request signature"); + const { buffer, mimetype, size, originalname, fieldname } = req.file; const { channel_id } = req.params; const filename = originalname.replaceAll(" ", "_").replace(/[^a-zA-Z0-9._]+/g, ""); @@ -17,6 +21,15 @@ router.post("/:channel_id", multer.single("file"), async (req, res) => { const endpoint = Config.get().cdn.endpoint || "http://localhost:3003"; await storage.set(path, buffer); + var width; + var height; + if (mimetype.includes("image")) { + const dimensions = imageSize(buffer); + if (dimensions) { + width = dimensions.width; + height = dimensions.height; + } + } const file = { id, @@ -24,6 +37,8 @@ router.post("/:channel_id", multer.single("file"), async (req, res) => { filename: filename, size, url: `${endpoint}/${path}`, + width, + height, }; return res.json(file); @@ -42,6 +57,9 @@ router.get("/:channel_id/:id/:filename", async (req, res) => { }); router.delete("/:channel_id/:id/:filename", async (req, res) => { + if (req.headers.signature !== Config.get().security.requestSignature) + throw new HTTPError("Invalid request signature"); + const { channel_id, id, filename } = req.params; const path = `attachments/${channel_id}/${id}/${filename}`; diff --git a/src/routes/avatars.ts b/src/routes/avatars.ts index c447db9f..973c45fc 100644 --- a/src/routes/avatars.ts +++ b/src/routes/avatars.ts @@ -4,6 +4,7 @@ import { storage } from "../util/Storage"; import FileType from "file-type"; import { HTTPError } from "lambert-server"; import { multer } from "../Server"; +import crypto from "crypto"; // TODO: check premium and animated pfp are allowed in the config // TODO: generate different sizes of avatar @@ -18,10 +19,13 @@ const ALLOWED_MIME_TYPES = [...ANIMATED_MIME_TYPES, ...STATIC_MIME_TYPES]; const router = Router(); router.post("/:user_id", multer.single("file"), async (req, res) => { + if (req.headers.signature !== Config.get().security.requestSignature) + throw new HTTPError("Invalid request signature"); + if (!req.file) throw new HTTPError("Missing file"); const { buffer, mimetype, size, originalname, fieldname } = req.file; const { user_id } = req.params; - const id = Snowflake.generate(); + const id = crypto.createHash("md5").update(Snowflake.generate()).digest("hex"); const type = await FileType.fromBuffer(buffer); if (!type || !ALLOWED_MIME_TYPES.includes(type.mime)) throw new HTTPError("Invalid file type"); @@ -39,7 +43,8 @@ router.post("/:user_id", multer.single("file"), async (req, res) => { }); router.get("/:user_id/:id", async (req, res) => { - const { user_id, id } = req.params; + var { user_id, id } = req.params; + id = id.split(".")[0]; const path = `avatars/${user_id}/${id}`; const file = await storage.get(path); @@ -52,6 +57,8 @@ router.get("/:user_id/:id", async (req, res) => { }); router.delete("/:user_id/:id", async (req, res) => { + if (req.headers.signature !== Config.get().security.requestSignature) + throw new HTTPError("Invalid request signature"); const { user_id, id } = req.params; const path = `avatars/${user_id}/${id}`; diff --git a/src/routes/external.ts b/src/routes/external.ts index 2f8de5d9..dcf56c8c 100644 --- a/src/routes/external.ts +++ b/src/routes/external.ts @@ -30,6 +30,8 @@ const DEFAULT_FETCH_OPTIONS: any = { }; router.post("/", bodyParser.json(), async (req, res) => { + if (req.headers.signature !== Config.get().security.requestSignature) + throw new HTTPError("Invalid request signature"); if (!req.body) throw new HTTPError("Invalid Body"); const { url } = req.body; if (!url || typeof url !== "string") throw new HTTPError("Invalid url"); -- cgit 1.4.1