diff --git a/.gitignore b/.gitignore
index 7d04eaee..f2e69ff6 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,4 +2,5 @@
node_modules/
.DS_Store
.env
-dist/
\ No newline at end of file
+dist/
+files/
\ No newline at end of file
diff --git a/package-lock.json b/package-lock.json
index c51b11e5..fe21ab20 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -9,7 +9,7 @@
"version": "1.0.0",
"license": "ISC",
"dependencies": {
- "@fosscord/server-util": "^1.3.8",
+ "@fosscord/server-util": "^1.3.10",
"body-parser": "^1.19.0",
"btoa": "^1.2.1",
"cheerio": "^1.0.0-rc.5",
@@ -17,6 +17,7 @@
"express": "^4.17.1",
"express-async-errors": "^3.1.1",
"file-type": "^16.5.0",
+ "image-size": "^1.0.0",
"lambert-db": "^1.2.3",
"lambert-server": "^1.2.1",
"missing-native-js-functions": "^1.0.8",
@@ -35,9 +36,9 @@
}
},
"node_modules/@fosscord/server-util": {
- "version": "1.3.8",
- "resolved": "https://registry.npmjs.org/@fosscord/server-util/-/server-util-1.3.8.tgz",
- "integrity": "sha512-bqCoCcuXRCDvloWcmQDSGVEAeHTgme4idBquL93Q/AxVe0l8J2hv+qm6bJ9mtK+TYPJhUlzku4H+jnMbH9msGg==",
+ "version": "1.3.10",
+ "resolved": "https://registry.npmjs.org/@fosscord/server-util/-/server-util-1.3.10.tgz",
+ "integrity": "sha512-pu+XAoerl/WLFxoNxT1NV7Nj0QT+QigK5ghr1VCXkN5N/pUAJUyC72fJPYk+5Ug0CbJkPb0XNsRVJpuz8k0R2g==",
"dependencies": {
"@types/jsonwebtoken": "^8.5.0",
"@types/mongoose-autopopulate": "^0.10.1",
@@ -849,6 +850,20 @@
}
]
},
+ "node_modules/image-size": {
+ "version": "1.0.0",
+ "resolved": "https://registry.npmjs.org/image-size/-/image-size-1.0.0.tgz",
+ "integrity": "sha512-JLJ6OwBfO1KcA+TvJT+v8gbE6iWbj24LyDNFgFEN0lzegn6cC6a/p3NIDaepMsJjQjlUWqIC7wJv8lBFxPNjcw==",
+ "dependencies": {
+ "queue": "6.0.2"
+ },
+ "bin": {
+ "image-size": "bin/image-size.js"
+ },
+ "engines": {
+ "node": ">=12.0.0"
+ }
+ },
"node_modules/inherits": {
"version": "2.0.3",
"resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.3.tgz",
@@ -1329,6 +1344,14 @@
"node": ">=0.6"
}
},
+ "node_modules/queue": {
+ "version": "6.0.2",
+ "resolved": "https://registry.npmjs.org/queue/-/queue-6.0.2.tgz",
+ "integrity": "sha512-iHZWu+q3IdFZFX36ro/lKBkSvfkztY5Y7HMiPlOUjhupPcG2JMfst2KKEpu5XndviX/3UhFbRngUPNKtgvtZiA==",
+ "dependencies": {
+ "inherits": "~2.0.3"
+ }
+ },
"node_modules/range-parser": {
"version": "1.2.1",
"resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz",
@@ -1658,9 +1681,9 @@
},
"dependencies": {
"@fosscord/server-util": {
- "version": "1.3.8",
- "resolved": "https://registry.npmjs.org/@fosscord/server-util/-/server-util-1.3.8.tgz",
- "integrity": "sha512-bqCoCcuXRCDvloWcmQDSGVEAeHTgme4idBquL93Q/AxVe0l8J2hv+qm6bJ9mtK+TYPJhUlzku4H+jnMbH9msGg==",
+ "version": "1.3.10",
+ "resolved": "https://registry.npmjs.org/@fosscord/server-util/-/server-util-1.3.10.tgz",
+ "integrity": "sha512-pu+XAoerl/WLFxoNxT1NV7Nj0QT+QigK5ghr1VCXkN5N/pUAJUyC72fJPYk+5Ug0CbJkPb0XNsRVJpuz8k0R2g==",
"requires": {
"@types/jsonwebtoken": "^8.5.0",
"@types/mongoose-autopopulate": "^0.10.1",
@@ -2353,6 +2376,14 @@
"resolved": "https://registry.npmjs.org/ieee754/-/ieee754-1.2.1.tgz",
"integrity": "sha512-dcyqhDvX1C46lXZcVqCpK+FtMRQVdIMN6/Df5js2zouUsqG7I6sFxitIC+7KYK29KdXOLHdu9zL4sFnoVQnqaA=="
},
+ "image-size": {
+ "version": "1.0.0",
+ "resolved": "https://registry.npmjs.org/image-size/-/image-size-1.0.0.tgz",
+ "integrity": "sha512-JLJ6OwBfO1KcA+TvJT+v8gbE6iWbj24LyDNFgFEN0lzegn6cC6a/p3NIDaepMsJjQjlUWqIC7wJv8lBFxPNjcw==",
+ "requires": {
+ "queue": "6.0.2"
+ }
+ },
"inherits": {
"version": "2.0.3",
"resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.3.tgz",
@@ -2733,6 +2764,14 @@
"resolved": "https://registry.npmjs.org/qs/-/qs-6.7.0.tgz",
"integrity": "sha512-VCdBRNFTX1fyE7Nb6FYoURo/SPe62QCaAyzJvUjwRaIsc+NePBEniHlvxFmmX56+HZphIGtV0XeCirBtpDrTyQ=="
},
+ "queue": {
+ "version": "6.0.2",
+ "resolved": "https://registry.npmjs.org/queue/-/queue-6.0.2.tgz",
+ "integrity": "sha512-iHZWu+q3IdFZFX36ro/lKBkSvfkztY5Y7HMiPlOUjhupPcG2JMfst2KKEpu5XndviX/3UhFbRngUPNKtgvtZiA==",
+ "requires": {
+ "inherits": "~2.0.3"
+ }
+ },
"range-parser": {
"version": "1.2.1",
"resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz",
diff --git a/package.json b/package.json
index da374117..a6ac35ce 100644
--- a/package.json
+++ b/package.json
@@ -20,7 +20,7 @@
},
"homepage": "https://github.com/discord-open-source/discord-cdn#readme",
"dependencies": {
- "@fosscord/server-util": "^1.3.8",
+ "@fosscord/server-util": "^1.3.10",
"body-parser": "^1.19.0",
"btoa": "^1.2.1",
"cheerio": "^1.0.0-rc.5",
@@ -28,6 +28,7 @@
"express": "^4.17.1",
"express-async-errors": "^3.1.1",
"file-type": "^16.5.0",
+ "image-size": "^1.0.0",
"lambert-db": "^1.2.3",
"lambert-server": "^1.2.1",
"missing-native-js-functions": "^1.0.8",
diff --git a/src/Server.ts b/src/Server.ts
index 15868129..57dfa536 100644
--- a/src/Server.ts
+++ b/src/Server.ts
@@ -31,8 +31,8 @@ export class CDNServer extends Server {
export const multer = multerConfig({
storage: multerConfig.memoryStorage(),
limits: {
- fields: 0,
- files: 1,
+ fields: 10,
+ files: 10,
fileSize: 1024 * 1024 * 100, // 100 mb
},
});
diff --git a/src/routes/attachments.ts b/src/routes/attachments.ts
index 3bbced31..e99b8d87 100644
--- a/src/routes/attachments.ts
+++ b/src/routes/attachments.ts
@@ -4,10 +4,14 @@ import { storage } from "../util/Storage";
import FileType from "file-type";
import { HTTPError } from "lambert-server";
import { multer } from "../Server";
+import imageSize from "image-size";
const router = Router();
router.post("/:channel_id", multer.single("file"), async (req, res) => {
+ if (req.headers.signature !== Config.get().security.requestSignature)
+ throw new HTTPError("Invalid request signature");
+
const { buffer, mimetype, size, originalname, fieldname } = req.file;
const { channel_id } = req.params;
const filename = originalname.replaceAll(" ", "_").replace(/[^a-zA-Z0-9._]+/g, "");
@@ -17,6 +21,15 @@ router.post("/:channel_id", multer.single("file"), async (req, res) => {
const endpoint = Config.get().cdn.endpoint || "http://localhost:3003";
await storage.set(path, buffer);
+ var width;
+ var height;
+ if (mimetype.includes("image")) {
+ const dimensions = imageSize(buffer);
+ if (dimensions) {
+ width = dimensions.width;
+ height = dimensions.height;
+ }
+ }
const file = {
id,
@@ -24,6 +37,8 @@ router.post("/:channel_id", multer.single("file"), async (req, res) => {
filename: filename,
size,
url: `${endpoint}/${path}`,
+ width,
+ height,
};
return res.json(file);
@@ -42,6 +57,9 @@ router.get("/:channel_id/:id/:filename", async (req, res) => {
});
router.delete("/:channel_id/:id/:filename", async (req, res) => {
+ if (req.headers.signature !== Config.get().security.requestSignature)
+ throw new HTTPError("Invalid request signature");
+
const { channel_id, id, filename } = req.params;
const path = `attachments/${channel_id}/${id}/${filename}`;
diff --git a/src/routes/avatars.ts b/src/routes/avatars.ts
index c447db9f..973c45fc 100644
--- a/src/routes/avatars.ts
+++ b/src/routes/avatars.ts
@@ -4,6 +4,7 @@ import { storage } from "../util/Storage";
import FileType from "file-type";
import { HTTPError } from "lambert-server";
import { multer } from "../Server";
+import crypto from "crypto";
// TODO: check premium and animated pfp are allowed in the config
// TODO: generate different sizes of avatar
@@ -18,10 +19,13 @@ const ALLOWED_MIME_TYPES = [...ANIMATED_MIME_TYPES, ...STATIC_MIME_TYPES];
const router = Router();
router.post("/:user_id", multer.single("file"), async (req, res) => {
+ if (req.headers.signature !== Config.get().security.requestSignature)
+ throw new HTTPError("Invalid request signature");
+ if (!req.file) throw new HTTPError("Missing file");
const { buffer, mimetype, size, originalname, fieldname } = req.file;
const { user_id } = req.params;
- const id = Snowflake.generate();
+ const id = crypto.createHash("md5").update(Snowflake.generate()).digest("hex");
const type = await FileType.fromBuffer(buffer);
if (!type || !ALLOWED_MIME_TYPES.includes(type.mime)) throw new HTTPError("Invalid file type");
@@ -39,7 +43,8 @@ router.post("/:user_id", multer.single("file"), async (req, res) => {
});
router.get("/:user_id/:id", async (req, res) => {
- const { user_id, id } = req.params;
+ var { user_id, id } = req.params;
+ id = id.split(".")[0];
const path = `avatars/${user_id}/${id}`;
const file = await storage.get(path);
@@ -52,6 +57,8 @@ router.get("/:user_id/:id", async (req, res) => {
});
router.delete("/:user_id/:id", async (req, res) => {
+ if (req.headers.signature !== Config.get().security.requestSignature)
+ throw new HTTPError("Invalid request signature");
const { user_id, id } = req.params;
const path = `avatars/${user_id}/${id}`;
diff --git a/src/routes/external.ts b/src/routes/external.ts
index 2f8de5d9..dcf56c8c 100644
--- a/src/routes/external.ts
+++ b/src/routes/external.ts
@@ -30,6 +30,8 @@ const DEFAULT_FETCH_OPTIONS: any = {
};
router.post("/", bodyParser.json(), async (req, res) => {
+ if (req.headers.signature !== Config.get().security.requestSignature)
+ throw new HTTPError("Invalid request signature");
if (!req.body) throw new HTTPError("Invalid Body");
const { url } = req.body;
if (!url || typeof url !== "string") throw new HTTPError("Invalid url");
|
