summary refs log tree commit diff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/Server.ts4
-rw-r--r--src/routes/attachments.ts18
-rw-r--r--src/routes/avatars.ts11
-rw-r--r--src/routes/external.ts2
4 files changed, 31 insertions, 4 deletions
diff --git a/src/Server.ts b/src/Server.ts

index 15868129..57dfa536 100644
--- a/src/Server.ts
+++ b/src/Server.ts
@@ -31,8 +31,8 @@ export class CDNServer extends Server {
 export const multer = multerConfig({
 	storage: multerConfig.memoryStorage(),
 	limits: {
-		fields: 0,
-		files: 1,
+		fields: 10,
+		files: 10,
 		fileSize: 1024 * 1024 * 100, // 100 mb
 	},
 });
diff --git a/src/routes/attachments.ts b/src/routes/attachments.ts

index 3bbced31..e99b8d87 100644
--- a/src/routes/attachments.ts
+++ b/src/routes/attachments.ts
@@ -4,10 +4,14 @@ import { storage } from "../util/Storage";
 import FileType from "file-type";
 import { HTTPError } from "lambert-server";
 import { multer } from "../Server";
+import imageSize from "image-size";
 
 const router = Router();
 
 router.post("/:channel_id", multer.single("file"), async (req, res) => {
+	if (req.headers.signature !== Config.get().security.requestSignature)
+		throw new HTTPError("Invalid request signature");
+
 	const { buffer, mimetype, size, originalname, fieldname } = req.file;
 	const { channel_id } = req.params;
 	const filename = originalname.replaceAll(" ", "_").replace(/[^a-zA-Z0-9._]+/g, "");
@@ -17,6 +21,15 @@ router.post("/:channel_id", multer.single("file"), async (req, res) => {
 	const endpoint = Config.get().cdn.endpoint || "http://localhost:3003";
 
 	await storage.set(path, buffer);
+	var width;
+	var height;
+	if (mimetype.includes("image")) {
+		const dimensions = imageSize(buffer);
+		if (dimensions) {
+			width = dimensions.width;
+			height = dimensions.height;
+		}
+	}
 
 	const file = {
 		id,
@@ -24,6 +37,8 @@ router.post("/:channel_id", multer.single("file"), async (req, res) => {
 		filename: filename,
 		size,
 		url: `${endpoint}/${path}`,
+		width,
+		height,
 	};
 
 	return res.json(file);
@@ -42,6 +57,9 @@ router.get("/:channel_id/:id/:filename", async (req, res) => {
 });
 
 router.delete("/:channel_id/:id/:filename", async (req, res) => {
+	if (req.headers.signature !== Config.get().security.requestSignature)
+		throw new HTTPError("Invalid request signature");
+
 	const { channel_id, id, filename } = req.params;
 	const path = `attachments/${channel_id}/${id}/${filename}`;
 
diff --git a/src/routes/avatars.ts b/src/routes/avatars.ts

index c447db9f..973c45fc 100644
--- a/src/routes/avatars.ts
+++ b/src/routes/avatars.ts
@@ -4,6 +4,7 @@ import { storage } from "../util/Storage";
 import FileType from "file-type";
 import { HTTPError } from "lambert-server";
 import { multer } from "../Server";
+import crypto from "crypto";
 
 // TODO: check premium and animated pfp are allowed in the config
 // TODO: generate different sizes of avatar
@@ -18,10 +19,13 @@ const ALLOWED_MIME_TYPES = [...ANIMATED_MIME_TYPES, ...STATIC_MIME_TYPES];
 const router = Router();
 
 router.post("/:user_id", multer.single("file"), async (req, res) => {
+	if (req.headers.signature !== Config.get().security.requestSignature)
+		throw new HTTPError("Invalid request signature");
+	if (!req.file) throw new HTTPError("Missing file");
 	const { buffer, mimetype, size, originalname, fieldname } = req.file;
 	const { user_id } = req.params;
 
-	const id = Snowflake.generate();
+	const id = crypto.createHash("md5").update(Snowflake.generate()).digest("hex");
 
 	const type = await FileType.fromBuffer(buffer);
 	if (!type || !ALLOWED_MIME_TYPES.includes(type.mime)) throw new HTTPError("Invalid file type");
@@ -39,7 +43,8 @@ router.post("/:user_id", multer.single("file"), async (req, res) => {
 });
 
 router.get("/:user_id/:id", async (req, res) => {
-	const { user_id, id } = req.params;
+	var { user_id, id } = req.params;
+	id = id.split(".")[0];
 	const path = `avatars/${user_id}/${id}`;
 
 	const file = await storage.get(path);
@@ -52,6 +57,8 @@ router.get("/:user_id/:id", async (req, res) => {
 });
 
 router.delete("/:user_id/:id", async (req, res) => {
+	if (req.headers.signature !== Config.get().security.requestSignature)
+		throw new HTTPError("Invalid request signature");
 	const { user_id, id } = req.params;
 	const path = `avatars/${user_id}/${id}`;
 
diff --git a/src/routes/external.ts b/src/routes/external.ts

index 2f8de5d9..dcf56c8c 100644
--- a/src/routes/external.ts
+++ b/src/routes/external.ts
@@ -30,6 +30,8 @@ const DEFAULT_FETCH_OPTIONS: any = {
 };
 
 router.post("/", bodyParser.json(), async (req, res) => {
+	if (req.headers.signature !== Config.get().security.requestSignature)
+		throw new HTTPError("Invalid request signature");
 	if (!req.body) throw new HTTPError("Invalid Body");
 	const { url } = req.body;
 	if (!url || typeof url !== "string") throw new HTTPError("Invalid url");
generated by cgit-magenta 1.5.1 (git 2.48.1) at 2025-07-13 19:31:48 +0000