Improve file upload validation (#2952)

vivid-planet · Dec 19, 2024 · 8dd4d3b · 8dd4d3b
1 parent 30c217f
commit 8dd4d3b
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 24 deletions.
diff --git a/packages/api/cms-api/src/dam/files/dam-upload-file.interceptor.ts b/packages/api/cms-api/src/dam/files/dam-upload-file.interceptor.ts
@@ -35,20 +35,20 @@ export function DamUploadFileInterceptor(fieldName: string): Type<NestIntercepto
                     filename: function (req, file, cb) {
                         // otherwise special characters aren't decoded properly (https://github.com/expressjs/multer/issues/836#issuecomment-1264338996)
                         file.originalname = Buffer.from(file.originalname, "latin1").toString("utf8");
-                        cb(null, `${uuid()}-${file.originalname}`);
+                        cb(null, uuid());
                     },
                 }),
                 limits: {
                     fileSize: this.fileValidationService.config.maxFileSize * 1024 * 1024,
                 },
                 fileFilter: (req, file, cb) => {
-                    this.fileValidationService.validateFileMetadata(file).then((result) => {
-                        if (result === undefined) {
-                            return cb(null, true);
-                        } else {
-                            return cb(new CometValidationException(result), false);
-                        }
-                    });
+                    const errorMessage = this.fileValidationService.validateFileMetadata(file);
+
+                    if (errorMessage === undefined) {
+                        cb(null, true);
+                    } else {
+                        cb(new CometValidationException(errorMessage), false);
+                    }
                 },
             };
 

diff --git a/packages/api/cms-api/src/dam/files/file-validation.service.ts b/packages/api/cms-api/src/dam/files/file-validation.service.ts
@@ -7,7 +7,7 @@ export class FileValidationService {
     constructor(public config: { maxFileSize: number; acceptedMimeTypes: string[] }) {}
 
     async validateFile(file: FileUploadInput): Promise<undefined | string> {
-        let error = await this.validateFileMetadata(file);
+        let error = this.validateFileMetadata(file);
 
         if (error === undefined) {
             error = await this.validateFileContents(file);
@@ -16,12 +16,7 @@ export class FileValidationService {
         return error;
     }
 
-    async validateFileMetadata(file: FileUploadInput): Promise<undefined | string> {
-        //maximum file size
-        if (file.size > this.config.maxFileSize * 1024 * 1024) {
-            return "File is too large";
-        }
-
+    validateFileMetadata(file: Pick<FileUploadInput, "fieldname" | "originalname" | "encoding" | "mimetype">): undefined | string {
         //mime type in an accepted mime type
         if (!this.config.acceptedMimeTypes.includes(file.mimetype)) {
             return "Unsupported mime type";
@@ -30,7 +25,7 @@ export class FileValidationService {
         //extension matched mime type
         const extension = file.originalname.split(".").pop()?.toLowerCase();
         if (extension === undefined) {
-            return `Invalid file name: Missing file extension`;
+            return "Invalid file name: Missing file extension";
         }
 
         const supportedExtensions = getValidExtensionsForMimetype(file.mimetype);

diff --git a/packages/api/cms-api/src/file-uploads/file-uploads-file.interceptor.ts b/packages/api/cms-api/src/file-uploads/file-uploads-file.interceptor.ts
@@ -35,20 +35,20 @@ export function FileUploadsFileInterceptor(fieldName: string): Type<NestIntercep
                     filename: function (req, file, cb) {
                         // otherwise special characters aren't decoded properly (https://github.com/expressjs/multer/issues/836#issuecomment-1264338996)
                         file.originalname = Buffer.from(file.originalname, "latin1").toString("utf8");
-                        cb(null, `${uuid()}-${file.originalname}`);
+                        cb(null, uuid());
                     },
                 }),
                 limits: {
                     fileSize: fileValidationService.config.maxFileSize * 1024 * 1024,
                 },
                 fileFilter: (req, file, cb) => {
-                    this.fileValidationService.validateFileMetadata(file).then((result) => {
-                        if (result === undefined) {
-                            return cb(null, true);
-                        } else {
-                            return cb(new CometValidationException(result), false);
-                        }
-                    });
+                    const errorMessage = this.fileValidationService.validateFileMetadata(file);
+
+                    if (errorMessage === undefined) {
+                        cb(null, true);
+                    } else {
+                        cb(new CometValidationException(errorMessage), false);
+                    }
                 },
             };