diff options
| author | David Mehren | 2020-12-27 15:52:26 +0100 |
|---|---|---|
| committer | David Mehren | 2020-12-27 19:51:14 +0100 |
| commit | 6932cc4df7e0c2826e47b2d9ca2f0031f75b1b58 (patch) | |
| tree | 50eea3b294f40287a8eded1938593d0a2c4f206a /lib/web/imageRouter/index.js | |
| parent | cf4344d9e031d2e0bf70b8d8f75ab27ecf8d29ad (diff) | |
Always save uploads to a tmpdir first and cleanup afterwards
This makes sure no unintended files are permanently saved.
Co-authored-by: Yannick Bungers <git@innay.de>
Signed-off-by: David Mehren <git@herrmehren.de>
Diffstat (limited to 'lib/web/imageRouter/index.js')
| -rw-r--r-- | lib/web/imageRouter/index.js | 22 |
1 files changed, 14 insertions, 8 deletions
diff --git a/lib/web/imageRouter/index.js b/lib/web/imageRouter/index.js index 5861a2bc..afa9bbf6 100644 --- a/lib/web/imageRouter/index.js +++ b/lib/web/imageRouter/index.js @@ -4,6 +4,9 @@ const Router = require('express').Router const formidable = require('formidable') const path = require('path') const FileType = require('file-type') +const fs = require('fs') +const os = require('os') +const rimraf = require('rimraf') const config = require('../../config') const logger = require('../../logger') @@ -30,25 +33,27 @@ async function checkUploadType (filePath) { // upload image imageRouter.post('/uploadimage', function (req, res) { - var form = new formidable.IncomingForm() + if (!req.isAuthenticated() && !config.allowAnonymous && !config.allowAnonymousEdits) { + logger.error(`Image upload error: Anonymous edits and therefore uploads are not allowed)`) + return errors.errorForbidden(res) + } + var form = new formidable.IncomingForm() form.keepExtensions = true - - if (config.imageUploadType === 'filesystem') { - form.uploadDir = config.uploadsPath - } + const tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'hedgedoc-')) + form.uploadDir = tmpDir form.parse(req, async function (err, fields, files) { if (err) { logger.error(`Image upload error: formidable error: ${err}`) - return errors.errorForbidden(res) - } else if (!req.isAuthenticated() && !config.allowAnonymous && !config.allowAnonymousEdits) { - logger.error(`Image upload error: Anonymous edits and therefore uploads are not allowed)`) + rimraf(tmpDir) return errors.errorForbidden(res) } else if (!files.image || !files.image.path) { logger.error(`Image upload error: Upload didn't contain file)`) + rimraf.sync(tmpDir) return errors.errorBadRequest(res) } else if (!await checkUploadType(files.image.path)) { + rimraf.sync(tmpDir) return errors.errorBadRequest(res) } else { logger.debug(`SERVER received uploadimage: ${JSON.stringify(files.image)}`) @@ -56,6 +61,7 @@ imageRouter.post('/uploadimage', function (req, res) { const uploadProvider = require('./' + config.imageUploadType) logger.debug(`imageRouter: Uploading ${files.image.path} using ${config.imageUploadType}`) uploadProvider.uploadImage(files.image.path, function (err, url) { + rimraf.sync(tmpDir) if (err !== null) { logger.error(err) return res.status(500).end('upload image error') |