blob: afa9bbf6066379e8bae9af65a9d8730b77529cb2 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
|
'use strict'
const Router = require('express').Router
const formidable = require('formidable')
const path = require('path')
const FileType = require('file-type')
const fs = require('fs')
const os = require('os')
const rimraf = require('rimraf')
const config = require('../../config')
const logger = require('../../logger')
const errors = require('../../errors')
const imageRouter = module.exports = Router()
async function checkUploadType (filePath) {
const typeFromMagic = await FileType.fromFile(filePath)
if (typeFromMagic === undefined) {
logger.error(`Image upload error: Could not determine MIME-type`)
return false
}
if (path.extname(filePath) !== '.' + typeFromMagic.ext) {
logger.error(`Image upload error: Provided file extension does not match MIME-type`)
return false
}
if (!config.allowedUploadMimeTypes.includes(typeFromMagic.mime)) {
logger.error(`Image upload error: MIME-type "${typeFromMagic.mime}" of uploaded file not allowed, only "${config.allowedUploadMimeTypes.join(', ')}" are allowed`)
return false
}
return true
}
// upload image
imageRouter.post('/uploadimage', function (req, res) {
if (!req.isAuthenticated() && !config.allowAnonymous && !config.allowAnonymousEdits) {
logger.error(`Image upload error: Anonymous edits and therefore uploads are not allowed)`)
return errors.errorForbidden(res)
}
var form = new formidable.IncomingForm()
form.keepExtensions = true
const tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'hedgedoc-'))
form.uploadDir = tmpDir
form.parse(req, async function (err, fields, files) {
if (err) {
logger.error(`Image upload error: formidable error: ${err}`)
rimraf(tmpDir)
return errors.errorForbidden(res)
} else if (!files.image || !files.image.path) {
logger.error(`Image upload error: Upload didn't contain file)`)
rimraf.sync(tmpDir)
return errors.errorBadRequest(res)
} else if (!await checkUploadType(files.image.path)) {
rimraf.sync(tmpDir)
return errors.errorBadRequest(res)
} else {
logger.debug(`SERVER received uploadimage: ${JSON.stringify(files.image)}`)
const uploadProvider = require('./' + config.imageUploadType)
logger.debug(`imageRouter: Uploading ${files.image.path} using ${config.imageUploadType}`)
uploadProvider.uploadImage(files.image.path, function (err, url) {
rimraf.sync(tmpDir)
if (err !== null) {
logger.error(err)
return res.status(500).end('upload image error')
}
logger.debug(`SERVER sending ${url} to client`)
res.send({
link: url
})
})
}
})
})
|
