Navy.gif/homepage
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

file type validation

Browse Source
This commit is contained in:
Erik 2022-03-25 14:07:48 +02:00
parent cf3cfc380a
commit 1315e80566
No known key found for this signature in database
GPG Key ID: FEFF4B220DDF5589
2 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
server/src/client/ServerClient.js
View File

@ -78,6 +78,7 @@ class Client extends EventEmitter {
if (['corgi.wtf', 'localhost'].some((x) => origin.includes(x))) { if (['corgi.wtf', 'localhost'].some((x) => origin.includes(x))) {
return cb(null, true); return cb(null, true);
} }
this.logger.warn(`Unauthorised origin: ${origin}`);
return cb('Unauthorised origin', false); return cb('Unauthorised origin', false);
} }
})); }));

5
server/src/client/endpoints/api/Upload.js
View File

@ -26,10 +26,11 @@ class Login extends APIEndpoint {
async upload(req, res) { async upload(req, res) {
const { body: { name }, files: { file } } = req; const { body: { name }, files: { file } } = req;
if (!file) res.status(400).end(); if (!file) return res.status(400).end();
if (!file.mimetype !== 'video/mp4' || !file.name.endsWith('.mp4')) return res.status(400).send('Invalid type');
this.logger.info(`${req.user.username}#${req.user.discriminator} is uploading ${name}`); this.logger.info(`${req.user.username}#${req.user.discriminator} is uploading ${name}`);
try { try {
await this.client.clipIndex.add(file, name, req.user); await this.client.clipIndex.add(file, name, req.user);
res.status(200).end(); res.status(200).end();