file type validation

2022-03-25 14:07:48 +02:00 · 2022-03-25 14:07:48 +02:00 · 1315e80566
commit 1315e80566
parent cf3cfc380a
2 changed files with 4 additions and 2 deletions
--- a/server/src/client/ServerClient.js
+++ b/server/src/client/ServerClient.js
@ -78,6 +78,7 @@ class Client extends EventEmitter {
                if (['corgi.wtf', 'localhost'].some((x) => origin.includes(x))) {
                    return cb(null, true);
                }
+                this.logger.warn(`Unauthorised origin: ${origin}`);
                return cb('Unauthorised origin', false);
            }
        }));
--- a/server/src/client/endpoints/api/Upload.js
+++ b/server/src/client/endpoints/api/Upload.js
@ -26,10 +26,11 @@ class Login extends APIEndpoint {
    async upload(req, res) {

        const { body: { name }, files: { file } } = req;
-        if (!file) res.status(400).end();
+        if (!file) return res.status(400).end();
        
+        if (!file.mimetype !== 'video/mp4' || !file.name.endsWith('.mp4')) return res.status(400).send('Invalid type');
+
        this.logger.info(`${req.user.username}#${req.user.discriminator} is uploading ${name}`);
-        
        try {
            await this.client.clipIndex.add(file, name, req.user);
            res.status(200).end();