✨ avatars + attachments

2021-05-30 01:44:46 +02:00 · 2021-05-30 01:44:46 +02:00 · e87bebc3a3
commit e87bebc3a3
parent 3b03266785
7 changed files with 35 additions and 6 deletions
--- a/.gitignore
+++ b/.gitignore
@ -2,4 +2,5 @@
 node_modules/
 .DS_Store
 .env
-dist/
+dist/
+files/
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@ -20,7 +20,7 @@
 	},
 	"homepage": "https://github.com/discord-open-source/discord-cdn#readme",
 	"dependencies": {
-		"@fosscord/server-util": "^1.3.8",
+		"@fosscord/server-util": "^1.3.10",
 		"body-parser": "^1.19.0",
 		"btoa": "^1.2.1",
 		"cheerio": "^1.0.0-rc.5",
@ -28,6 +28,7 @@
 		"express": "^4.17.1",
 		"express-async-errors": "^3.1.1",
 		"file-type": "^16.5.0",
+		"image-size": "^1.0.0",
 		"lambert-db": "^1.2.3",
 		"lambert-server": "^1.2.1",
 		"missing-native-js-functions": "^1.0.8",
--- a/src/Server.ts
+++ b/src/Server.ts
@ -31,8 +31,8 @@ export class CDNServer extends Server {
 export const multer = multerConfig({
 	storage: multerConfig.memoryStorage(),
 	limits: {
-		fields: 0,
-		files: 1,
+		fields: 10,
+		files: 10,
 		fileSize: 1024 * 1024 * 100, // 100 mb
 	},
 });
--- a/src/routes/attachments.ts
+++ b/src/routes/attachments.ts
@ -4,10 +4,14 @@ import { storage } from "../util/Storage";
 import FileType from "file-type";
 import { HTTPError } from "lambert-server";
 import { multer } from "../Server";
+import imageSize from "image-size";

 const router = Router();

 router.post("/:channel_id", multer.single("file"), async (req, res) => {
+	if (req.headers.signature !== Config.get().security.requestSignature)
+		throw new HTTPError("Invalid request signature");
+
 	const { buffer, mimetype, size, originalname, fieldname } = req.file;
 	const { channel_id } = req.params;
 	const filename = originalname.replaceAll(" ", "_").replace(/[^a-zA-Z0-9._]+/g, "");
@ -17,6 +21,15 @@ router.post("/:channel_id", multer.single("file"), async (req, res) => {
 	const endpoint = Config.get().cdn.endpoint || "http://localhost:3003";

 	await storage.set(path, buffer);
+	var width;
+	var height;
+	if (mimetype.includes("image")) {
+		const dimensions = imageSize(buffer);
+		if (dimensions) {
+			width = dimensions.width;
+			height = dimensions.height;
+		}
+	}

 	const file = {
 		id,
@ -24,6 +37,8 @@ router.post("/:channel_id", multer.single("file"), async (req, res) => {
 		filename: filename,
 		size,
 		url: `${endpoint}/${path}`,
+		width,
+		height,
 	};

 	return res.json(file);
@ -42,6 +57,9 @@ router.get("/:channel_id/:id/:filename", async (req, res) => {
 });

 router.delete("/:channel_id/:id/:filename", async (req, res) => {
+	if (req.headers.signature !== Config.get().security.requestSignature)
+		throw new HTTPError("Invalid request signature");
+
 	const { channel_id, id, filename } = req.params;
 	const path = `attachments/${channel_id}/${id}/${filename}`;

--- a/src/routes/avatars.ts
+++ b/src/routes/avatars.ts
@ -4,6 +4,7 @@ import { storage } from "../util/Storage";
 import FileType from "file-type";
 import { HTTPError } from "lambert-server";
 import { multer } from "../Server";
+import crypto from "crypto";

 // TODO: check premium and animated pfp are allowed in the config
 // TODO: generate different sizes of avatar
@ -18,10 +19,13 @@ const ALLOWED_MIME_TYPES = [...ANIMATED_MIME_TYPES, ...STATIC_MIME_TYPES];
 const router = Router();

 router.post("/:user_id", multer.single("file"), async (req, res) => {
+	if (req.headers.signature !== Config.get().security.requestSignature)
+		throw new HTTPError("Invalid request signature");
+	if (!req.file) throw new HTTPError("Missing file");
 	const { buffer, mimetype, size, originalname, fieldname } = req.file;
 	const { user_id } = req.params;

-	const id = Snowflake.generate();
+	const id = crypto.createHash("md5").update(Snowflake.generate()).digest("hex");

 	const type = await FileType.fromBuffer(buffer);
 	if (!type || !ALLOWED_MIME_TYPES.includes(type.mime)) throw new HTTPError("Invalid file type");
@ -39,7 +43,8 @@ router.post("/:user_id", multer.single("file"), async (req, res) => {
 });

 router.get("/:user_id/:id", async (req, res) => {
-	const { user_id, id } = req.params;
+	var { user_id, id } = req.params;
+	id = id.split(".")[0];
 	const path = `avatars/${user_id}/${id}`;

 	const file = await storage.get(path);
@ -52,6 +57,8 @@ router.get("/:user_id/:id", async (req, res) => {
 });

 router.delete("/:user_id/:id", async (req, res) => {
+	if (req.headers.signature !== Config.get().security.requestSignature)
+		throw new HTTPError("Invalid request signature");
 	const { user_id, id } = req.params;
 	const path = `avatars/${user_id}/${id}`;

--- a/src/routes/external.ts
+++ b/src/routes/external.ts
@ -30,6 +30,8 @@ const DEFAULT_FETCH_OPTIONS: any = {
 };

 router.post("/", bodyParser.json(), async (req, res) => {
+	if (req.headers.signature !== Config.get().security.requestSignature)
+		throw new HTTPError("Invalid request signature");
 	if (!req.body) throw new HTTPError("Invalid Body");
 	const { url } = req.body;
 	if (!url || typeof url !== "string") throw new HTTPError("Invalid url");