RSCord/ServerSpacebarOld
Archived
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
This repository has been archived on 2026-02-28. You can view files and clone it, but cannot push or open issues or pull requests.
ServerSpacebarOld/src/cdn/routes/attachments.ts
Rory& b87d28c2c9 Clean up unused imports
2025-09-30 05:13:29 +02:00

226 lines
7.3 KiB
TypeScript
Raw Blame History

/*
Spacebar: A FOSS re-implementation and extension of the Discord.com backend.
Copyright (C) 2025 Spacebar and Spacebar Contributors
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published
by the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
import { Config, hasValidSignature, NewUrlUserSignatureData, Snowflake, UrlSignResult } from "@spacebar/util";
import { Request, Response, Router } from "express";
import imageSize from "image-size";
import { HTTPError } from "lambert-server";
import { multer } from "../util/multer";
import { storage } from "../util/Storage";
import { CloudAttachment } from "../../util/entities/CloudAttachment";
import { fileTypeFromBuffer } from "file-type";
const router = Router();
const SANITIZED_CONTENT_TYPE = ["text/html", "text/mhtml", "multipart/related", "application/xhtml+xml"];
router.post("/:channel_id", multer.single("file"), async (req: Request, res: Response) => {
if (req.headers.signature !== Config.get().security.requestSignature) throw new HTTPError("Invalid request signature");
if (!req.file) throw new HTTPError("file missing");
const { buffer, mimetype, size, originalname } = req.file;
const { channel_id } = req.params;
const filename = originalname.replaceAll(" ", "_").replace(/[^a-zA-Z0-9._]+/g, "");
const id = Snowflake.generate();
const path = `attachments/${channel_id}/${id}/${filename}`;
const endpoint = Config.get()?.cdn.endpointPublic || "http://localhost:3001";
await storage.set(path, buffer);
let width;
let height;
if (mimetype.includes("image")) {
const dimensions = imageSize(buffer);
if (dimensions) {
width = dimensions.width;
height = dimensions.height;
}
}
const finalUrl = `${endpoint}/${path}`;
const file = {
id,
content_type: mimetype,
filename: filename,
size,
url: finalUrl,
path,
width,
height,
};
return res.json(file);
});
router.get("/:channel_id/:id/:filename", async (req: Request, res: Response) => {
const { channel_id, id, filename } = req.params;
// const { format } = req.query;
const path = `attachments/${channel_id}/${id}/${filename}`;
const fullUrl = (req.headers["x-forwarded-proto"] ?? req.protocol) + "://" + (req.headers["x-forwarded-host"] ?? req.hostname) + req.originalUrl;
if (
Config.get().security.cdnSignUrls &&
!hasValidSignature(
new NewUrlUserSignatureData({
ip: req.ip,
userAgent: req.headers["user-agent"] as string,
}),
UrlSignResult.fromUrl(fullUrl),
)
) {
return res.status(404).send("This content is no longer available.");
}
const file = await storage.get(path);
if (!file) throw new HTTPError("File not found");
const type = await fileTypeFromBuffer(file);
let content_type = type?.mime || "application/octet-stream";
if (SANITIZED_CONTENT_TYPE.includes(content_type)) {
content_type = "application/octet-stream";
}
res.set("Content-Type", content_type);
res.set("Cache-Control", "public, max-age=31536000");
return res.send(file);
});
router.delete("/:channel_id/:id/:filename", async (req: Request, res: Response) => {
if (req.headers.signature !== Config.get().security.requestSignature) throw new HTTPError("Invalid request signature");
const { channel_id, id, filename } = req.params;
const path = `attachments/${channel_id}/${id}/${filename}`;
await storage.delete(path);
return res.send({ success: true });
});
// "cloud attachments"
router.put("/:channel_id/:batch_id/:attachment_id/:filename", multer.single("file"), async (req: Request, res: Response) => {
const { channel_id, batch_id, attachment_id, filename } = req.params;
const att = await CloudAttachment.findOneOrFail({
where: {
uploadFilename: `${channel_id}/${batch_id}/${attachment_id}/${filename}`,
channelId: channel_id,
userAttachmentId: attachment_id,
userFilename: filename,
},
});
const maxLength = Config.get().cdn.maxAttachmentSize;
console.log("[Cloud Upload] Uploading attachment", att.id, att.userFilename, `Max size: ${maxLength} bytes`);
const chunks: Buffer[] = [];
let length = 0;
req.on("data", (chunk) => {
console.log(`[Cloud Upload] Received chunk of size ${chunk.length} bytes`);
chunks.push(chunk);
length += chunk.length;
if (length > maxLength) {
res.status(413).send("File too large");
req.destroy();
}
});
req.on("end", async () => {
console.log(`[Cloud Upload] Finished receiving file, total size ${length} bytes`);
const buffer = Buffer.concat(chunks);
const path = `attachments/${channel_id}/${batch_id}/${attachment_id}/${filename}`;
await storage.set(path, buffer);
let mimeType = att.userOriginalContentType;
if (att.userOriginalContentType === null) {
const ft = await fileTypeFromBuffer(buffer);
mimeType = att.contentType = ft?.mime || "application/octet-stream";
}
if (mimeType?.includes("image")) {
const dimensions = imageSize(buffer);
if (dimensions) {
att.width = dimensions.width;
att.height = dimensions.height;
}
}
att.size = buffer.length;
await att.save();
console.log("[Cloud Upload] Saved attachment", att.id, att.userFilename);
res.status(200).end();
});
});
router.delete("/:channel_id/:batch_id/:attachment_id/:filename", async (req: Request, res: Response) => {
if (req.headers.signature !== Config.get().security.requestSignature) throw new HTTPError("Invalid request signature");
console.log("[Cloud Delete] Deleting attachment", req.params);
const { channel_id, batch_id, attachment_id, filename } = req.params;
const path = `attachments/${channel_id}/${batch_id}/${attachment_id}/${filename}`;
const att = await CloudAttachment.findOne({
where: {
uploadFilename: `${channel_id}/${batch_id}/${attachment_id}/${filename}`,
channelId: channel_id,
userAttachmentId: attachment_id,
userFilename: filename,
},
});
if (att) {
await att.remove();
await storage.delete(path);
return res.send({ success: true });
}
return res.status(404).send("Attachment not found");
});
router.post("/:channel_id/:batch_id/:attachment_id/:filename/clone_to_message/:message_id", async (req: Request, res: Response) => {
if (req.headers.signature !== Config.get().security.requestSignature) throw new HTTPError("Invalid request signature");
console.log("[Cloud Clone] Cloning attachment to message", req.params);
const { channel_id, batch_id, attachment_id, filename, message_id } = req.params;
const path = `attachments/${channel_id}/${batch_id}/${attachment_id}/${filename}`;
const newPath = `attachments/${channel_id}/${message_id}/${filename}`;
const att = await CloudAttachment.findOne({
where: {
uploadFilename: `${channel_id}/${batch_id}/${attachment_id}/${filename}`,
channelId: channel_id,
userAttachmentId: attachment_id,
userFilename: filename,
},
});
if (att) {
await storage.clone(path, newPath);
return res.send({ success: true, new_path: newPath });
}
return res.status(404).send("Attachment not found");
});
export default router;
Reference in New Issue View Git Blame Copy Permalink