Vadym/postiz-app
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
postiz-app/libraries/nestjs-libraries/src/upload/custom.upload.validation.ts
Nevo David 3ea302202d
Some checks failed
Build Containers / build-containers-common (push) Has been cancelled
Details
Build / build (22.12.0) (push) Has been cancelled
Details
Build Containers / build-containers (amd64, ubuntu-latest) (push) Has been cancelled
Details
Build Containers / build-containers (arm64, ubuntu-24.04-arm) (push) Has been cancelled
Details
Build Containers / build-container-manifest (push) Has been cancelled
Details
feat: fix advisory
2026-04-12 10:27:01 +07:00

67 lines
1.8 KiB
TypeScript
Raw Blame History

import {
BadRequestException,
Injectable,
PipeTransform,
} from '@nestjs/common';
// eslint-disable-next-line @typescript-eslint/no-var-requires
const { fromBuffer } = require('file-type');
const ALLOWED_MIME_TYPES = new Set<string>([
'image/jpeg',
'image/png',
'image/gif',
'image/webp',
'image/avif',
'image/bmp',
'image/tiff',
'video/mp4',
]);
@Injectable()
export class CustomFileValidationPipe implements PipeTransform {
async transform(value: any) {
if (!value || typeof value !== 'object') {
return value;
}
// Skip non-file parameters (org, body, query, etc.)
if (!('buffer' in value) && !('mimetype' in value) && !('fieldname' in value)) {
return value;
}
if (!value.buffer || !Buffer.isBuffer(value.buffer)) {
throw new BadRequestException('Invalid file upload.');
}
const detected = await fromBuffer(value.buffer);
if (!detected || !ALLOWED_MIME_TYPES.has(detected.mime)) {
throw new BadRequestException('Unsupported file type.');
}
const maxSize = this.getMaxSize(detected.mime);
if (value.size > maxSize) {
throw new BadRequestException(
`File size exceeds the maximum allowed size of ${maxSize} bytes.`
);
}
value.mimetype = detected.mime;
const safeBase = (value.originalname || 'upload')
.replace(/\.[^./\\]*$/, '')
.replace(/[\\/]/g, '_')
.slice(0, 100) || 'upload';
value.originalname = `${safeBase}.${detected.ext}`;
return value;
}
private getMaxSize(mimeType: string): number {
if (mimeType.startsWith('image/')) {
return 10 * 1024 * 1024; // 10 MB
} else if (mimeType.startsWith('video/')) {
return 1024 * 1024 * 1024; // 1 GB
} else {
throw new BadRequestException('Unsupported file type.');
}
}
}
Reference in a new issue View git blame Copy permalink