fixed be hosting html file even in dev mode, and fixed content disposition with invalid filenames
This commit is contained in:
@@ -45,7 +45,7 @@ app.use(cookieParser(env.passwordCookie));
|
||||
app.use(helmet());
|
||||
app.use(compression());
|
||||
app.use(express.json());
|
||||
app.use(express.static(publicPath));
|
||||
app.use(express.static(publicPath, { index: false }));
|
||||
app.use(bodyParser.json({ limit: "50mb" }));
|
||||
app.use(
|
||||
bodyParser.urlencoded({
|
||||
@@ -70,8 +70,10 @@ app.use(middlewareErrorHandler);
|
||||
|
||||
//console.log("Node Enviroment Mode:", nodeMode);
|
||||
|
||||
app.get("*", (_: Request, res: Response) => {
|
||||
res.sendFile(path.join(publicPath, "index.html"));
|
||||
});
|
||||
if (process.env.NODE_ENV === "production") {
|
||||
app.get("*", (_: Request, res: Response) => {
|
||||
res.sendFile(path.join(publicPath, "index.html"));
|
||||
});
|
||||
}
|
||||
|
||||
export default { server, serverHttps };
|
||||
|
||||
@@ -8,6 +8,8 @@ import { createGenericParams } from "./storageHelper";
|
||||
import { getStorageActions } from "../actions/helper-actions";
|
||||
import FileDB from "../../../db/mongoDB/fileDB";
|
||||
import { FileInterface } from "../../../models/file-model";
|
||||
import NotAuthorizedError from "../../../utils/NotAuthorizedError";
|
||||
import sanitizeFilename from "../../../utils/sanitizeFilename";
|
||||
|
||||
const fileDB = new FileDB();
|
||||
|
||||
@@ -33,6 +35,9 @@ const getFileAndRemoveActiveStream = async (
|
||||
if (!file) {
|
||||
throw new NotFoundError("File not found");
|
||||
}
|
||||
if (file.metadata.owner !== userID) {
|
||||
throw new NotAuthorizedError("Not owner of file");
|
||||
}
|
||||
return file;
|
||||
} else {
|
||||
const { file, readStream, decipherStream } = cachedFileData;
|
||||
@@ -127,10 +132,12 @@ const proccessData = (
|
||||
});
|
||||
|
||||
if (!range) {
|
||||
const sanatizedFilename = sanitizeFilename(currentFile.filename);
|
||||
const encodedFilename = encodeURIComponent(sanatizedFilename);
|
||||
res.set("Content-Type", "binary/octet-stream");
|
||||
res.set(
|
||||
"Content-Disposition",
|
||||
'attachment; filename="' + currentFile.filename + '"'
|
||||
`attachment; filename="${sanatizedFilename}"; filename*=UTF-8''${encodedFilename}`
|
||||
);
|
||||
res.set("Content-Length", currentFile.metadata.size.toString());
|
||||
}
|
||||
|
||||
@@ -9,6 +9,7 @@ import { getStorageActions } from "../actions/helper-actions";
|
||||
import FileDB from "../../../db/mongoDB/fileDB";
|
||||
import NotAuthorizedError from "../../../utils/NotAuthorizedError";
|
||||
import UserDB from "../../../db/mongoDB/userDB";
|
||||
import sanitizeFilename from "../../../utils/sanitizeFilename";
|
||||
|
||||
const fileDB = new FileDB();
|
||||
const userDB = new UserDB();
|
||||
@@ -63,10 +64,12 @@ const proccessData = (res: Response, fileID: string, tempToken: string) => {
|
||||
eventEmitter.emit("error", e);
|
||||
});
|
||||
|
||||
const sanatizedFilename = sanitizeFilename(file.filename);
|
||||
const encodedFilename = encodeURIComponent(sanatizedFilename);
|
||||
res.set("Content-Type", "binary/octet-stream");
|
||||
res.set(
|
||||
"Content-Disposition",
|
||||
'attachment; filename="' + file.filename + '"'
|
||||
`attachment; filename="${sanatizedFilename}"; filename*=UTF-8''${encodedFilename}`
|
||||
);
|
||||
res.set("Content-Length", file.metadata.size.toString());
|
||||
|
||||
|
||||
@@ -0,0 +1,9 @@
|
||||
const sanitizeFilename = (filename: string) => {
|
||||
filename = filename.replace(/[\u0000-\u001F\u007F\u202F]/g, " ");
|
||||
filename = filename.replace(/["<>:|?*\\;]/g, "_");
|
||||
filename = filename.trim();
|
||||
|
||||
return filename;
|
||||
};
|
||||
|
||||
export default sanitizeFilename;
|
||||
Reference in New Issue
Block a user