Files
myDrive/backend/services/chunk-service/utils/createVideoThumbnail.ts
T
oxmc eb21092f46
Release Please / release-please (push) Has been cancelled
Docker Build and Push (Development) / build-and-push-dev (push) Has been cancelled
chore: resolve remaining audit vulnerabilities (uuid, @types/request, brace-expansion)
- Removed @types/request (unused devDependency, no "request" import anywhere
  in the codebase) - it was the actual source of the critical form-data
  vulnerability via its own outdated nested dependency.
- Bumped uuid v3 -> v11 (patched version) across all 8 call sites, migrating
  from the old default-import "uuid.v4()"/"uuid()" style to the named-export
  "v4 as uuidv4" style the new major requires. Tried v14 first - it broke the
  Jest test suite entirely (ships ESM-only, Node's CJS require() choked on
  it) - v11 is the oldest patched version that still works under Jest/CJS.
  Removed 2 more unused "import uuid" lines with no actual usage.
- Picked up brace-expansion via a follow-up non-breaking npm audit fix.

Verified full build (frontend+backend) and full test suite (179 tests)
after each step. 45 -> 4 unique vulnerable packages remaining: aws-sdk
(its own advisory, "fix" would downgrade it - not worth it), aws-sdk's
own nested uuid (same reason), esbuild/vite (major version bump to vite 8,
needs its own dedicated upgrade pass), and nodemailer (breaking API change,
only exercised when EMAIL_VERIFICATION is enabled) - all left for a
deliberate separate decision rather than forced through here.
2026-07-05 06:16:19 -07:00

175 lines
4.7 KiB
TypeScript

import crypto from "crypto";
import sharp from "sharp";
import { FileInterface } from "../../../models/file-model";
import { UserInterface } from "../../../models/user-model";
import fs from "fs";
import { v4 as uuidv4 } from "uuid";
import env from "../../../enviroment/env";
import ffmpeg from "fluent-ffmpeg";
import tempCreateVideoThumbnail from "./tempCreateVideoThumbnail";
import { S3Actions } from "../actions/S3-actions";
import { FilesystemActions } from "../actions/file-system-actions";
import { createGenericParams } from "./storageHelper";
import { getStorageActions } from "../actions/helper-actions";
import { getFSStoragePath } from "../../../utils/getFSStoragePath";
import { getFileDB, getThumbnailDB } from "../../../db/dbFactory";
const storageActions = getStorageActions();
const fileDB = getFileDB();
const thumbnailDB = getThumbnailDB();
const attemptToRemoveChunks = async (
file: FileInterface,
thumbnailFilename: string
) => {
try {
const readStreamParams = createGenericParams({
filePath: getFSStoragePath() + thumbnailFilename,
Key: thumbnailFilename,
});
await storageActions.removeChunks(readStreamParams);
} catch (e) {
console.log("error removing chunks", e);
}
};
const createVideoThumbnail = (
file: FileInterface,
filename: string,
user: UserInterface
) => {
return new Promise<FileInterface>((resolve, reject) => {
try {
const password = user.getEncryptionKey();
let CIPHER_KEY = crypto.createHash("sha256").update(password!).digest();
const thumbnailFilename = uuidv4();
const readStreamParams = createGenericParams({
filePath: file.metadata.filePath,
Key: file.metadata.s3ID,
});
const readStream = storageActions.createReadStream(readStreamParams);
const { writeStream, emitter } = storageActions.createWriteStream(
readStreamParams,
readStream,
thumbnailFilename
);
const decipher = crypto.createDecipheriv(
"aes256",
CIPHER_KEY,
file.metadata.IV
);
const thumbnailIV = crypto.randomBytes(16);
const thumbnailCipher = crypto.createCipheriv(
"aes256",
CIPHER_KEY,
thumbnailIV
);
const handleError = (e: Error) => {
console.log("thumbnail stream error", e);
resolve(file);
};
readStream.on("error", handleError);
decipher.on("error", handleError);
writeStream.on("error", handleError);
thumbnailCipher.on("error", handleError);
const decryptedReadStream = readStream.pipe(decipher);
let error = false;
const handleFinish = async () => {
try {
if (error) return;
const thumbnailModel = await thumbnailDB.createThumbnail({
name: filename,
owner: user._id.toString(),
IV: thumbnailIV,
path: getFSStoragePath() + thumbnailFilename,
s3ID: thumbnailFilename,
});
if (!file._id) {
return reject();
}
const updatedFile = await fileDB.setVideoThumbnail(
file._id.toString(),
user._id.toString(),
thumbnailModel._id.toString()
);
if (!updatedFile) return reject();
resolve(updatedFile);
} catch (e) {
console.log("thumbnail error", e);
resolve(file);
}
};
if (emitter) {
emitter.on("finish", async () => {
await handleFinish();
});
}
ffmpeg(decryptedReadStream, {
timeout: 60,
})
.seek(1)
.format("image2pipe")
.outputOptions([
"-f image2pipe",
"-vframes 1",
"-vf scale='if(gt(iw,ih),600,-1):if(gt(ih,iw),300,-1)'",
])
.on("start", (command) => {})
.on("end", async (err) => {
if (!emitter) {
await handleFinish();
}
})
.on("error", async (err, sdf, stderr) => {
// console.log("thumbnail error attempting temp directory fix");
error = true;
await attemptToRemoveChunks(file, thumbnailFilename);
if (env.tempDirectory && env.tempVideoThumbnailLimit > file.length) {
const updatedFile = await tempCreateVideoThumbnail(
file,
filename,
user
);
resolve(updatedFile);
} else {
resolve(file);
}
// resolve(file);
})
.pipe(thumbnailCipher)
.pipe(writeStream, { end: true });
} catch (e) {
console.log("thumbnail error", e);
resolve(file);
}
});
};
export default createVideoThumbnail;