Files
myDrive/backend/services/chunk-service/utils/tempCreateVideoThumbnail.ts
T
oxmc eb21092f46
Release Please / release-please (push) Has been cancelled
Docker Build and Push (Development) / build-and-push-dev (push) Has been cancelled
chore: resolve remaining audit vulnerabilities (uuid, @types/request, brace-expansion)
- Removed @types/request (unused devDependency, no "request" import anywhere
  in the codebase) - it was the actual source of the critical form-data
  vulnerability via its own outdated nested dependency.
- Bumped uuid v3 -> v11 (patched version) across all 8 call sites, migrating
  from the old default-import "uuid.v4()"/"uuid()" style to the named-export
  "v4 as uuidv4" style the new major requires. Tried v14 first - it broke the
  Jest test suite entirely (ships ESM-only, Node's CJS require() choked on
  it) - v11 is the oldest patched version that still works under Jest/CJS.
  Removed 2 more unused "import uuid" lines with no actual usage.
- Picked up brace-expansion via a follow-up non-breaking npm audit fix.

Verified full build (frontend+backend) and full test suite (179 tests)
after each step. 45 -> 4 unique vulnerable packages remaining: aws-sdk
(its own advisory, "fix" would downgrade it - not worth it), aws-sdk's
own nested uuid (same reason), esbuild/vite (major version bump to vite 8,
needs its own dedicated upgrade pass), and nodemailer (breaking API change,
only exercised when EMAIL_VERIFICATION is enabled) - all left for a
deliberate separate decision rather than forced through here.
2026-07-05 06:16:19 -07:00

134 lines
3.6 KiB
TypeScript

import crypto from "crypto";
import sharp from "sharp";
import { FileInterface } from "../../../models/file-model";
import { UserInterface } from "../../../models/user-model";
import fs from "fs";
import { v4 as uuidv4 } from "uuid";
import env from "../../../enviroment/env";
import ffmpeg from "fluent-ffmpeg";
import { S3Actions } from "../actions/S3-actions";
import { FilesystemActions } from "../actions/file-system-actions";
import { createGenericParams } from "./storageHelper";
import { getStorageActions } from "../actions/helper-actions";
import { getFSStoragePath } from "../../../utils/getFSStoragePath";
import { getFileDB, getThumbnailDB } from "../../../db/dbFactory";
const storageActions = getStorageActions();
const fileDB = getFileDB();
const thumbnailDB = getThumbnailDB();
const tempCreateVideoThumbnail = (
file: FileInterface,
filename: string,
user: UserInterface
) => {
return new Promise<FileInterface>((resolve, reject) => {
const password = user.getEncryptionKey();
let CIPHER_KEY = crypto.createHash("sha256").update(password!).digest();
const thumbnailFilename = uuidv4();
const readStreamParams = createGenericParams({
filePath: file.metadata.filePath,
Key: file.metadata.s3ID,
});
const readStream = storageActions.createReadStream(readStreamParams);
const { writeStream, emitter } = storageActions.createWriteStream(
readStreamParams,
readStream,
thumbnailFilename
);
const tempDirectory = env.tempDirectory + thumbnailFilename;
const tempWriteStream = fs.createWriteStream(tempDirectory);
const decipher = crypto.createDecipheriv(
"aes256",
CIPHER_KEY,
file.metadata.IV
);
const thumbnailIV = crypto.randomBytes(16);
const thumbnailCipher = crypto.createCipheriv(
"aes256",
CIPHER_KEY,
thumbnailIV
);
const decryptedReadStream = readStream.pipe(decipher);
decryptedReadStream.pipe(tempWriteStream, { end: true });
if (emitter) {
emitter.on("finish", async () => {
await handleFinish();
});
}
const handleFinish = async () => {
const thumbnailModel = await thumbnailDB.createThumbnail({
name: filename,
owner: user._id.toString(),
IV: thumbnailIV,
path: getFSStoragePath() + thumbnailFilename,
s3ID: thumbnailFilename,
});
if (!file._id) {
return reject();
}
const updatedFile = await fileDB.setVideoThumbnail(
file._id.toString(),
user._id.toString(),
thumbnailModel._id.toString()
);
if (!updatedFile) return reject();
fs.unlink(tempDirectory, (err) => {
resolve(updatedFile);
});
};
const attemptToRemoveTempDirectory = () => {
return new Promise((resolve, reject) => {
fs.unlink(tempDirectory, (err) => {
resolve(!err);
});
});
};
tempWriteStream.on("finish", () => {
ffmpeg(tempDirectory, {
timeout: 60,
})
.seek(1)
.format("image2pipe")
.outputOptions([
"-f image2pipe",
"-vframes 1",
"-vf scale='if(gt(iw,ih),600,-1):if(gt(ih,iw),300,-1)'",
])
.on("start", () => {})
.on("end", async () => {
if (!emitter) {
await handleFinish();
}
})
.on("error", (err, _, stderr) => {
console.log("error", err, stderr);
attemptToRemoveTempDirectory();
resolve(file);
})
.pipe(thumbnailCipher)
.pipe(writeStream, { end: true });
});
});
};
export default tempCreateVideoThumbnail;