pierre/MoneyMgr
1
0
Fork 0
Code Issues Pull Requests 4 Actions Packages Projects Releases 2 Wiki Activity

Enforce mimetype check on backend

Browse Source
This commit is contained in:
Pierre HUBERT 2025-04-28 21:13:15 +02:00
parent 211c81dd66
commit 3ae229a275
1 changed files with 16 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
moneymgr_backend/src/controllers/files_controller.rs
View File

@ -1,4 +1,5 @@
use crate::controllers::HttpResult;
use crate::controllers::server_controller::ServerConstraints;
use crate::extractors::auth_extractor::AuthExtractor;
use crate::extractors::file_extractor::FileExtractor;
use crate::extractors::file_id_extractor::FileIdExtractor;
@ -12,6 +13,21 @@ use std::time::Duration;
/// Upload a new file
pub async fn upload(auth: AuthExtractor, file: FileExtractor) -> HttpResult {
// Check file mimetype
if !ServerConstraints::default()
.file_allowed_types
.contains(&file.mime.as_ref())
{
log::error!(
"User attempted to upload a file with invalid mimetype! {}",
file.mime
);
return Ok(HttpResponse::BadRequest().body(format!(
"Files with mimetype {} cannot be uploaded!",
file.mime
)));
}
let file = files_service::create_file_with_mimetype(
auth.user_id(),
&file.name(),