Enforce mimetype check on backend

moneymgr_backend/src/controllers/files_controller.rs

@@ -1,4 +1,5 @@
 use crate::controllers::HttpResult;
+use crate::controllers::server_controller::ServerConstraints;
 use crate::extractors::auth_extractor::AuthExtractor;
 use crate::extractors::file_extractor::FileExtractor;
 use crate::extractors::file_id_extractor::FileIdExtractor;
@@ -12,6 +13,21 @@ use std::time::Duration;
 
 /// Upload a new file
 pub async fn upload(auth: AuthExtractor, file: FileExtractor) -> HttpResult {
+    // Check file mimetype
+    if !ServerConstraints::default()
+        .file_allowed_types
+        .contains(&file.mime.as_ref())
+    {
+        log::error!(
+            "User attempted to upload a file with invalid mimetype! {}",
+            file.mime
+        );
+        return Ok(HttpResponse::BadRequest().body(format!(
+            "Files with mimetype {} cannot be uploaded!",
+            file.mime
+        )));
+    }
+
     let file = files_service::create_file_with_mimetype(
         auth.user_id(),
         &file.name(),