npm - @gallop.software/studio - Versions diffs - 2.3.107 → 2.3.109 - Mend

@gallop.software/studio 2.3.107 → 2.3.109

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/client/assets/index-hfdKcjZr.js +92 -0
package/dist/client/index.html +1 -1
package/dist/server/index.js +32 -10
package/dist/server/index.js.map +1 -1
package/package.json +1 -1

package/dist/client/index.html CHANGED Viewed

@@ -11,7 +11,7 @@
         font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, 'Helvetica Neue', Arial, sans-serif;
       }
     </style>
-    <script type="module" crossorigin src="/assets/index-DBR9Z-gV.js"></script>
+    <script type="module" crossorigin src="/assets/index-hfdKcjZr.js"></script>
     <link rel="stylesheet" crossorigin href="/assets/index-DfPQBmNf.css">
   </head>
   <body>

package/dist/server/index.js CHANGED Viewed

@@ -4484,17 +4484,23 @@ async function handleEditImage(request) {
     const exifMeta = await sharp7(exifCorrectedBuffer).metadata();
     const exifWidth = exifMeta.width || 0;
     const exifHeight = exifMeta.height || 0;
-    const cropX = Math.max(0, Math.min(crop.x, exifWidth - 1));
-    const cropY = Math.max(0, Math.min(crop.y, exifHeight - 1));
-    const cropWidth = Math.min(crop.width, exifWidth - cropX);
-    const cropHeight = Math.min(crop.height, exifHeight - cropY);
+    const cropX = Math.max(0, Math.min(Math.round(crop.x), exifWidth - 1));
+    const cropY = Math.max(0, Math.min(Math.round(crop.y), exifHeight - 1));
+    const cropWidth = Math.max(1, Math.min(Math.round(crop.width), exifWidth - cropX));
+    const cropHeight = Math.max(1, Math.min(Math.round(crop.height), exifHeight - cropY));
     let pipeline = sharp7(exifCorrectedBuffer);
     if (cropX > 0 || cropY > 0 || cropWidth < exifWidth || cropHeight < exifHeight) {
+      if (cropX + cropWidth > exifWidth || cropY + cropHeight > exifHeight) {
+        return jsonResponse(
+          { error: `Invalid crop area: ${cropX},${cropY} ${cropWidth}x${cropHeight} exceeds image ${exifWidth}x${exifHeight}` },
+          { status: 400 }
+        );
+      }
       pipeline = pipeline.extract({
-        left: Math.round(cropX),
-        top: Math.round(cropY),
-        width: Math.round(cropWidth),
-        height: Math.round(cropHeight)
+        left: cropX,
+        top: cropY,
+        width: cropWidth,
+        height: cropHeight
       });
     }
     if (rotation !== 0) {
@@ -4687,7 +4693,15 @@ async function startServer(options) {
   );
   app.post("/api/studio/delete", wrapHandler(handleDelete));
   app.post("/api/studio/delete-stream", wrapHandler(handleDeleteStream, true));
-  app.use(express.static(join(workspace, "public")));
+  app.use(express.static(join(workspace, "public"), {
+    etag: false,
+    lastModified: false,
+    setHeaders: (res) => {
+      res.setHeader("Cache-Control", "no-store, no-cache, must-revalidate, proxy-revalidate");
+      res.setHeader("Pragma", "no-cache");
+      res.setHeader("Expires", "0");
+    }
+  }));
   const clientDir = resolve(__dirname, "../client");
   app.get("/", (req, res) => {
     const htmlPath = join(clientDir, "index.html");
@@ -4704,7 +4718,15 @@ async function startServer(options) {
       res.status(404).send("Client not built. Run npm run build first.");
     }
   });
-  app.use(express.static(clientDir));
+  app.use(express.static(clientDir, {
+    etag: false,
+    lastModified: false,
+    setHeaders: (res) => {
+      res.setHeader("Cache-Control", "no-store, no-cache, must-revalidate, proxy-revalidate");
+      res.setHeader("Pragma", "no-cache");
+      res.setHeader("Expires", "0");
+    }
+  }));
   const title = `Gallop - Studio (${version})`;
   app.listen(port, () => {
     console.log(`