npm - @midwayjs/upload - Versions diffs - 3.10.16 → 3.11.0 - Mend

@midwayjs/upload 3.10.16 → 3.11.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/dist/constants.d.ts CHANGED Viewed

@@ -1,2 +1,24 @@
 export declare const uploadWhiteList: string[];
+export declare const DefaultUploadFileMimeType: {
+    '.jpg': string;
+    '.jpeg': string;
+    '.png': string;
+    '.gif': string;
+    '.bmp': string;
+    '.wbmp': string;
+    '.webp': string;
+    '.tif': string;
+    '.tiff': string;
+    '.psd': string;
+    '.svg': string;
+    '.xml': string;
+    '.pdf': string;
+    '.zip': string;
+    '.gz': string;
+    '.gzip': string;
+    '.mp3': string;
+    '.mp4': string;
+    '.avi': string;
+};
+export declare const EXT_KEY: unique symbol;
 //# sourceMappingURL=constants.d.ts.map

package/dist/constants.js CHANGED Viewed

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.uploadWhiteList = void 0;
+exports.EXT_KEY = exports.DefaultUploadFileMimeType = exports.uploadWhiteList = void 0;
 exports.uploadWhiteList = [
     // images
     '.jpg',
@@ -11,6 +11,7 @@ exports.uploadWhiteList = [
     '.wbmp',
     '.webp',
     '.tif',
+    '.tiff',
     '.psd',
     // text
     '.svg',
@@ -33,4 +34,27 @@ exports.uploadWhiteList = [
     '.mp4',
     '.avi',
 ];
+// https://mimetype.io/
+exports.DefaultUploadFileMimeType = {
+    '.jpg': 'image/jpeg',
+    '.jpeg': 'image/jpeg',
+    '.png': 'image/png',
+    '.gif': 'image/gif',
+    '.bmp': 'image/bmp',
+    '.wbmp': 'image/vnd.wap.wbmp',
+    '.webp': 'image/webp',
+    '.tif': 'image/tiff',
+    '.tiff': 'image/tiff',
+    '.psd': 'image/vnd.adobe.photoshop',
+    '.svg': 'image/svg+xml',
+    '.xml': 'application/xml',
+    '.pdf': 'application/pdf',
+    '.zip': 'application/zip',
+    '.gz': 'application/gzip',
+    '.gzip': 'application/gzip',
+    '.mp3': 'audio/mpeg',
+    '.mp4': 'video/mp4',
+    '.avi': 'video/x-msvideo',
+};
+exports.EXT_KEY = Symbol('_ext');
 //# sourceMappingURL=constants.js.map

package/dist/error.d.ts CHANGED Viewed

@@ -2,4 +2,7 @@ import { httpError } from '@midwayjs/core';
 export declare class MultipartInvalidFilenameError extends httpError.BadRequestError {
     constructor(filename: string);
 }
+export declare class MultipartInvalidFileTypeError extends httpError.BadRequestError {
+    constructor(filename: string, currentType: string, type: string);
+}
 //# sourceMappingURL=error.d.ts.map

package/dist/error.js CHANGED Viewed

@@ -1,11 +1,17 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.MultipartInvalidFilenameError = void 0;
+exports.MultipartInvalidFileTypeError = exports.MultipartInvalidFilenameError = void 0;
 const core_1 = require("@midwayjs/core");
 class MultipartInvalidFilenameError extends core_1.httpError.BadRequestError {
     constructor(filename) {
-        super(`Invalid update file name ${filename}, please check it`);
+        super(`Invalid upload file name ${filename}, please check it`);
     }
 }
 exports.MultipartInvalidFilenameError = MultipartInvalidFilenameError;
+class MultipartInvalidFileTypeError extends core_1.httpError.BadRequestError {
+    constructor(filename, currentType, type) {
+        super(`Invalid upload file type, ${filename} type(${currentType || 'unknown'}) is not ${type} , please check it`);
+    }
+}
+exports.MultipartInvalidFileTypeError = MultipartInvalidFileTypeError;
 //# sourceMappingURL=error.js.map

package/dist/interface.d.ts CHANGED Viewed

@@ -1,13 +1,44 @@
 /// <reference types="node" />
-import { Readable } from "stream";
+import { Readable } from 'stream';
+import { IgnoreMatcher } from '@midwayjs/core';
 export type UploadMode = 'stream' | 'file';
 export interface UploadOptions {
+    /**
+     * Upload mode, default is `file`
+     */
     mode?: UploadMode;
+    /**
+     * Max file size (in bytes), default is `10mb`
+     */
     fileSize?: string;
+    /**
+     * The white ext file names
+     */
     whitelist?: string[] | null;
+    /**
+     * Temporary file directory
+     */
     tmpdir?: string;
+    /**
+     * Temporary file automatic cleanup time, default is 5 minutes
+     */
     cleanTimeout?: number;
+    /**
+     * Whether the uploaded body is base64, for example, apigw of Tencent Cloud
+     */
     base64?: boolean;
+    /**
+     * Which paths to ignore
+     */
+    ignore?: IgnoreMatcher<any> | IgnoreMatcher<any>[];
+    /**
+     * Match those paths with higher priority than ignore
+     */
+    match?: IgnoreMatcher<any> | IgnoreMatcher<any>[];
+    /**
+     * Mime type white list
+     */
+    mimeTypeWhiteList?: Record<string, string | string[]>;
 }
 export interface UploadFileInfo<T> {
     filename: string;

package/dist/middleware.d.ts CHANGED Viewed

@@ -1,14 +1,24 @@
-import { IMiddleware, IMidwayLogger } from '@midwayjs/core';
+/// <reference types="node" />
+import { IMiddleware, IMidwayLogger, IgnoreMatcher } from '@midwayjs/core';
 import { UploadOptions } from '.';
 export declare class UploadMiddleware implements IMiddleware<any, any> {
-    upload: UploadOptions;
+    uploadConfig: UploadOptions;
     logger: IMidwayLogger;
     private uploadWhiteListMap;
+    private uploadFileMimeTypeMap;
+    match: IgnoreMatcher<any>[];
+    ignore: IgnoreMatcher<any>[];
+    init(): Promise<void>;
     resolve(app: any): (req: any, res: any, next: any) => Promise<any>;
     execUpload(ctx: any, req: any, res: any, next: any, isExpress: any): Promise<any>;
     getUploadBoundary(request: any): false | string;
     isReadableStream(req: any, isExpress: any): boolean;
-    checkExt(filename: any): string | boolean;
+    checkAndGetExt(filename: any): string | boolean;
+    checkFileType(ext: string, data: Buffer): Promise<{
+        passed: boolean;
+        mime?: string;
+        current?: string;
+    }>;
     static getName(): string;
 }
 //# sourceMappingURL=middleware.d.ts.map

package/dist/middleware.js CHANGED Viewed

@@ -17,15 +17,32 @@ const stream_1 = require("stream");
 const _1 = require(".");
 const parse_1 = require("./parse");
 const getRawBody = require("raw-body");
+const file_type_1 = require("file-type");
+const utils_1 = require("./utils");
 const { unlink, writeFile } = fs_1.promises;
 let UploadMiddleware = class UploadMiddleware {
     constructor() {
-        this.uploadWhiteListMap = {};
+        this.uploadWhiteListMap = new Map();
+        this.uploadFileMimeTypeMap = new Map();
+    }
+    async init() {
+        if (this.uploadConfig.match) {
+            this.match = [].concat(this.uploadConfig.match || []);
+        }
+        else {
+            this.ignore = [].concat(this.uploadConfig.ignore || []);
+        }
     }
     resolve(app) {
-        if (Array.isArray(this.upload.whitelist)) {
-            for (const whiteExt of this.upload.whitelist) {
-                this.uploadWhiteListMap[whiteExt] = true;
+        if (Array.isArray(this.uploadConfig.whitelist)) {
+            for (const whiteExt of this.uploadConfig.whitelist) {
+                this.uploadWhiteListMap.set(whiteExt, whiteExt);
+            }
+        }
+        if (this.uploadConfig.mimeTypeWhiteList) {
+            for (const ext in this.uploadConfig.mimeTypeWhiteList) {
+                const mime = [].concat(this.uploadConfig.mimeTypeWhiteList[ext]);
+                this.uploadFileMimeTypeMap.set(ext, mime);
             }
         }
         if (app.getFrameworkType() === core_1.MidwayFrameworkType.WEB_EXPRESS) {
@@ -43,7 +60,7 @@ let UploadMiddleware = class UploadMiddleware {
     }
     async execUpload(ctx, req, res, next, isExpress) {
         var _a;
-        const { mode, tmpdir, fileSize } = this.upload;
+        const { mode, tmpdir, fileSize } = this.uploadConfig;
         const boundary = this.getUploadBoundary(req);
         if (!boundary) {
             return next();
@@ -72,12 +89,12 @@ let UploadMiddleware = class UploadMiddleware {
         if (this.isReadableStream(req, isExpress)) {
             if (mode === 'stream') {
                 const { fields, fileInfo } = await (0, parse_1.parseFromReadableStream)(req, boundary);
-                const ext = this.checkExt(fileInfo.filename);
+                const ext = this.checkAndGetExt(fileInfo.filename);
                 if (!ext) {
                     throw new _1.MultipartInvalidFilenameError(fileInfo.filename);
                 }
                 else {
-                    fileInfo['_ext'] = ext;
+                    fileInfo[_1.EXT_KEY] = ext;
                     ctx.fields = fields;
                     ctx.files = [fileInfo];
                     return next();
@@ -95,27 +112,28 @@ let UploadMiddleware = class UploadMiddleware {
         else {
             body = req.body;
         }
-        const data = await (0, parse_1.parseMultipart)(body, boundary, this.upload);
+        const data = await (0, parse_1.parseMultipart)(body, boundary, this.uploadConfig);
         if (!data) {
             return next();
         }
         ctx.fields = data.fields;
         const requireId = `upload_${Date.now()}.${Math.random()}`;
         const files = data.files;
-        const notCheckFile = files.find(fileInfo => {
-            const ext = this.checkExt(fileInfo.filename);
+        for (const fileInfo of files) {
+            const ext = this.checkAndGetExt(fileInfo.filename);
             if (!ext) {
-                return fileInfo;
+                throw new _1.MultipartInvalidFilenameError(fileInfo.filename);
             }
-            fileInfo['_ext'] = ext;
-        });
-        if (notCheckFile) {
-            throw new _1.MultipartInvalidFilenameError(notCheckFile.filename);
+            const { passed, mime, current } = await this.checkFileType(ext, fileInfo.data);
+            if (!passed) {
+                throw new _1.MultipartInvalidFileTypeError(fileInfo.filename, current, mime);
+            }
+            fileInfo[_1.EXT_KEY] = ext;
         }
         ctx.files = await Promise.all(files.map(async (file, index) => {
-            const { data, filename } = file;
+            const { data } = file;
             if (mode === 'file') {
-                const ext = file['_ext'] || (0, path_1.extname)(filename);
+                const ext = file[_1.EXT_KEY];
                 const tmpFileName = (0, path_1.resolve)(tmpdir, `${requireId}.${index}${ext}`);
                 await writeFile(tmpFileName, data, 'binary');
                 file.data = tmpFileName;
@@ -167,17 +185,46 @@ let UploadMiddleware = class UploadMiddleware {
         }
         return false;
     }
-    checkExt(filename) {
+    // check extentions
+    checkAndGetExt(filename) {
         const lowerCaseFileNameList = filename.toLowerCase().split('.');
         while (lowerCaseFileNameList.length) {
             lowerCaseFileNameList.shift();
             const curExt = `.${lowerCaseFileNameList.join('.')}`;
-            if (this.upload.whitelist === null || this.uploadWhiteListMap[curExt]) {
-                return curExt;
+            if (this.uploadConfig.whitelist === null) {
+                return (0, utils_1.formatExt)(curExt);
+            }
+            if (this.uploadWhiteListMap.has(curExt)) {
+                // Avoid the presence of hidden characters and return extensions in the white list.
+                return this.uploadWhiteListMap.get(curExt);
             }
         }
         return false;
     }
+    // check file-type
+    async checkFileType(ext, data) {
+        // fileType == null, pass check
+        if (!this.uploadConfig.mimeTypeWhiteList) {
+            return { passed: true };
+        }
+        const mime = this.uploadFileMimeTypeMap.get(ext);
+        if (!mime) {
+            return { passed: false, mime: ext };
+        }
+        if (!mime.length) {
+            return { passed: true };
+        }
+        const typeInfo = await (0, file_type_1.fromBuffer)(data);
+        if (!typeInfo) {
+            return { passed: false, mime: mime.join('、') };
+        }
+        const findMime = mime.find(mimeItem => mimeItem === typeInfo.mime);
+        return {
+            passed: !!findMime,
+            mime: mime.join('、'),
+            current: typeInfo.mime,
+        };
+    }
     static getName() {
         return 'upload';
     }
@@ -185,11 +232,17 @@ let UploadMiddleware = class UploadMiddleware {
 __decorate([
     (0, core_1.Config)('upload'),
     __metadata("design:type", Object)
-], UploadMiddleware.prototype, "upload", void 0);
+], UploadMiddleware.prototype, "uploadConfig", void 0);
 __decorate([
     (0, core_1.Logger)(),
     __metadata("design:type", Object)
 ], UploadMiddleware.prototype, "logger", void 0);
+__decorate([
+    (0, core_1.Init)(),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", []),
+    __metadata("design:returntype", Promise)
+], UploadMiddleware.prototype, "init", null);
 UploadMiddleware = __decorate([
     (0, core_1.Middleware)()
 ], UploadMiddleware);

package/dist/utils.d.ts CHANGED Viewed

@@ -2,4 +2,5 @@ export declare const autoRemoveUploadTmpFile: (tmpDir: string, cleanTimeout: num
 export declare const stopAutoRemoveUploadTmpFile: () => Promise<void>;
 export declare const checkExists: (path: string) => Promise<boolean>;
 export declare const ensureDir: (dirPath: string) => Promise<boolean>;
+export declare const formatExt: (ext: string) => string;
 //# sourceMappingURL=utils.d.ts.map

package/dist/utils.js CHANGED Viewed

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.ensureDir = exports.checkExists = exports.stopAutoRemoveUploadTmpFile = exports.autoRemoveUploadTmpFile = void 0;
+exports.formatExt = exports.ensureDir = exports.checkExists = exports.stopAutoRemoveUploadTmpFile = exports.autoRemoveUploadTmpFile = void 0;
 const fs_1 = require("fs");
 const path_1 = require("path");
 const { readdir, access, stat, unlink, mkdir } = fs_1.promises;
@@ -68,4 +68,24 @@ const ensureDir = async (dirPath) => {
     }
 };
 exports.ensureDir = ensureDir;
+const formatExt = (ext) => {
+    return Buffer.from(ext.toLowerCase())
+        .filter(ext => {
+        // .
+        if (ext === 0x2e) {
+            return true;
+        }
+        // 0-9
+        if (ext >= 0x30 && ext <= 0x39) {
+            return true;
+        }
+        // a-z
+        if (ext >= 0x61 && ext <= 0x7a) {
+            return true;
+        }
+        return false;
+    })
+        .toString();
+};
+exports.formatExt = formatExt;
 //# sourceMappingURL=utils.js.map

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@midwayjs/upload",
-  "version": "3.10.16",
+  "version": "3.11.0",
   "description": "Midway Component for upload",
   "main": "dist/index.js",
   "typings": "index.d.ts",
@@ -22,16 +22,16 @@
   },
   "license": "MIT",
   "dependencies": {
+    "file-type": "16.5.4",
     "raw-body": "2.5.2"
   },
   "devDependencies": {
-    "@midwayjs/core": "^3.10.15",
-    "@midwayjs/express": "^3.10.15",
-    "@midwayjs/faas": "^3.10.15",
-    "@midwayjs/koa": "^3.10.15",
-    "@midwayjs/mock": "^3.10.15",
-    "@midwayjs/serverless-app": "^3.10.15",
-    "@midwayjs/web": "^3.10.16"
+    "@midwayjs/core": "^3.11.0",
+    "@midwayjs/express": "^3.11.0",
+    "@midwayjs/faas": "^3.11.0",
+    "@midwayjs/koa": "^3.11.0",
+    "@midwayjs/mock": "^3.11.0",
+    "@midwayjs/web": "^3.11.0"
   },
-  "gitHead": "37bfe5eecf2500a798c0bebfcf59c540ce9479e1"
+  "gitHead": "eadb977e7fddcd4287c099fc32b601cd51702514"
 }