@nestjs/common 10.4.15 → 10.4.16

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/package.json +5 -1
  2. package/pipes/file/file-type.validator.d.ts +11 -7
  3. package/pipes/file/file-type.validator.js +23 -10
  4. package/pipes/file/interfaces/file.interface.d.ts +1 -0
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@nestjs/common",
3
- "version": "10.4.15",
3
+ "version": "10.4.16",
4
4
  "description": "Nest - modern, fast, powerful node.js web framework (@common)",
5
5
  "author": "Kamil Mysliwiec",
6
6
  "homepage": "https://nestjs.com",
@@ -25,6 +25,7 @@
25
25
  "peerDependencies": {
26
26
  "class-transformer": "*",
27
27
  "class-validator": "*",
28
+ "file-type": "^20.4.1",
28
29
  "reflect-metadata": "^0.1.12 || ^0.2.0",
29
30
  "rxjs": "^7.1.0"
30
31
  },
@@ -34,6 +35,9 @@
34
35
  },
35
36
  "class-transformer": {
36
37
  "optional": true
38
+ },
39
+ "file-type": {
40
+ "optional": true
37
41
  }
38
42
  }
39
43
  }
package/pipes/file/file-type.validator.d.ts CHANGED
@@ -2,19 +2,23 @@ import { FileValidator } from './file-validator.interface';
2
2
  import { IFile } from './interfaces';
3
3
  export type FileTypeValidatorOptions = {
4
4
  fileType: string | RegExp;
5
+ /**
6
+ * If `true`, the validator will skip the magic numbers validation.
7
+ * This can be useful when you can't identify some files as there are no common magic numbers available for some file types.
8
+ * @default false
9
+ */
10
+ skipMagicNumbersValidation?: boolean;
5
11
  };
6
12
  /**
7
- * Defines the built-in FileType File Validator. It validates incoming files mime-type
8
- * matching a string or a regular expression. Note that this validator uses a naive strategy
9
- * to check the mime-type and could be fooled if the client provided a file with renamed extension.
10
- * (for instance, renaming a 'malicious.bat' to 'malicious.jpeg'). To handle such security issues
11
- * with more reliability, consider checking against the file's [magic-numbers](https://en.wikipedia.org/wiki/Magic_number_%28programming%29)
13
+ * Defines the built-in FileTypeValidator. It validates incoming files by examining
14
+ * their magic numbers using the file-type package, providing more reliable file type validation
15
+ * than just checking the mimetype string.
12
16
  *
13
17
  * @see [File Validators](https://docs.nestjs.com/techniques/file-upload#validators)
14
18
  *
15
19
  * @publicApi
16
20
  */
17
21
  export declare class FileTypeValidator extends FileValidator<FileTypeValidatorOptions, IFile> {
18
- buildErrorMessage(): string;
19
- isValid(file?: IFile): boolean;
22
+ buildErrorMessage(file?: IFile): string;
23
+ isValid(file?: IFile): Promise<boolean>;
20
24
  }
package/pipes/file/file-type.validator.js CHANGED
@@ -3,27 +3,40 @@ Object.defineProperty(exports, "__esModule", { value: true });
3
3
  exports.FileTypeValidator = void 0;
4
4
  const file_validator_interface_1 = require("./file-validator.interface");
5
5
  /**
6
- * Defines the built-in FileType File Validator. It validates incoming files mime-type
7
- * matching a string or a regular expression. Note that this validator uses a naive strategy
8
- * to check the mime-type and could be fooled if the client provided a file with renamed extension.
9
- * (for instance, renaming a 'malicious.bat' to 'malicious.jpeg'). To handle such security issues
10
- * with more reliability, consider checking against the file's [magic-numbers](https://en.wikipedia.org/wiki/Magic_number_%28programming%29)
6
+ * Defines the built-in FileTypeValidator. It validates incoming files by examining
7
+ * their magic numbers using the file-type package, providing more reliable file type validation
8
+ * than just checking the mimetype string.
11
9
  *
12
10
  * @see [File Validators](https://docs.nestjs.com/techniques/file-upload#validators)
13
11
  *
14
12
  * @publicApi
15
13
  */
16
14
  class FileTypeValidator extends file_validator_interface_1.FileValidator {
17
- buildErrorMessage() {
15
+ buildErrorMessage(file) {
16
+ if (file?.mimetype) {
17
+ return `Validation failed (current file type is ${file.mimetype}, expected type is ${this.validationOptions.fileType})`;
18
+ }
18
19
  return `Validation failed (expected type is ${this.validationOptions.fileType})`;
19
20
  }
20
- isValid(file) {
21
+ async isValid(file) {
21
22
  if (!this.validationOptions) {
22
23
  return true;
23
24
  }
24
- return (!!file &&
25
- 'mimetype' in file &&
26
- !!file.mimetype.match(this.validationOptions.fileType));
25
+ const isFileValid = !!file && 'mimetype' in file;
26
+ if (this.validationOptions.skipMagicNumbersValidation) {
27
+ return (isFileValid && !!file.mimetype.match(this.validationOptions.fileType));
28
+ }
29
+ if (!isFileValid || !file.buffer) {
30
+ return false;
31
+ }
32
+ try {
33
+ const { fileTypeFromBuffer } = (await eval('import ("file-type")'));
34
+ const fileType = await fileTypeFromBuffer(file.buffer);
35
+ return (!!fileType && !!fileType.mime.match(this.validationOptions.fileType));
36
+ }
37
+ catch {
38
+ return false;
39
+ }
27
40
  }
28
41
  }
29
42
  exports.FileTypeValidator = FileTypeValidator;
package/pipes/file/interfaces/file.interface.d.ts CHANGED
@@ -1,4 +1,5 @@
1
1
  export interface IFile {
2
2
  mimetype: string;
3
3
  size: number;
4
+ buffer?: Buffer;
4
5
  }