@startupjs-ui/file-input 0.3.1 → 0.3.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +19 -0
- package/files.plugin.js +14 -0
- package/package.json +4 -4
package/CHANGELOG.md
CHANGED
|
@@ -3,6 +3,25 @@
|
|
|
3
3
|
All notable changes to this project will be documented in this file.
|
|
4
4
|
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
|
|
5
5
|
|
|
6
|
+
## [0.3.3](https://github.com/startupjs/startupjs-ui/compare/v0.3.2...v0.3.3) (2026-06-13)
|
|
7
|
+
|
|
8
|
+
|
|
9
|
+
### Bug Fixes
|
|
10
|
+
|
|
11
|
+
* **file-input:** handle upload stream errors instead of crashing the server ([#34](https://github.com/startupjs/startupjs-ui/issues/34)) ([1ba8ac8](https://github.com/startupjs/startupjs-ui/commit/1ba8ac8b0a6e16e726a485d4ba4ae2ca5a4ae61a))
|
|
12
|
+
|
|
13
|
+
|
|
14
|
+
|
|
15
|
+
|
|
16
|
+
|
|
17
|
+
## [0.3.2](https://github.com/startupjs/startupjs-ui/compare/v0.3.1...v0.3.2) (2026-06-09)
|
|
18
|
+
|
|
19
|
+
**Note:** Version bump only for package @startupjs-ui/file-input
|
|
20
|
+
|
|
21
|
+
|
|
22
|
+
|
|
23
|
+
|
|
24
|
+
|
|
6
25
|
## [0.3.1](https://github.com/startupjs/startupjs-ui/compare/v0.3.0...v0.3.1) (2026-06-08)
|
|
7
26
|
|
|
8
27
|
**Note:** Version bump only for package @startupjs-ui/file-input
|
package/files.plugin.js
CHANGED
|
@@ -233,6 +233,20 @@ export default createPlugin({
|
|
|
233
233
|
mimeType = 'image/jpeg'
|
|
234
234
|
}
|
|
235
235
|
|
|
236
|
+
// Surface stream errors (e.g. sharp failing to decode a corrupt or
|
|
237
|
+
// forged "image/*" upload) as a 400 instead of letting an unhandled
|
|
238
|
+
// 'error' event crash the whole server process. This is essential for
|
|
239
|
+
// public/untrusted uploads, where a single garbage payload with an
|
|
240
|
+
// image mime type would otherwise take the server down. Attach to the
|
|
241
|
+
// source busboy stream and, for images, the sharp stream too — an
|
|
242
|
+
// unhandled 'error' on either is fatal.
|
|
243
|
+
const onStreamError = err => {
|
|
244
|
+
console.error('[StartupJS Files] Upload stream error:', err)
|
|
245
|
+
if (!res.headersSent) res.status(400).send('Invalid file data')
|
|
246
|
+
}
|
|
247
|
+
file.on('error', onStreamError)
|
|
248
|
+
if (stream !== file) stream.on('error', onStreamError)
|
|
249
|
+
|
|
236
250
|
// Regardless of whether it's an image or not, collect the data
|
|
237
251
|
stream.on('data', data => buffers.push(data))
|
|
238
252
|
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@startupjs-ui/file-input",
|
|
3
|
-
"version": "0.3.
|
|
3
|
+
"version": "0.3.3",
|
|
4
4
|
"publishConfig": {
|
|
5
5
|
"access": "public"
|
|
6
6
|
},
|
|
@@ -26,13 +26,13 @@
|
|
|
26
26
|
"@startupjs-ui/dialogs": "^0.3.1",
|
|
27
27
|
"@startupjs-ui/div": "^0.3.1",
|
|
28
28
|
"busboy": "^1.6.0",
|
|
29
|
-
"expo-document-picker": ">=14.0.0",
|
|
30
|
-
"expo-image-picker": ">=17.0.0",
|
|
31
29
|
"sharp": "^0.34.5"
|
|
32
30
|
},
|
|
33
31
|
"peerDependencies": {
|
|
34
32
|
"@aws-sdk/client-s3": "*",
|
|
35
33
|
"@azure/storage-blob": "*",
|
|
34
|
+
"expo-document-picker": "*",
|
|
35
|
+
"expo-image-picker": "*",
|
|
36
36
|
"mongodb": "*",
|
|
37
37
|
"react": "*",
|
|
38
38
|
"react-native": "*",
|
|
@@ -49,5 +49,5 @@
|
|
|
49
49
|
"optional": true
|
|
50
50
|
}
|
|
51
51
|
},
|
|
52
|
-
"gitHead": "
|
|
52
|
+
"gitHead": "d3d37d5c01055fd39a3fc27b9b54fee0dc71589d"
|
|
53
53
|
}
|