valtech-components 2.0.850 → 2.0.851
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/esm2022/lib/services/feedback/config.mjs +7 -7
- package/esm2022/lib/services/feedback/feedback.service.mjs +89 -2
- package/esm2022/lib/version.mjs +2 -2
- package/fesm2022/valtech-components.mjs +93 -7
- package/fesm2022/valtech-components.mjs.map +1 -1
- package/lib/services/feedback/feedback.service.d.ts +23 -0
- package/lib/version.d.ts +1 -1
- package/package.json +1 -1
|
@@ -25,6 +25,7 @@ export declare class FeedbackService {
|
|
|
25
25
|
private config;
|
|
26
26
|
private http;
|
|
27
27
|
private firestore;
|
|
28
|
+
private storage;
|
|
28
29
|
private auth;
|
|
29
30
|
/**
|
|
30
31
|
* URL base para endpoints de feedback.
|
|
@@ -67,6 +68,28 @@ export declare class FeedbackService {
|
|
|
67
68
|
valid: boolean;
|
|
68
69
|
error?: string;
|
|
69
70
|
};
|
|
71
|
+
/**
|
|
72
|
+
* Valida el CONTENIDO del archivo por magic-bytes (firma binaria) —
|
|
73
|
+
* defensa contra spoofing del content-type declarado. Lee los primeros 12
|
|
74
|
+
* bytes y los compara con las firmas de JPEG/PNG/WebP/PDF (whitelist
|
|
75
|
+
* estricta). Es client-side, ergo bypasseable; la defensa real vive en las
|
|
76
|
+
* Storage rules. Esto corta el 99% de los casos accidentales o no-targeted.
|
|
77
|
+
*/
|
|
78
|
+
validateFileContent(file: File): Promise<{
|
|
79
|
+
valid: boolean;
|
|
80
|
+
error?: string;
|
|
81
|
+
}>;
|
|
82
|
+
/**
|
|
83
|
+
* Sube un adjunto a Firebase Storage en `users/{uid}/feedback/{uuid}/{name}`
|
|
84
|
+
* y devuelve su download URL. Ejecuta tres validaciones en orden:
|
|
85
|
+
* 1. tamaño + tipo declarado (`validateFile`)
|
|
86
|
+
* 2. contenido por magic-bytes (`validateFileContent`)
|
|
87
|
+
* 3. usuario autenticado (no soportamos adjuntos en feedback anónimo)
|
|
88
|
+
*
|
|
89
|
+
* Si cualquier validación falla → rechaza la promesa con un Error legible;
|
|
90
|
+
* el componente que la consuma debe cancelar la operación de adjuntar.
|
|
91
|
+
*/
|
|
92
|
+
uploadAttachment(file: File): Promise<string>;
|
|
70
93
|
/**
|
|
71
94
|
* Obtiene la configuración actual del servicio.
|
|
72
95
|
*/
|
package/lib/version.d.ts
CHANGED