fix(config): new opts: admin_limit, user_limit, disabled_extensions (#68)

2021-08-28 21:02:04 -07:00 · 2021-08-28 21:02:04 -07:00 · e71590b9fb
commit e71590b9fb
parent 4728f1cc46
6 changed files with 42 additions and 16 deletions
--- a/config.example.toml
+++ b/config.example.toml
@ -10,3 +10,6 @@ route = '/u'
 embed_route = '/a'
 length = 6
 directory = './uploads'
+user_limit = 104900000 # 100mb
+admin_limit = 104900000 # 100mb
+disabled_extentions = ['jpg']
--- a/server/validateConfig.js
+++ b/server/validateConfig.js
@ -16,7 +16,10 @@ module.exports = async config => {
    path('uploader.route', 'string'),
    path('uploader.embed_route', 'string'),
    path('uploader.length', 'number'),
-    path('uploader.directory', 'string')
+    path('uploader.directory', 'string'),
+    path('uploader.admin_limit', 'number'),
+    path('uploader.user_limit', 'number'),
+    path('uploader.disabled_extentions', 'object'),
  ];

  let errors = 0;
@ -25,11 +28,11 @@ module.exports = async config => {
    const path = paths[i];
    const value = dot(path.path, config);
    if (value === undefined) {
-      Logger.get('config').error(`there was no ${path.path} in config`);
+      Logger.get('config').error(`there was no ${path.path} in config which was required`);
      ++errors;
    }
-    const type = typeof value;

+    const type = typeof value;
    if (value !== undefined && type !== path.type) {
      Logger.get('config').error(`expected ${path.type} on ${path.path}, but got ${type}`);
      ++errors;
--- a/src/lib/readConfig.js
+++ b/src/lib/readConfig.js
@ -2,7 +2,7 @@ const { existsSync, readFileSync } = require('fs');
 const { join } = require('path');
 const Logger = require('./logger');

-const e = (val, type, fn) => ({ val, type, fn });
+const e = (val, type, fn, required = true) => ({ val, type, fn, required });

 const envValues = [
  e('SECURE', 'boolean', (c, v) => c.core.secure = v),
@ -13,7 +13,10 @@ const envValues = [
  e('UPLOADER_ROUTE', 'string', (c, v) => c.uploader.route = v),
  e('UPLOADER_EMBED_ROUTE', 'string', (c, v) => c.uploader.embed_route = v),
  e('UPLOADER_LENGTH', 'number', (c, v) => c.uploader.length = v),
-  e('UPLOADER_DIRECTORY', 'string', (c, v) => c.uploader.directory = v)
+  e('UPLOADER_DIRECTORY', 'string', (c, v) => c.uploader.directory = v),
+  e('UPLOADER_ADMIN_LIMIT', 'number', (c, v) => c.uploader.admin_limit = v),
+  e('UPLOADER_USER_LIMIT', 'number', (c, v) => c.uploader.user_limit = v),
+  e('UPLOADER_DISABLED_EXTS', 'array', (c, v) => c.uploader.disabled_extentions = v),
 ];

 module.exports = () => {
@ -35,17 +38,17 @@ function tryReadEnv() {
      secure: undefined,
      secret: undefined,
      host: undefined,
-      port: undefined
-    },
-    database: {
-      type: undefined,
-      url: undefined
+      port: undefined,
+      database_url: undefined,
    },
    uploader: {
      route: undefined,
      embed_route: undefined,
      length: undefined,
-      directory: undefined
+      directory: undefined,
+      admin_limit: undefined,
+      user_limit: undefined,
+      disabled_extentions: undefined
    }
  };

@ -53,7 +56,7 @@ function tryReadEnv() {
    const envValue = envValues[i];
    let value = process.env[envValue.val];

-    if (!value) {
+    if (envValue.required && !value) {
      Logger.get('config').error('there is no config file or required environment variables... exiting...');

      process.exit(1);
@ -62,6 +65,7 @@ function tryReadEnv() {
    envValues[i].fn(config, value);
    if (envValue.type === 'number') value = parseToNumber(value);
    else if (envValue.type === 'boolean') value = parseToBoolean(value);
+    else if (envValue.type === 'array') value = parseToArray(value);
    envValues[i].fn(config, value);
  }

@ -80,3 +84,7 @@ function parseToBoolean(value) {
  if (!value || value === 'false') return false;
  else return true;
 }
+
+function parseToArray(value) {
+  return value.split(',');
+}
--- a/src/lib/types.ts
+++ b/src/lib/types.ts
@ -27,6 +27,15 @@ export interface ConfigUploader {

  // Where uploads are stored
  directory: string;
+
+  // Admin file upload limit
+  admin_limit: number;
+
+  // User file upload limit
+  user_limit: number;
+
+  // Disabled extensions to block from uploading
+  disabled_extentions: string[];
 }

 export interface Config {
--- a/src/pages/api/upload.ts
+++ b/src/pages/api/upload.ts
@ -22,11 +22,12 @@ async function handler(req: NextApiReq, res: NextApiRes) {
  });
  if (!user) return res.forbid('authorization incorect');
  if (!req.file) return res.error('no file');
+  if (req.file.size > zconfig.uploader[user.administrator ? 'admin_limit' : 'user_limit']) return res.error('file size too big');

  const ext = req.file.originalname.split('.').pop();
+  if (zconfig.uploader.disabled_extentions.includes(ext)) return res.error('disabled extension recieved: ' + ext);
  
  const rand = randomChars(zconfig.uploader.length);
-
  const image = await prisma.image.create({
    data: {
      file: `${rand}.${ext}`,
--- a/src/pages/api/users.ts
+++ b/src/pages/api/users.ts
@ -35,7 +35,9 @@ async function handler(req: NextApiReq, res: NextApiRes) {
        administrator: true,
        token: true,
        embedColor: true,
-        embedTitle: true
+        embedTitle: true,
+        customTheme: true,
+        systemTheme: true
      }
    });
    return res.json(all_users);