enhance(server): better content type detection

author: syuilo <Syuilotan@yahoo.co.jp> 2021-12-26 01:43:51 +0900
committer: syuilo <Syuilotan@yahoo.co.jp> 2021-12-26 01:43:51 +0900
commit: d53795184cd0ee326b0da58b267e3460f948703c (patch)
tree: bb6c8a62f79116f3e4f4baa8d26d44d1ad08352f /packages/backend/src/server/proxy
parent: enhance(client): :art: (diff)
download: sharkey-d53795184cd0ee326b0da58b267e3460f948703c.tar.gz
sharkey-d53795184cd0ee326b0da58b267e3460f948703c.tar.bz2
sharkey-d53795184cd0ee326b0da58b267e3460f948703c.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/packages/backend/src/server/proxy/proxy-media.ts b/packages/backend/src/server/proxy/proxy-media.ts
index 9e13c0877f..7d6652a97a 100644
--- a/packages/backend/src/server/proxy/proxy-media.ts
+++ b/packages/backend/src/server/proxy/proxy-media.ts
@@ -6,6 +6,7 @@ import { createTemp } from '@/misc/create-temp';
 import { downloadUrl } from '@/misc/download-url';
 import { detectType } from '@/misc/get-file-info';
 import { StatusError } from '@/misc/fetch';
+import { FILE_TYPE_WHITELIST } from '@/const';
 
 export async function proxyMedia(ctx: Koa.Context) {
 	const url = 'url' in ctx.query ? ctx.query.url : 'https://' + ctx.params.url;
@@ -18,7 +19,7 @@ export async function proxyMedia(ctx: Koa.Context) {
 
 		const { mime, ext } = await detectType(path);
 
-		if (!mime.startsWith('image/')) throw 403;
+		if (!FILE_TYPE_WHITELIST.includes(mime)) throw 403;
 
 		let image: IImage;
author	syuilo <Syuilotan@yahoo.co.jp>	2021-12-26 01:43:51 +0900
committer	syuilo <Syuilotan@yahoo.co.jp>	2021-12-26 01:43:51 +0900
commit	d53795184cd0ee326b0da58b267e3460f948703c (patch)
tree	bb6c8a62f79116f3e4f4baa8d26d44d1ad08352f /packages/backend/src/server/proxy
parent	enhance(client): :art: (diff)
download	sharkey-d53795184cd0ee326b0da58b267e3460f948703c.tar.gz sharkey-d53795184cd0ee326b0da58b267e3460f948703c.tar.bz2 sharkey-d53795184cd0ee326b0da58b267e3460f948703c.zip