diff options
| author | syuilo <Syuilotan@yahoo.co.jp> | 2021-12-29 17:21:08 +0900 |
|---|---|---|
| committer | syuilo <Syuilotan@yahoo.co.jp> | 2021-12-29 17:21:08 +0900 |
| commit | aedbab17cc400ae7ac17498463504f40646e8673 (patch) | |
| tree | b201117ea36ef978dbcb8d917f35e6aff2a5c709 /packages/backend/src | |
| parent | fix(server): エクスポートした絵文字の拡張子がfalseになる... (diff) | |
| download | sharkey-aedbab17cc400ae7ac17498463504f40646e8673.tar.gz sharkey-aedbab17cc400ae7ac17498463504f40646e8673.tar.bz2 sharkey-aedbab17cc400ae7ac17498463504f40646e8673.zip | |
revert d53795184
Diffstat (limited to 'packages/backend/src')
| -rw-r--r-- | packages/backend/src/const.ts | 45 | ||||
| -rw-r--r-- | packages/backend/src/server/file/send-drive-file.ts | 8 | ||||
| -rw-r--r-- | packages/backend/src/server/proxy/proxy-media.ts | 3 | ||||
| -rw-r--r-- | packages/backend/src/services/drive/add-file.ts | 2 |
4 files changed, 4 insertions, 54 deletions
diff --git a/packages/backend/src/const.ts b/packages/backend/src/const.ts index b00bd81655..43f59f1e4f 100644 --- a/packages/backend/src/const.ts +++ b/packages/backend/src/const.ts @@ -1,47 +1,2 @@ export const USER_ONLINE_THRESHOLD = 1000 * 60 * 10; // 10min export const USER_ACTIVE_THRESHOLD = 1000 * 60 * 60 * 24 * 3; // 3days - -// ブラウザで直接表示することを許可するファイルの種類のリスト -// ここに含まれないものは application/octet-stream としてレスポンスされる -// SVGはXSSを生むので許可しない -export const FILE_TYPE_BROWSERSAFE = [ - // Images - 'image/png', - 'image/gif', - 'image/jpeg', - 'image/webp', - 'image/apng', - 'image/bmp', - 'image/tiff', - 'image/x-icon', - - // OggS - 'audio/opus', - 'video/ogg', - 'audio/ogg', - 'application/ogg', - - // ISO/IEC base media file format - 'video/quicktime', - 'video/mp4', - 'audio/mp4', - 'video/x-m4v', - 'audio/x-m4a', - 'video/3gpp', - 'video/3gpp2', - - 'video/mpeg', - 'audio/mpeg', - - 'video/webm', - 'audio/webm', - - 'audio/aac', - 'audio/x-flac', - 'audio/vnd.wave', -]; -/* -https://github.com/sindresorhus/file-type/blob/main/supported.js -https://github.com/sindresorhus/file-type/blob/main/core.js -https://developer.mozilla.org/en-US/docs/Web/Media/Formats/Containers -*/ diff --git a/packages/backend/src/server/file/send-drive-file.ts b/packages/backend/src/server/file/send-drive-file.ts index 7bfc36e25a..8bb5655b4f 100644 --- a/packages/backend/src/server/file/send-drive-file.ts +++ b/packages/backend/src/server/file/send-drive-file.ts @@ -14,7 +14,6 @@ import { detectType } from '@/misc/get-file-info'; import { convertToJpeg, convertToPngOrJpeg } from '@/services/drive/image-processor'; import { GenerateVideoThumbnail } from '@/services/drive/generate-video-thumbnail'; import { StatusError } from '@/misc/fetch'; -import { FILE_TYPE_BROWSERSAFE } from '@/const'; //const _filename = fileURLToPath(import.meta.url); const _filename = __filename; @@ -28,7 +27,6 @@ const commonReadableHandlerGenerator = (ctx: Koa.Context) => (e: Error): void => ctx.set('Cache-Control', 'max-age=300'); }; -// eslint-disable-next-line import/no-default-export export default async function(ctx: Koa.Context) { const key = ctx.params.key; @@ -83,7 +81,7 @@ export default async function(ctx: Koa.Context) { const image = await convertFile(); ctx.body = image.data; - ctx.set('Content-Type', FILE_TYPE_BROWSERSAFE.includes(image.type) ? image.type : 'application/octet-stream'); + ctx.set('Content-Type', image.type); ctx.set('Cache-Control', 'max-age=31536000, immutable'); } catch (e) { serverLogger.error(`${e}`); @@ -114,14 +112,14 @@ export default async function(ctx: Koa.Context) { }).toString(); ctx.body = InternalStorage.read(key); - ctx.set('Content-Type', FILE_TYPE_BROWSERSAFE.includes(mime) ? mime : 'application/octet-stream'); + ctx.set('Content-Type', mime); ctx.set('Cache-Control', 'max-age=31536000, immutable'); ctx.set('Content-Disposition', contentDisposition('inline', filename)); } else { const readable = InternalStorage.read(file.accessKey!); readable.on('error', commonReadableHandlerGenerator(ctx)); ctx.body = readable; - ctx.set('Content-Type', FILE_TYPE_BROWSERSAFE.includes(file.type) ? file.type : 'application/octet-stream'); + ctx.set('Content-Type', file.type); ctx.set('Cache-Control', 'max-age=31536000, immutable'); ctx.set('Content-Disposition', contentDisposition('inline', file.name)); } diff --git a/packages/backend/src/server/proxy/proxy-media.ts b/packages/backend/src/server/proxy/proxy-media.ts index b116b4b961..9e13c0877f 100644 --- a/packages/backend/src/server/proxy/proxy-media.ts +++ b/packages/backend/src/server/proxy/proxy-media.ts @@ -6,7 +6,6 @@ import { createTemp } from '@/misc/create-temp'; import { downloadUrl } from '@/misc/download-url'; import { detectType } from '@/misc/get-file-info'; import { StatusError } from '@/misc/fetch'; -import { FILE_TYPE_BROWSERSAFE } from '@/const'; export async function proxyMedia(ctx: Koa.Context) { const url = 'url' in ctx.query ? ctx.query.url : 'https://' + ctx.params.url; @@ -19,7 +18,7 @@ export async function proxyMedia(ctx: Koa.Context) { const { mime, ext } = await detectType(path); - if (!FILE_TYPE_BROWSERSAFE.includes(mime)) throw 403; + if (!mime.startsWith('image/')) throw 403; let image: IImage; diff --git a/packages/backend/src/services/drive/add-file.ts b/packages/backend/src/services/drive/add-file.ts index a59c9501bc..ee4d51a96d 100644 --- a/packages/backend/src/services/drive/add-file.ts +++ b/packages/backend/src/services/drive/add-file.ts @@ -20,7 +20,6 @@ import { isDuplicateKeyValueError } from '@/misc/is-duplicate-key-value-error'; import * as S3 from 'aws-sdk/clients/s3'; import { getS3 } from './s3'; import * as sharp from 'sharp'; -import { FILE_TYPE_BROWSERSAFE } from '@/const'; const logger = driveLogger.createSubLogger('register', 'yellow'); @@ -242,7 +241,6 @@ export async function generateAlts(path: string, type: string, generateWeb: bool */ async function upload(key: string, stream: fs.ReadStream | Buffer, type: string, filename?: string) { if (type === 'image/apng') type = 'image/png'; - if (!FILE_TYPE_BROWSERSAFE.includes(type)) type = 'application/octet-stream'; const meta = await fetchMeta(); |