Docker/planka
Docker/planka
1
0
Fork 0
mirror of https://github.com/plankanban/planka.git synced 2025-07-23 15:19:44 +02:00
Code Issues Releases Activity

fix: Secure S3 attachments, bump SDK, refactoring

Browse source 
Closes #673
This commit is contained in:
Maksim Eltyshev 2024-11-12 15:58:22 +01:00
parent 950a070589
commit 850f6df0ac
27 changed files with 2180 additions and 702 deletions
Download patch file Download diff file Expand all files Collapse all files

16
server/api/controllers/attachments/download.js
View file

@ -1,4 +1,3 @@
const fs = require('fs');
const path = require('path');
const Errors = {
@ -42,13 +41,14 @@ module.exports = {
}
}
const filePath = path.join(
sails.config.custom.attachmentsPath,
attachment.dirname,
attachment.filename,
);
const fileManager = sails.hooks['file-manager'].getInstance();
if (!fs.existsSync(filePath)) {
let readStream;
try {
readStream = await fileManager.read(
`${sails.config.custom.attachmentsPathSegment}/${attachment.dirname}/${attachment.filename}`,
);
} catch (error) {
throw Errors.ATTACHMENT_NOT_FOUND;
}
@ -58,6 +58,6 @@ module.exports = {
}
this.res.set('Cache-Control', 'private, max-age=900'); // TODO: move to config
return exits.success(fs.createReadStream(filePath));
return exits.success(readStream);
},
};