Docker/planka
Docker/planka
1
0
Fork 0
mirror of https://github.com/plankanban/planka.git synced 2025-07-22 22:59:44 +02:00
Code Issues Releases Activity

fix: Secure S3 attachments, bump SDK, refactoring

Browse source 
Closes #673
This commit is contained in:
Maksim Eltyshev 2024-11-12 15:58:22 +01:00
parent f20a3d50f5
commit 97f4c0ab0d
27 changed files with 2180 additions and 702 deletions
Download patch file Download diff file Expand all files Collapse all files

19
server/api/controllers/attachments/download-thumbnail.js
View file

@ -1,6 +1,3 @@
const fs = require('fs');
const path = require('path');
const Errors = {
ATTACHMENT_NOT_FOUND: {
attachmentNotFound: 'Attachment not found',
@ -46,20 +43,20 @@ module.exports = {
throw Errors.ATTACHMENT_NOT_FOUND;
}
const filePath = path.join(
sails.config.custom.attachmentsPath,
attachment.dirname,
'thumbnails',
`cover-256.${attachment.image.thumbnailsExtension}`,
);
const fileManager = sails.hooks['file-manager'].getInstance();
if (!fs.existsSync(filePath)) {
let readStream;
try {
readStream = await fileManager.read(
`${sails.config.custom.attachmentsPathSegment}/${attachment.dirname}/thumbnails/cover-256.${attachment.image.thumbnailsExtension}`,
);
} catch (error) {
throw Errors.ATTACHMENT_NOT_FOUND;
}
this.res.type('image/jpeg');
this.res.set('Cache-Control', 'private, max-age=900'); // TODO: move to config
return exits.success(fs.createReadStream(filePath));
return exits.success(readStream);
},
};

16
server/api/controllers/attachments/download.js
View file

@ -1,4 +1,3 @@
const fs = require('fs');
const path = require('path');
const Errors = {
@ -42,13 +41,14 @@ module.exports = {
}
}
const filePath = path.join(
sails.config.custom.attachmentsPath,
attachment.dirname,
attachment.filename,
);
const fileManager = sails.hooks['file-manager'].getInstance();
if (!fs.existsSync(filePath)) {
let readStream;
try {
readStream = await fileManager.read(
`${sails.config.custom.attachmentsPathSegment}/${attachment.dirname}/${attachment.filename}`,
);
} catch (error) {
throw Errors.ATTACHMENT_NOT_FOUND;
}
@ -58,6 +58,6 @@ module.exports = {
}
this.res.set('Cache-Control', 'private, max-age=900'); // TODO: move to config
return exits.success(fs.createReadStream(filePath));
return exits.success(readStream);
},
};