fix: Secure S3 attachments, bump SDK, refactoring

Closes #673

server/api/helpers/utils/get-simple-storage-service-client.js

@@ -1,45 +0,0 @@
-const AWS = require('aws-sdk');
-
-class S3Client {
-  constructor(options) {
-    AWS.config.update({
-      accessKeyId: options.accessKeyId,
-      secretAccessKey: options.secretAccessKey,
-      region: options.region,
-    });
-    this.bucket = options.bucket;
-    this.client = new AWS.S3({
-      endpoint: options.endpoint,
-    });
-  }
-
-  upload({ Key, Body, ContentType }) {
-    return this.client
-      .upload({
-        Bucket: this.bucket,
-        Key,
-        Body,
-        ContentType,
-        ACL: 'public-read',
-      })
-      .promise();
-  }
-
-  delete({ Key }) {
-    return this.client
-      .deleteObject({
-        Bucket: this.bucket,
-        Key,
-      })
-      .promise();
-  }
-}
-
-module.exports = {
-  fn() {
-    if (sails.config.custom.s3Config) {
-      return new S3Client(sails.config.custom.s3Config);
-    }
-    return null;
-  },
-};

server/api/helpers/utils/receive-file.js

@@ -4,7 +4,7 @@ const { v4: uuid } = require('uuid');
 async function doUpload(paramName, req, options) {
   const uploadOptions = {
     ...options,
-    dirname: options.dirname || sails.config.custom.fileUploadTmpDir,
+    dirname: options.dirname || sails.config.custom.uploadsTempPath,
   };
   const upload = util.promisify((opts, callback) => {
     return req.file(paramName).upload(opts, (error, files) => callback(error, files));
@@ -33,7 +33,7 @@ module.exports = {
     exits.success(
       await doUpload(inputs.paramName, inputs.req, {
         saveAs: uuid(),
-        dirname: sails.config.custom.fileUploadTmpDir,
+        dirname: sails.config.custom.uploadsTempPath,
         maxBytes: null,
       }),
     );