Skip to content

Commit

Permalink
Restrict upload to a file which upload completed already
Browse files Browse the repository at this point in the history
  • Loading branch information
psi-4ward committed Mar 17, 2024
1 parent 707b72f commit b9853c9
Showing 1 changed file with 18 additions and 2 deletions.
20 changes: 18 additions & 2 deletions lib/endpoints.js
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ const downloadPage = pug.compileFile(path.join(__dirname, '../public/pug/downloa
const store = new Store(config.uploadDir);
const Db = require('./db');
const { createGzip } = require("zlib");
const httpErrors = require("http-errors");
const db = new Db(config.uploadDir, store);
db.init();
const app = express();
Expand Down Expand Up @@ -315,7 +316,7 @@ app.get(`${ config.baseUrl }files/:fid`, async (req, res, next) => {

// Upload file
app.use(`${ config.uploadAppPath }files`,
function(req, res, next) {
async function(req, res, next) {
// Upload password protection
if (config.uploadPass) {
const bfTimeout = 500;
Expand All @@ -331,6 +332,22 @@ app.use(`${ config.uploadAppPath }files`,

if (req.method === 'GET') return res.status(405).end();

// Restrict upload to a file which upload completed already
if(['POST', 'PATCH'].includes(req.method)) {
try {
const fid = req.url.substring(1);
const info = await store.info(fid);
if(!info.isPartial) {
return res.status(400).end('Upload already completed');
}
} catch(e) {
if(! e instanceof httpErrors.NotFound) {
console.error(e);
return;
}
}
}

if (req.method === 'POST') {
// validate meta-data
// !! tusMeta.encode supports only strings !!
Expand Down Expand Up @@ -387,7 +404,6 @@ app.use(`${ config.uploadAppPath }files`,
afterComplete: (req, upload, fid) => {
db.add(upload.metadata.sid, upload.metadata.key, upload);
debug(`Completed upload ${ fid }, size=${ upload.size } name=${ upload.metadata.name }`);

eventBus.emit('fileUploaded', upload);
},
})
Expand Down

0 comments on commit b9853c9

Please sign in to comment.