Merge pull request #238 from esek/fix/crash

[FIX] Crash when sending bad accessType
esek · Sep 5, 2022 · 486f275 · 486f275
2 parents f22f04c + a51e62d
commit 486f275
Show file tree

Hide file tree

Showing 5 changed files with 27 additions and 11 deletions.
diff --git a/CHANGELOG.MD b/CHANGELOG.MD
@@ -4,6 +4,9 @@ Alla märkbara ändringar ska dokumenteras i denna fil.
 Baserat på [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 och följer [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [1.1.3] - 2022-08-30
+- Fixat krash i `/files/upload`
+
 ## [1.1.2] - 2022-08-24
 - Fixat så att vi inte bloatar med scalars som inte används.
 

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "ekorre-ts",
-  "version": "1.1.2",
+  "version": "1.1.3",
   "description": "E-Sektionens backend",
   "main": "src/index.ts",
   "scripts": {

diff --git a/src/api/file.api.ts b/src/api/file.api.ts
@@ -37,16 +37,16 @@ class FileAPI {
     path: string,
     creator: string,
   ): Promise<PrismaFile> {
-    try {
-      const type = this.getFileType(file.name);
+    const type = this.getFileType(file.name);
 
-      const hashedName = this.createHashedName(file.name);
+    const hashedName = this.createHashedName(file.name);
 
-      const trimmedPath = this.trimFolder(path);
+    const trimmedPath = this.trimFolder(path);
 
-      const folder = `${ROOT}/${trimmedPath}`;
-      const location = `${folder}${hashedName}`;
+    const folder = `${ROOT}/${trimmedPath}`;
+    const location = `${folder}${hashedName}`;
 
+    try {
       // Create folder(s) if it doesn't exist
       if (!syncFs.existsSync(folder)) {
         await fs.mkdir(folder, { recursive: true });
@@ -71,6 +71,10 @@ class FileAPI {
       return res;
     } catch (err) {
       logger.error(err);
+
+      // We don't care if this fails since we can't do anything about it
+      await fs.rm(location).catch(() => {});
+
       throw new ServerError('Kunde inte spara filen');
     }
   }

diff --git a/src/routes/file.routes.ts b/src/routes/file.routes.ts
@@ -61,9 +61,18 @@ filesRoute.post('/upload', upload(), verifyAuthenticated, async (req, res) => {
 
   const accessType = body?.accessType ?? AccessType.Public;
   const path = body?.path ?? '/';
-  const dbFile = await fileApi.saveFile(file, accessType, path, res.locals.user.username);
 
-  return res.send(reduce(dbFile, fileReduce));
+  if (!Object.values(AccessType).includes(accessType)) {
+    return res.status(400).send('Invalid access type');
+  }
+
+  try {
+    const dbFile = await fileApi.saveFile(file, accessType, path, res.locals.user.username);
+    return res.send(reduce(dbFile, fileReduce));
+  } catch (e) {
+    logger.error(e);
+    return res.status(500).send(e);
+  }
 });
 
 filesRoute.post('/upload/avatar', upload(), verifyAuthenticated, async (req, res) => {