chore(feat): add fix

2077-Collective · Dec 18, 2024 · 766b787 · 766b787
1 parent c27db8b
commit 766b787
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 3 deletions.
diff --git a/server/apps/research/serializers/article_serializer.py b/server/apps/research/serializers/article_serializer.py
@@ -169,7 +169,7 @@ def create(self, validated_data: dict) -> Article:
             return article
         except Exception as e:
             logging.error(f"Error creating article: {str(e)}")
-            raise serializers.ValidationError("An error occurred while creating the article.")
+            raise serializers.ValidationError("An error occurred while creating the article.") from e
 
     def update(self, instance: Article, validated_data: dict) -> Article:
         """Update an existing article instance."""

diff --git a/server/apps/research/views.py b/server/apps/research/views.py
@@ -16,6 +16,9 @@
 from django.views.decorators.csrf import csrf_exempt
 from django.views.decorators.http import require_http_methods
 from django.core.exceptions import ValidationError
+from rest_framework.decorators import api_view, permission_classes, throttle_classes
+from rest_framework.permissions import IsAuthenticated
+from rest_framework.throttling import UserRateThrottle
 
 
 # Set up logging
@@ -127,20 +130,37 @@ def is_valid_uuid(self, value):
         except ValueError:
             return False
 
+class ImageUploadRateThrottle(UserRateThrottle):
+    rate = '60/hour'
+
 @require_http_methods(["POST"])
+@api_view(['POST'])
+@permission_classes([IsAuthenticated])
+@throttle_classes([ImageUploadRateThrottle])
 def tinymce_upload_image(request):
     if request.method == "POST" and request.FILES:
         try:
             file = request.FILES['file']
+            # Enhanced file validation
+            allowed_types = {'image/jpeg', 'image/png', 'image/gif'}
             if not file.content_type.startswith('image/'):
                 raise ValidationError("Only image files are allowed")
+            if file.content_type not in allowed_types:
+                raise ValidationError(f"Unsupported image type. Allowed types: {', '.join(allowed_types)}")
             if file.size > 5 * 1024 * 1024:
                 raise ValidationError("File size too large")
+
+            # Sanitize filename
+            import re
+            safe_filename = re.sub(r'[^a-zA-Z0-9._-]', '', file.name)
+
             upload_data = cloudinary.uploader.upload(
                 file,
                 folder='article_content',
                 allowed_formats=['png', 'jpg', 'jpeg', 'gif'],
-                resource_type="image"
+                resource_type="image",
+                filename_override=safe_filename,
+                unique_filename=True
             )
             return JsonResponse({
                 'location': upload_data['secure_url']

diff --git a/server/core/config/base.py b/server/core/config/base.py
@@ -188,7 +188,6 @@
         "BACKEND": "whitenoise.storage.CompressedStaticFilesStorage",
     },
 }
-
 # Default primary key field type
 # https://docs.djangoproject.com/en/5.0/ref/settings/#default-auto-field
-Original file line number
+Diff line change
@@ Expand Up / @@ -188,7 +188,6 @@ @@
             "BACKEND": "whitenoise.storage.CompressedStaticFilesStorage",
         },
     }
     # Default primary key field type
     # https://docs.djangoproject.com/en/5.0/ref/settings/#default-auto-field
@@ Expand Down @@