feat: includes file extension in mimetype detection

aragon · Nov 10, 2023 · 5fb034c · 5fb034c
1 parent 9c557d3
commit 5fb034c
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 16 deletions.
diff --git a/src/helpers/mimetype.ts b/src/helpers/mimetype.ts
@@ -3,33 +3,43 @@ import Logger from "./logger";
 
 export function isAllowedMimeType(
   file: Buffer,
-  allowedMimeTypes: string[]
+  allowedMimeTypes: string[],
+  filename: string = ""
 ): Promise<boolean> {
   const logger = new Logger("isAllowedMimeType");
   return filetype
     .fromBuffer(file)
     .then((fileType) => {
       logger.debug(`Got fileType ${fileType}`);
-      let fileTypeWithDefault = fileType || { mime: "text/plain" };
+      let fileTypeWithDefault: string | undefined = fileType?.mime;
+
+      if (!fileTypeWithDefault) {
+        const extension = filename.split(".").pop();
+        logger.debug(`Found file extension .${extension}`)
+        switch (extension) {
+          case "json":
+            try {
+              JSON.parse(file.toString());
+              fileTypeWithDefault = "application/json";
+              break;
+            } catch (e) {
+              // ignore
+            }
+          default:
+            fileTypeWithDefault = "text/plain";
+        }
+      }
+
       if (fileTypeWithDefault) {
         for (const type of allowedMimeTypes) {
-          const match = fileTypeWithDefault.mime.match(type);
+          const match = fileTypeWithDefault.match(type);
           if (match) {
-            logger.info(`Filetype ${fileType?.mime} allowed`);
+            logger.info(`Filetype ${fileTypeWithDefault} allowed`);
             return true;
           }
         }
       }
-      if (allowedMimeTypes.includes("application/json")) {
-        try {
-          logger.info(`Filetype appcliation/json allowed`);
-          JSON.parse(file.toString());
-          return true;
-        } catch (e) {
-          // ignore
-        }
-      }
-      logger.info(`Filetype ${fileType?.mime} not allowed!`);
+      logger.info(`Filetype ${fileTypeWithDefault} not allowed!`);
       return false;
     })
     .catch(() => false);

diff --git a/src/middlewares/add.ts b/src/middlewares/add.ts
@@ -1,7 +1,7 @@
 import Express from "express";
 import Logger from "../helpers/logger";
 import multiparty from "multiparty";
-import {isAllowedMimeType} from "../helpers/mimetype";
+import { isAllowedMimeType } from "../helpers/mimetype";
 
 interface Error {
   statusCode: number;
@@ -32,6 +32,7 @@ export function addRouteMiddleware(
     });
 
     form.on("part", (part) => {
+      const filename = part.filename;
       logger.debug(`Part received with name ${part.name}`);
       if (!allowDirectories) {
         if (part.headers["content-type"] == "application/x-directory") {
@@ -54,7 +55,7 @@ export function addRouteMiddleware(
         if (!file) {
           return;
         }
-        isAllowedMimeType(file, allowedMimeTypes).then((allowed) => {
+        isAllowedMimeType(file, allowedMimeTypes, filename).then((allowed) => {
           if (!allowed) {
             form.emit("error", {
               statusCode: 400,