Skip to content

Commit

Permalink
Merge pull request #848 from veliovgroup/dev
Browse files Browse the repository at this point in the history
📦 v2.3.0

__New features:__

- ✨ `opts.sanitize` method, read more in [*Constructor* docs](https://github.com/veliovgroup/Meteor-Files/blob/master/docs/constructor.md); Thanks to @xet7 and @mfilser

__Other Changes:__

- 👷‍♂️ Minor codebase enhancements and cleanups
  • Loading branch information
dr-dimitru authored Aug 17, 2022
2 parents 313e842 + 2f8d1f8 commit 00ab6f7
Show file tree
Hide file tree
Showing 5 changed files with 67 additions and 43 deletions.
4 changes: 2 additions & 2 deletions .versions
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ [email protected]
[email protected]
[email protected]
[email protected]
local-test:ostrio:files@2.2.1
local-test:ostrio:files@2.3.0
[email protected]
[email protected]
[email protected]
Expand All @@ -35,7 +35,7 @@ [email protected]
[email protected]
[email protected]
ostrio:[email protected]
ostrio:files@2.2.1
ostrio:files@2.3.0
[email protected]
[email protected]
[email protected]
Expand Down
15 changes: 8 additions & 7 deletions client.js
Original file line number Diff line number Diff line change
Expand Up @@ -8,9 +8,9 @@ import FilesCollectionCore from './core.js';
import { formatFleURL, helpers } from './lib.js';

const NOOP = () => { };
const allowedParams = ['debug', 'ddp', 'schema', 'public', 'chunkSize', 'downloadRoute', 'collection', 'collectionName', 'namingFunction', 'onBeforeUpload', 'allowClientCode', 'onbeforeunloadMessage', 'disableUpload', 'disableSetTokenCookie', 'allowQueryStringCookies'];
const allowedParams = ['allowClientCode', 'allowQueryStringCookies', 'chunkSize', 'collection', 'collectionName', 'ddp', 'debug', 'disableSetTokenCookie', 'disableUpload', 'downloadRoute', 'namingFunction', 'onBeforeUpload', 'onbeforeunloadMessage', 'public', 'sanitize', 'schema'];

/*
/**
* @locus Anywhere
* @class FilesCollection
* @param config {Object} - [Both] Configuration object with next properties:
Expand All @@ -31,6 +31,7 @@ const allowedParams = ['debug', 'ddp', 'schema', 'public', 'chunkSize', 'downloa
* @param config.disableUpload {Boolean} - Disable file upload, useful for server only solutions
* @param config.disableSetTokenCookie {Boolean} - Disable cookie setting. Useful when you use multiple file collections or when you want to implement your own authorization.
* @param config.allowQueryStringCookies {Boolean} - Allow passing Cookies in a query string (in URL). Primary should be used only in Cordova environment. Note: this option will be used only on Cordova. Default: `false`
* @param config.sanitize {Function} - Override default sanitize function
* @summary Create new instance of FilesCollection
*/
class FilesCollection extends FilesCollectionCore {
Expand Down Expand Up @@ -173,7 +174,7 @@ class FilesCollection extends FilesCollectionCore {
};
}

/*
/**
* @locus Anywhere
* @memberOf FilesCollection
* @name _getMimeType
Expand All @@ -194,7 +195,7 @@ class FilesCollection extends FilesCollectionCore {
return mime;
}

/*
/**
* @locus Anywhere
* @memberOf FilesCollection
* @name _getUser
Expand All @@ -217,7 +218,7 @@ class FilesCollection extends FilesCollectionCore {
return result;
}

/*
/**
* @locus Client
* @memberOf FilesCollection
* @name insert
Expand Down Expand Up @@ -251,13 +252,13 @@ class FilesCollection extends FilesCollectionCore {
*/
insert(config, autoStart = true) {
if (this.disableUpload) {
console.warn('[FilesCollection] [insert()] Upload is disabled with [disableUpload]!');
Meteor._debug('[FilesCollection] [insert()] Upload is disabled with [disableUpload]!');
return {};
}
return (new UploadInstance(config, this))[autoStart ? 'start' : 'manual']();
}

/*
/**
* @locus Anywhere
* @memberOf FilesCollection
* @name remove
Expand Down
17 changes: 17 additions & 0 deletions docs/constructor.md
Original file line number Diff line number Diff line change
Expand Up @@ -873,6 +873,23 @@
Useful when you use multiple file collections or when you want to implement your own authorization.
</td>
</tr>
<tr>
<td align="right">
<code>config.sanitize</code> {<em>Function</em>}
</td>
<td>
Server (*accepted, but no used on the Client*)
</td>
<td>
Sanitizer for sensitive Strings; Overrides default <code>sanitize()</code> method of <em>FilesCollection</em> instance. Primary used for <code>FSName</code> and <code>fileId</code>. <em>Very low-level</em>. <b>Warning: use with caution!</b>
</td>
<td>
<a href="https://github.com/veliovgroup/Meteor-Files/blob/313e842468f743c04a5310778ea63c7fd2d3c612/lib.js#L4-L6">Default function</a>
</td>
<td>
Read more in <a href="https://github.com/veliovgroup/Meteor-Files/issues/847">#847</a>, <a href="https://github.com/wekan/wekan/pull/4638">wekan/#4638</a>, and <a href="https://github.com/wekan/wekan/issues/4640">wekan/#4640</a>
</td>
</tr>
<tr>
<td align="right">
<code>config._preCollection</code> {<em>Mongo.Collection</em>}
Expand Down
2 changes: 1 addition & 1 deletion package.js
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
Package.describe({
name: 'ostrio:files',
version: '2.2.1',
version: '2.3.0',
summary: 'Upload files to a server or 3rd party storage: AWS:S3, GridFS, DropBox, and other',
git: 'https://github.com/veliovgroup/Meteor-Files',
documentation: 'README.md'
Expand Down
72 changes: 39 additions & 33 deletions server.js
Original file line number Diff line number Diff line change
Expand Up @@ -111,6 +111,7 @@ const createIndex = async (collection, keys, opts) => {
* @param config.disableDownload {Boolean} - Disable file download (serving), useful for file management only solutions
* @param config.allowedOrigins {Regex|Boolean} - [Server] Regex of Origins that are allowed CORS access or `false` to disable completely. Defaults to `/^http:\/\/localhost:12[0-9]{3}$/` for allowing Meteor-Cordova builds access
* @param config.allowQueryStringCookies {Boolean} - Allow passing Cookies in a query string (in URL). Primary should be used only in Cordova environment. Note: this option will be used only on Cordova. Default: `false`
* @param config.sanitize {Function} - Override default sanitize function
* @param config._preCollection {Mongo.Collection} - [Server] Mongo preCollection Instance
* @param config._preCollectionName {String} - [Server] preCollection name
* @summary Create new instance of FilesCollection
Expand All @@ -121,39 +122,40 @@ class FilesCollection extends FilesCollectionCore {
let storagePath;
if (config) {
({
storagePath,
debug: this.debug,
schema: this.schema,
public: this.public,
strict: this.strict,
getUser: this.getUser,
_preCollection: this._preCollection,
_preCollectionName: this._preCollectionName,
allowClientCode: this.allowClientCode,
allowedOrigins: this.allowedOrigins,
allowQueryStringCookies: this.allowQueryStringCookies,
cacheControl: this.cacheControl,
chunkSize: this.chunkSize,
protected: this.protected,
collection: this.collection,
permissions: this.permissions,
cacheControl: this.cacheControl,
collectionName: this.collectionName,
continueUploadTTL: this.continueUploadTTL,
debug: this.debug,
disableDownload: this.disableDownload,
disableUpload: this.disableUpload,
downloadCallback: this.downloadCallback,
downloadRoute: this.downloadRoute,
onAfterUpload: this.onAfterUpload,
getUser: this.getUser,
integrityCheck: this.integrityCheck,
interceptDownload: this.interceptDownload,
interceptRequest: this.interceptRequest,
namingFunction: this.namingFunction,
onAfterRemove: this.onAfterRemove,
disableUpload: this.disableUpload,
onAfterUpload: this.onAfterUpload,
onBeforeRemove: this.onBeforeRemove,
integrityCheck: this.integrityCheck,
collectionName: this.collectionName,
onBeforeUpload: this.onBeforeUpload,
namingFunction: this.namingFunction,
responseHeaders: this.responseHeaders,
disableDownload: this.disableDownload,
allowedOrigins: this.allowedOrigins,
allowClientCode: this.allowClientCode,
downloadCallback: this.downloadCallback,
onInitiateUpload: this.onInitiateUpload,
interceptRequest: this.interceptRequest,
interceptDownload: this.interceptDownload,
continueUploadTTL: this.continueUploadTTL,
parentDirPermissions: this.parentDirPermissions,
allowQueryStringCookies: this.allowQueryStringCookies,
_preCollection: this._preCollection,
_preCollectionName: this._preCollectionName,
permissions: this.permissions,
protected: this.protected,
public: this.public,
responseHeaders: this.responseHeaders,
sanitize: this.sanitize,
schema: this.schema,
storagePath,
strict: this.strict,
} = config);
}

Expand Down Expand Up @@ -288,6 +290,10 @@ class FilesCollection extends FilesCollectionCore {
this.continueUploadTTL = 10800;
}

if (!helpers.isFunction(this.sanitize)) {
this.sanitize = helpers.sanitize;
}

if (!helpers.isFunction(this.responseHeaders)) {
this.responseHeaders = (responseCode, fileRef, versionRef) => {
const headers = {};
Expand Down Expand Up @@ -571,7 +577,7 @@ class FilesCollection extends FilesCollectionCore {
if (httpReq.headers['x-start'] !== '1') {
// CHUNK UPLOAD SCENARIO:
opts = {
fileId: helpers.sanitize(httpReq.headers['x-fileid'], 20, 'a')
fileId: this.sanitize(httpReq.headers['x-fileid'], 20, 'a')
};

if (httpReq.headers['x-eof'] === '1') {
Expand Down Expand Up @@ -647,7 +653,7 @@ class FilesCollection extends FilesCollectionCore {
}

if (opts.fileId) {
opts.fileId = helpers.sanitize(opts.fileId, 20, 'a');
opts.fileId = this.sanitize(opts.fileId, 20, 'a');
}

this._debug(`[FilesCollection] [File Start HTTP] ${opts.file.name || '[no-name]'} - ${opts.fileId}`);
Expand Down Expand Up @@ -842,7 +848,7 @@ class FilesCollection extends FilesCollectionCore {

check(returnMeta, Match.Optional(Boolean));

opts.fileId = helpers.sanitize(opts.fileId, 20, 'a');
opts.fileId = self.sanitize(opts.fileId, 20, 'a');

self._debug(`[FilesCollection] [File Start Method] ${opts.file.name} - ${opts.fileId}`);
opts.___s = true;
Expand Down Expand Up @@ -886,7 +892,7 @@ class FilesCollection extends FilesCollectionCore {
chunkId: Match.Optional(Number)
});

opts.fileId = helpers.sanitize(opts.fileId, 20, 'a');
opts.fileId = self.sanitize(opts.fileId, 20, 'a');

if (opts.binData) {
opts.binData = Buffer.from(opts.binData, 'base64');
Expand Down Expand Up @@ -984,7 +990,7 @@ class FilesCollection extends FilesCollectionCore {
result.ext = extension;
result._id = opts.fileId;
result.userId = userId || null;
opts.FSName = helpers.sanitize(opts.FSName);
opts.FSName = this.sanitize(opts.FSName);

if (this.namingFunction) {
opts.FSName = this.namingFunction(opts);
Expand Down Expand Up @@ -1225,7 +1231,7 @@ class FilesCollection extends FilesCollectionCore {
check(callback, Match.Optional(Function));
check(proceedAfterUpload, Match.Optional(Boolean));

opts.fileId = opts.fileId && helpers.sanitize(opts.fileId, 20, 'a');
opts.fileId = opts.fileId && this.sanitize(opts.fileId, 20, 'a');
const fileId = opts.fileId || Random.id();
const fsName = this.namingFunction ? this.namingFunction(opts) : fileId;
const fileName = (opts.name || opts.fileName) ? (opts.name || opts.fileName) : fsName;
Expand Down Expand Up @@ -1340,7 +1346,7 @@ class FilesCollection extends FilesCollectionCore {
opts.timeout = 360000;
}

const fileId = (opts.fileId && helpers.sanitize(opts.fileId, 20, 'a')) || Random.id();
const fileId = (opts.fileId && this.sanitize(opts.fileId, 20, 'a')) || Random.id();
const fsName = this.namingFunction ? this.namingFunction(opts) : fileId;
const pathParts = url.split('/');
const fileName = (opts.name || opts.fileName) ? (opts.name || opts.fileName) : pathParts[pathParts.length - 1].split('?')[0] || fsName;
Expand Down Expand Up @@ -1556,7 +1562,7 @@ class FilesCollection extends FilesCollectionCore {
userId: opts.userId,
extension,
_storagePath: path.replace(`${nodePath.sep}${opts.fileName}`, ''),
fileId: (opts.fileId && helpers.sanitize(opts.fileId, 20, 'a')) || null
fileId: (opts.fileId && this.sanitize(opts.fileId, 20, 'a')) || null
});


Expand Down

0 comments on commit 00ab6f7

Please sign in to comment.