Ghost/core/server/web/api/middleware/upload.js

const path = require('path');
const os = require('os');
const multer = require('multer');
const fs = require('fs-extra');
const errors = require('@tryghost/errors');
const config = require('../../../../shared/config');
const tpl = require('@tryghost/tpl');
const logging = require('@tryghost/logging');

const messages = {
    db: {
        missingFile: 'Please select a database file to import.',
        invalidFile: 'Unsupported file. Please try any of the following formats: {extensions}'
    },
    redirects: {
        missingFile: 'Please select a JSON file.',
        invalidFile: 'Please select a valid JSON file to import.'
    },
    routes: {
        missingFile: 'Please select a YAML file.',
        invalidFile: 'Please select a valid YAML file to import.'
    },
    themes: {
        missingFile: 'Please select a theme.',
        invalidFile: 'Please select a valid zip file.'
    },
    images: {
        missingFile: 'Please select an image.',
        invalidFile: 'Please select a valid image.'
    },
    icons: {
        missingFile: 'Please select an icon.',
        invalidFile: 'Icon must be a square .ico or .png file between 60px – 1,000px, under 100kb.'
    }
};

const enabledClear = config.get('uploadClear') || true;
const upload = multer({dest: os.tmpdir()});

const deleteSingleFile = file => fs.unlink(file.path).catch(err => logging.error(err));

const single = name => (req, res, next) => {
    const singleUpload = upload.single(name);

    singleUpload(req, res, (err) => {
        if (err) {
            return next(err);
        }
        if (enabledClear) {
            const deleteFiles = () => {
                res.removeListener('finish', deleteFiles);
                res.removeListener('close', deleteFiles);
                if (!req.disableUploadClear) {
                    if (req.files) {
                        return req.files.forEach(deleteSingleFile);
                    }

                    if (req.file) {
                        return deleteSingleFile(req.file);
                    }
                }
            };
            if (!req.disableUploadClear) {
                res.on('finish', deleteFiles);
                res.on('close', deleteFiles);
            }
        }
        next();
    });
};

const checkFileExists = (fileData) => {
    return !!(fileData.mimetype && fileData.path);
};

const checkFileIsValid = (fileData, types, extensions) => {
    const type = fileData.mimetype;

    if (types.includes(type) && extensions.includes(fileData.ext)) {
        return true;
    }

    return false;
};

const validation = function (options) {
    const type = options.type;

    // if we finish the data/importer logic, we forward the request to the specified importer
    return function uploadValidation(req, res, next) {
        const extensions = (config.get('uploads')[type] && config.get('uploads')[type].extensions) || [];
        const contentTypes = (config.get('uploads')[type] && config.get('uploads')[type].contentTypes) || [];

        req.file = req.file || {};
        req.file.name = req.file.originalname;
        req.file.type = req.file.mimetype;

        // Check if a file was provided
        if (!checkFileExists(req.file)) {
            return next(new errors.ValidationError({
                message: tpl(messages[type].missingFile)
            }));
        }

        req.file.ext = path.extname(req.file.name).toLowerCase();

        // Check if the file is valid
        if (!checkFileIsValid(req.file, contentTypes, extensions)) {
            return next(new errors.UnsupportedMediaTypeError({
                message: tpl(messages[type].invalidFile, {extensions: extensions})
            }));
        }

        next();
    };
};

module.exports = {
    single,
    validation
};

// Exports for testing only
module.exports._test = {
    checkFileExists,
    checkFileIsValid
};
-												Moved upload validation mw into api app

- Moved upload validation mw from shared to api as it is not shared (except within the API)
- Co-located the code with the upload middleware, as it's small and gives us a nice API of .upload.single and .upload.validation
- This file is only used in one part of the app, this updates the code structure to reflect this
- This is one of many similar changes needed to make it easier to refactor to the existing setup

											
										
										
											2020-04-22 09:37:02 +03:00
+								const path = require('path');
-												🐛 Fixed files staying in temp directory after upload is done

closes #10174

- Introduced upload middleware that cleans up temporary files stored by mutler after the request is finished
- Removed redundant fs.remove calls as this work is now handled in newly introduced middleware

											
										
										
											2018-12-12 16:02:09 +03:00
+								const os = require('os');
 								const multer = require('multer');
 								const fs = require('fs-extra');
-												Moved upload validation mw into api app

- Moved upload validation mw from shared to api as it is not shared (except within the API)
- Co-located the code with the upload middleware, as it's small and gives us a nice API of .upload.single and .upload.validation
- This file is only used in one part of the app, this updates the code structure to reflect this
- This is one of many similar changes needed to make it easier to refactor to the existing setup

											
										
										
											2020-04-22 09:37:02 +03:00
+								const errors = require('@tryghost/errors');
-												Moved config from server to shared (#11850)

* moved `server/config` to `shared/config`
* updated config import paths in server to use shared
* updated config import paths in frontend to use shared
* updated config import paths in test to use shared
* updated config import paths in root to use shared
* trigger regression tests
* of course the rebase broke tests
											
										
										
											2020-05-27 20:47:53 +03:00
+								const config = require('../../../../shared/config');
-												Replaced i18n.t w/ tpl in upload middleware

refs: TryGhost#13380

- The i18n package is deprecated. It is being replaced with the tpl package.

											
										
										
											2021-10-04 14:19:18 +03:00
+								const tpl = require('@tryghost/tpl');
-												Change to use @tryghost/logging

no issue

Logging is now controlled by a logginrc.js file in the root of the project - and now we can just import @tryghost/logging everywhere

											
										
										
											2021-06-15 17:36:27 +03:00
+								const logging = require('@tryghost/logging');
-												🐛 Fixed files staying in temp directory after upload is done

closes #10174

- Introduced upload middleware that cleans up temporary files stored by mutler after the request is finished
- Removed redundant fs.remove calls as this work is now handled in newly introduced middleware

											
										
										
											2018-12-12 16:02:09 +03:00
-												Replaced i18n.t w/ tpl in upload middleware

refs: TryGhost#13380

- The i18n package is deprecated. It is being replaced with the tpl package.

											
										
										
											2021-10-04 14:19:18 +03:00
+								const messages = {
 								    db: {
 								        missingFile: 'Please select a database file to import.',
 								        invalidFile: 'Unsupported file. Please try any of the following formats: {extensions}'
 								    },
 								    redirects: {
 								        missingFile: 'Please select a JSON file.',
 								        invalidFile: 'Please select a valid JSON file to import.'
 								    },
 								    routes: {
 								        missingFile: 'Please select a YAML file.',
 								        invalidFile: 'Please select a valid YAML file to import.'
 								    },
 								    themes: {
 								        missingFile: 'Please select a theme.',
 								        invalidFile: 'Please select a valid zip file.'
 								    },
 								    images: {
 								        missingFile: 'Please select an image.',
 								        invalidFile: 'Please select a valid image.'
 								    },
 								    icons: {
 								        missingFile: 'Please select an icon.',
 								        invalidFile: 'Icon must be a square .ico or .png file between 60px – 1,000px, under 100kb.'
 								    }
 								};
-												Refactored upload middleware

refs https://linear.app/tryghost/issue/CORE-121/create-a-video-storage-adapter

- Using a wrapping object to store enableClear/multer instances didn't make any sense

											
										
										
											2021-10-25 14:06:25 +03:00
+								const enabledClear = config.get('uploadClear') || true;
 								const upload = multer({dest: os.tmpdir()});
-												🐛 Fixed files staying in temp directory after upload is done

closes #10174

- Introduced upload middleware that cleans up temporary files stored by mutler after the request is finished
- Removed redundant fs.remove calls as this work is now handled in newly introduced middleware

											
										
										
											2018-12-12 16:02:09 +03:00
-												Swapped common for @tryghost/errors in core/server/web

- Update all references to common.errors to use @tryghost/errors
- Use dereferencing to only require used bits of common in each file

											
										
										
											2020-04-09 21:40:00 +03:00
+								const deleteSingleFile = file => fs.unlink(file.path).catch(err => logging.error(err));
-												🐛 Fixed files staying in temp directory after upload is done

closes #10174

- Introduced upload middleware that cleans up temporary files stored by mutler after the request is finished
- Removed redundant fs.remove calls as this work is now handled in newly introduced middleware

											
										
										
											2018-12-12 16:02:09 +03:00
 								const single = name => (req, res, next) => {
-												Refactored upload middleware

refs https://linear.app/tryghost/issue/CORE-121/create-a-video-storage-adapter

- Using a wrapping object to store enableClear/multer instances didn't make any sense

											
										
										
											2021-10-25 14:06:25 +03:00
+								    const singleUpload = upload.single(name);
-												🐛 Fixed files staying in temp directory after upload is done

closes #10174

- Introduced upload middleware that cleans up temporary files stored by mutler after the request is finished
- Removed redundant fs.remove calls as this work is now handled in newly introduced middleware

											
										
										
											2018-12-12 16:02:09 +03:00
+								    singleUpload(req, res, (err) => {
 								        if (err) {
 								            return next(err);
 								        }
-												Refactored upload middleware

refs https://linear.app/tryghost/issue/CORE-121/create-a-video-storage-adapter

- Using a wrapping object to store enableClear/multer instances didn't make any sense

											
										
										
											2021-10-25 14:06:25 +03:00
+								        if (enabledClear) {
-												🐛 Fixed files staying in temp directory after upload is done

closes #10174

- Introduced upload middleware that cleans up temporary files stored by mutler after the request is finished
- Removed redundant fs.remove calls as this work is now handled in newly introduced middleware

											
										
										
											2018-12-12 16:02:09 +03:00
+								            const deleteFiles = () => {
 								                res.removeListener('finish', deleteFiles);
 								                res.removeListener('close', deleteFiles);
 								                if (!req.disableUploadClear) {
 								                    if (req.files) {
 								                        return req.files.forEach(deleteSingleFile);
 								                    }
 								                    if (req.file) {
 								                        return deleteSingleFile(req.file);
 								                    }
 								                }
 								            };
 								            if (!req.disableUploadClear) {
 								                res.on('finish', deleteFiles);
 								                res.on('close', deleteFiles);
 								            }
 								        }
 								        next();
 								    });
 								};
-												Moved upload validation mw into api app

- Moved upload validation mw from shared to api as it is not shared (except within the API)
- Co-located the code with the upload middleware, as it's small and gives us a nice API of .upload.single and .upload.validation
- This file is only used in one part of the app, this updates the code structure to reflect this
- This is one of many similar changes needed to make it easier to refactor to the existing setup

											
										
										
											2020-04-22 09:37:02 +03:00
+								const checkFileExists = (fileData) => {
 								    return !!(fileData.mimetype && fileData.path);
 								};
 								const checkFileIsValid = (fileData, types, extensions) => {
 								    const type = fileData.mimetype;
 								    if (types.includes(type) && extensions.includes(fileData.ext)) {
 								        return true;
 								    }
 								    return false;
 								};
 								const validation = function (options) {
 								    const type = options.type;
 								    // if we finish the data/importer logic, we forward the request to the specified importer
 								    return function uploadValidation(req, res, next) {
 								        const extensions = (config.get('uploads')[type] && config.get('uploads')[type].extensions) || [];
 								        const contentTypes = (config.get('uploads')[type] && config.get('uploads')[type].contentTypes) || [];
 								        req.file = req.file || {};
 								        req.file.name = req.file.originalname;
 								        req.file.type = req.file.mimetype;
 								        // Check if a file was provided
 								        if (!checkFileExists(req.file)) {
 								            return next(new errors.ValidationError({
-												Replaced i18n.t w/ tpl in upload middleware

refs: TryGhost#13380

- The i18n package is deprecated. It is being replaced with the tpl package.

											
										
										
											2021-10-04 14:19:18 +03:00
+								                message: tpl(messages[type].missingFile)
-												Moved upload validation mw into api app

- Moved upload validation mw from shared to api as it is not shared (except within the API)
- Co-located the code with the upload middleware, as it's small and gives us a nice API of .upload.single and .upload.validation
- This file is only used in one part of the app, this updates the code structure to reflect this
- This is one of many similar changes needed to make it easier to refactor to the existing setup

											
										
										
											2020-04-22 09:37:02 +03:00
+								            }));
 								        }
 								        req.file.ext = path.extname(req.file.name).toLowerCase();
 								        // Check if the file is valid
 								        if (!checkFileIsValid(req.file, contentTypes, extensions)) {
 								            return next(new errors.UnsupportedMediaTypeError({
-												Replaced i18n.t w/ tpl in upload middleware

refs: TryGhost#13380

- The i18n package is deprecated. It is being replaced with the tpl package.

											
										
										
											2021-10-04 14:19:18 +03:00
+								                message: tpl(messages[type].invalidFile, {extensions: extensions})
-												Moved upload validation mw into api app

- Moved upload validation mw from shared to api as it is not shared (except within the API)
- Co-located the code with the upload middleware, as it's small and gives us a nice API of .upload.single and .upload.validation
- This file is only used in one part of the app, this updates the code structure to reflect this
- This is one of many similar changes needed to make it easier to refactor to the existing setup

											
										
										
											2020-04-22 09:37:02 +03:00
+								            }));
 								        }
 								        next();
 								    };
 								};
 								module.exports = {
 								    single,
 								    validation
 								};
 								// Exports for testing only
 								module.exports._test = {
 								    checkFileExists,
 								    checkFileIsValid
 								};