hcengineering/platform
1
0
Fork 0
mirror of https://github.com/hcengineering/platform.git synced 2024-12-22 19:11:33 +03:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Fix front service (#7070)
Some checks are pending
CI / build (push) Waiting to run
Details
CI / svelte-check (push) Blocked by required conditions
Details
CI / formatting (push) Blocked by required conditions
Details
CI / test (push) Blocked by required conditions
Details
CI / uitest (push) Waiting to run
Details
CI / uitest-pg (push) Waiting to run
Details
CI / uitest-qms (push) Waiting to run
Details
CI / docker-build (push) Blocked by required conditions
Details
CI / dist-build (push) Blocked by required conditions
Details

Browse Source 
Signed-off-by: Andrey Sobolev <haiodo@gmail.com>
This commit is contained in:
Andrey Sobolev 2024-10-31 02:20:10 +07:00 committed by GitHub
parent 11a6236712
commit 8aa6989e26
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 8 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
server/front/src/index.ts
View File

@ -35,7 +35,7 @@ import fs, { createReadStream, mkdtempSync } from 'fs'
import { rm, writeFile } from 'fs/promises'
import { tmpdir } from 'os'
const cacheControlValue = 'public, max-age=365d'
const cacheControlValue = 'public, no-cache, must-revalidate, max-age=365d'
const cacheControlNoCache = 'public, no-store, no-cache, must-revalidate, max-age=0'
async function storageUpload (
@ -385,14 +385,14 @@ export function start (
'handle-file',
{},
async (ctx) => {
let payload: Token = { email: 'guest', workspace: { name: req.query.workspace as string } }
try {
const cookies = ((req?.headers?.cookie as string) ?? '').split(';').map((it) => it.trim().split('='))
const token =
cookies.find((it) => it[0] === 'presentation-metadata-Token')?.[1] ??
(req.query.token as string | undefined)
payload = token !== undefined ? decodeToken(token) : payload
(req.query.token as string | undefined) ??
''
const payload = decodeToken(token)
const uuid = req.params.file ?? req.query.file
if (uuid === undefined) {
@ -412,20 +412,6 @@ export function start (
return
}
// try image and octet streams
const isImage =
blobInfo.contentType.includes('image/') || blobInfo.contentType.includes('application/octet-stream')
if (token === undefined) {
if (blobInfo !== undefined && !isImage) {
// Do not allow to return non images with no token.
if (token === undefined) {
res.status(403).send()
return
}
}
}
if (req.method === 'HEAD') {
res.writeHead(200, {
'accept-ranges': 'bytes',
@ -438,6 +424,9 @@ export function start (
res.end()
return
}
// try image and octet streams
const isImage =
blobInfo.contentType.includes('image/') || blobInfo.contentType.includes('application/octet-stream')
const size = req.query.size !== undefined ? parseInt(req.query.size as string) : undefined
const accept = req.headers.accept
@ -475,9 +464,7 @@ export function start (
error?.Code === 'NoSuchKey'
) {
ctx.error('No such storage key', {
file: req.query.file,
workspace: payload?.workspace,
email: payload?.email
file: req.query.file
})
res.status(404).send()
return