FileUpload options for Server Config (#7071)
* New: fileUpload options to restrict file uploads * review changes * update review * Update helper.js * added complete fileUpload values for tests * fixed config validation * allow file upload only for authenicated user by default * fixed inconsistent error messages * consolidated and extended tests * minor compacting * removed irregular whitespace * added changelog entry * always allow file upload with master key * fix lint * removed fit Co-authored-by: Manuel Trezza <trezza.m@gmail.com>
This commit is contained in:
dblythy
GitHub
@@ -6,7 +6,10 @@ import AppCache from './cache';
|
||||
import SchemaCache from './Controllers/SchemaCache';
|
||||
import DatabaseController from './Controllers/DatabaseController';
|
||||
import net from 'net';
|
||||
import { IdempotencyOptions } from './Options/Definitions';
|
||||
import {
|
||||
IdempotencyOptions,
|
||||
FileUploadOptions,
|
||||
} from './Options/Definitions';
|
||||
|
||||
function removeTrailingSlash(str) {
|
||||
if (!str) {
|
||||
@@ -71,6 +74,7 @@ export class Config {
|
||||
allowHeaders,
|
||||
idempotencyOptions,
|
||||
emailVerifyTokenReuseIfValid,
|
||||
fileUpload,
|
||||
}) {
|
||||
if (masterKey === readOnlyMasterKey) {
|
||||
throw new Error('masterKey and readOnlyMasterKey should be different');
|
||||
@@ -88,8 +92,8 @@ export class Config {
|
||||
}
|
||||
|
||||
this.validateAccountLockoutPolicy(accountLockout);
|
||||
|
||||
this.validatePasswordPolicy(passwordPolicy);
|
||||
this.validateFileUploadOptions(fileUpload);
|
||||
|
||||
if (typeof revokeSessionOnPasswordReset !== 'boolean') {
|
||||
throw 'revokeSessionOnPasswordReset must be a boolean value';
|
||||
@@ -245,6 +249,30 @@ export class Config {
|
||||
}
|
||||
}
|
||||
|
||||
static validateFileUploadOptions(fileUpload) {
|
||||
if (!fileUpload) {
|
||||
fileUpload = {};
|
||||
}
|
||||
if (typeof fileUpload !== 'object' || fileUpload instanceof Array) {
|
||||
throw 'fileUpload must be an object value.';
|
||||
}
|
||||
if (fileUpload.enableForAnonymousUser === undefined) {
|
||||
fileUpload.enableForAnonymousUser = FileUploadOptions.enableForAnonymousUser.default;
|
||||
} else if (typeof fileUpload.enableForAnonymousUser !== 'boolean') {
|
||||
throw 'fileUpload.enableForAnonymousUser must be a boolean value.';
|
||||
}
|
||||
if (fileUpload.enableForPublic === undefined) {
|
||||
fileUpload.enableForPublic = FileUploadOptions.enableForPublic.default;
|
||||
} else if (typeof fileUpload.enableForPublic !== 'boolean') {
|
||||
throw 'fileUpload.enableForPublic must be a boolean value.';
|
||||
}
|
||||
if (fileUpload.enableForAuthenticatedUser === undefined) {
|
||||
fileUpload.enableForAuthenticatedUser = FileUploadOptions.enableForAuthenticatedUser.default;
|
||||
} else if (typeof fileUpload.enableForAuthenticatedUser !== 'boolean') {
|
||||
throw 'fileUpload.enableForAuthenticatedUser must be a boolean value.';
|
||||
}
|
||||
}
|
||||
|
||||
static validateMasterKeyIps(masterKeyIps) {
|
||||
for (const ip of masterKeyIps) {
|
||||
if (!net.isIP(ip)) {
|
||||
|
||||
Reference in New Issue
Block a user