From 8e6fa9d27c44553c1f6d45462317d56ba2230aed Mon Sep 17 00:00:00 2001 From: Leo Audibert Date: Mon, 23 Sep 2024 16:32:17 -0700 Subject: [PATCH] Remove utils file that was in wrong place --- pkg/repo/utils.go | 63 ----------------------------------- pkg/routes/profile_photo.go | 65 ++++++++++++++++++++++++++++++++++--- pkg/routes/upload_photo.go | 7 ++-- 3 files changed, 64 insertions(+), 71 deletions(-) delete mode 100644 pkg/repo/utils.go diff --git a/pkg/repo/utils.go b/pkg/repo/utils.go deleted file mode 100644 index cb95654..0000000 --- a/pkg/repo/utils.go +++ /dev/null @@ -1,63 +0,0 @@ -package repo - -import ( - "errors" - "mime/multipart" - "path/filepath" - "strings" - "time" -) - -var ( - ErrInvalidMimeType = errors.New("invalid MIME type") - ErrInvalidFileExtension = errors.New("invalid file extension") - ErrImageProcessing = errors.New("error processing image") -) - -func ValidateAndProcessImage(fileHeader *multipart.FileHeader) error { - // TODO: need to do many other checks for file upload security: https://portswigger.net/web-security/file-upload - - // Define allowed MIME types - allowedMimeTypes := map[string]bool{ - "image/jpeg": true, - "image/webp": true, - "image/png": true, - "image/gif": true, - } - - // Define allowed file extensions - allowedExtensions := map[string]bool{ - ".jpg": true, - ".jpeg": true, - ".webp": true, - ".png": true, - ".gif": true, - } - - // Check MIME type - contentType := fileHeader.Header.Get("Content-Type") - if !allowedMimeTypes[contentType] { - return ErrInvalidMimeType - } - - // Check file extension - extension := strings.ToLower(filepath.Ext(fileHeader.Filename)) - if !allowedExtensions[extension] { - return ErrInvalidFileExtension - } - - // Open the file - file, err := fileHeader.Open() - if err != nil { - return err - } - defer file.Close() - - // TODO: verify that the file actually contains an image - return nil -} - -// daysAgo returns a time.Time object for x days ago. -func daysAgo(x int) time.Time { - return time.Now().UTC().AddDate(0, 0, -x) -} diff --git a/pkg/routes/profile_photo.go b/pkg/routes/profile_photo.go index 0c38328..3187602 100644 --- a/pkg/routes/profile_photo.go +++ b/pkg/routes/profile_photo.go @@ -3,12 +3,15 @@ package routes import ( "errors" "fmt" + "mime/multipart" "net/http" + "path/filepath" + "strings" + "time" "github.com/mikestefanello/pagoda/ent" "github.com/mikestefanello/pagoda/pkg/context" "github.com/mikestefanello/pagoda/pkg/controller" - "github.com/mikestefanello/pagoda/pkg/repo" "github.com/mikestefanello/pagoda/pkg/repos/profilerepo" storagerepo "github.com/mikestefanello/pagoda/pkg/repos/storage" "github.com/mikestefanello/pagoda/templates/layouts" @@ -73,13 +76,13 @@ func (p *currProfilePhoto) Post(ctx echo.Context) error { } // Validate and process the image - err = repo.ValidateAndProcessImage(file) + err = ValidateAndProcessImage(file) ctx.Logger().Error(err) if err != nil { // Handle specific errors returned by ValidateAndProcessImage - if errors.Is(err, repo.ErrInvalidMimeType) || errors.Is(err, repo.ErrInvalidFileExtension) { + if errors.Is(err, ErrInvalidMimeType) || errors.Is(err, ErrInvalidFileExtension) { return echo.NewHTTPError(http.StatusBadRequest, "Invalid file type") - } else if errors.Is(err, repo.ErrImageProcessing) { + } else if errors.Is(err, ErrImageProcessing) { return echo.NewHTTPError(http.StatusInternalServerError, "Error processing image") } else { return echo.NewHTTPError(http.StatusInternalServerError, err.Error()) @@ -110,3 +113,57 @@ func (p *currProfilePhoto) Post(ctx echo.Context) error { return p.ctr.RenderJSON(ctx, nil) } + +var ( + ErrInvalidMimeType = errors.New("invalid MIME type") + ErrInvalidFileExtension = errors.New("invalid file extension") + ErrImageProcessing = errors.New("error processing image") +) + +func ValidateAndProcessImage(fileHeader *multipart.FileHeader) error { + // TODO: need to do many other checks for file upload security: https://portswigger.net/web-security/file-upload + + // Define allowed MIME types + allowedMimeTypes := map[string]bool{ + "image/jpeg": true, + "image/webp": true, + "image/png": true, + "image/gif": true, + } + + // Define allowed file extensions + allowedExtensions := map[string]bool{ + ".jpg": true, + ".jpeg": true, + ".webp": true, + ".png": true, + ".gif": true, + } + + // Check MIME type + contentType := fileHeader.Header.Get("Content-Type") + if !allowedMimeTypes[contentType] { + return ErrInvalidMimeType + } + + // Check file extension + extension := strings.ToLower(filepath.Ext(fileHeader.Filename)) + if !allowedExtensions[extension] { + return ErrInvalidFileExtension + } + + // Open the file + file, err := fileHeader.Open() + if err != nil { + return err + } + defer file.Close() + + // TODO: verify that the file actually contains an image + return nil +} + +// daysAgo returns a time.Time object for x days ago. +func daysAgo(x int) time.Time { + return time.Now().UTC().AddDate(0, 0, -x) +} diff --git a/pkg/routes/upload_photo.go b/pkg/routes/upload_photo.go index 59532a0..e7b9886 100644 --- a/pkg/routes/upload_photo.go +++ b/pkg/routes/upload_photo.go @@ -9,7 +9,6 @@ import ( "github.com/mikestefanello/pagoda/ent" "github.com/mikestefanello/pagoda/pkg/context" "github.com/mikestefanello/pagoda/pkg/controller" - "github.com/mikestefanello/pagoda/pkg/repo" "github.com/mikestefanello/pagoda/pkg/repos/profilerepo" storagerepo "github.com/mikestefanello/pagoda/pkg/repos/storage" "github.com/mikestefanello/pagoda/templates/layouts" @@ -74,12 +73,12 @@ func (p *uploadPhoto) Post(ctx echo.Context) error { } // Validate and process the image - err = repo.ValidateAndProcessImage(file) + err = ValidateAndProcessImage(file) if err != nil { // Handle specific errors returned by ValidateAndProcessImage - if errors.Is(err, repo.ErrInvalidMimeType) || errors.Is(err, repo.ErrInvalidFileExtension) { + if errors.Is(err, ErrInvalidMimeType) || errors.Is(err, ErrInvalidFileExtension) { return echo.NewHTTPError(http.StatusBadRequest, "Invalid file type") - } else if errors.Is(err, repo.ErrImageProcessing) { + } else if errors.Is(err, ErrImageProcessing) { return echo.NewHTTPError(http.StatusInternalServerError, "Error processing image") } else { return echo.NewHTTPError(http.StatusInternalServerError, err.Error())