admin/bodyshop-media-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Correct Build and file name sanitization

Browse Source
This commit is contained in:
Allan Carr
2024-08-28 09:34:56 -07:00
parent 36ada6fd1f
commit a6da3c369a
4 changed files with 42 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
Dockerfile
View File

@@ -15,8 +15,8 @@ RUN npm install
# Bundle app source # Bundle app source
COPY . . COPY . .
RUN apt-get -y update RUN apt -y update
RUN apt install wget RUN apt install -y wget
# PNG ,JPG ,Tiff & WebP support # PNG ,JPG ,Tiff & WebP support
# Consider adding more support with testing https://gist.github.com/hurricup/e14ae5bc47705fca6b1680e7a1fb6580 # Consider adding more support with testing https://gist.github.com/hurricup/e14ae5bc47705fca6b1680e7a1fb6580
@@ -26,21 +26,32 @@ RUN apt install -y libtiff-dev
RUN apt install -y libwebp-dev RUN apt install -y libwebp-dev
# Install HEIF support (libheic-dev Package does not exist on 16.04) # Install HEIF support (libheic-dev Package does not exist on 16.04)
RUN apt-get -y install libde265-dev RUN apt -y install libde265-dev
RUN apt-get -y install pkg-config m4 libtool automake autoconf RUN apt -y install pkg-config m4 libtool automake autoconf cmake
RUN wget https://github.com/strukturag/libde265/archive/v1.0.15.tar.gz
RUN tar -xvf v1.0.15.tar.gz
WORKDIR /usr/src/app/libde265-1.0.15/
RUN cmake .
RUN make
RUN make install
RUN ./autogen.sh
RUN ./configure
WORKDIR /usr/src/app
RUN wget https://github.com/strukturag/libheif/archive/v1.18.2.tar.gz RUN wget https://github.com/strukturag/libheif/archive/v1.18.2.tar.gz
RUN tar -xvf v1.18.2.tar.gz RUN tar -xvf v1.18.2.tar.gz
WORKDIR /usr/src/app/libheif-1.18.2/ WORKDIR /usr/src/app/libheif-1.18.2/
RUN ./autogen.sh RUN cmake --preset=release .
RUN ./configure
RUN make RUN make
RUN make install RUN make install
WORKDIR /usr/src/app WORKDIR /usr/src/app
# Install ruby 2.3.0 for ImageMagick # Install ruby 2.3.0 for ImageMagick
RUN apt-get -y install build-essential zlib1g-dev libssl-dev libreadline6-dev libyaml-dev RUN apt -y install -y build-essential zlib1g-dev libssl-dev libreadline6-dev libyaml-dev
RUN apt-get -y install wget && apt-get install -y ruby-full && ruby -v RUN apt -y install -y ruby-full && ruby -v
# Install ImageMagick # Install ImageMagick
# RUN apt-get install imagemagick -y # RUN apt-get install imagemagick -y
@@ -56,9 +67,7 @@ RUN ldconfig /usr/local/lib
RUN identify --version RUN identify --version
RUN apt-get update && apt-get install -y \ RUN apt update && apt install -y ghostscript graphicsmagick \
ghostscript \
graphicsmagick \
&& rm -rf /var/lib/apt/lists/* && rm -rf /var/lib/apt/lists/*
WORKDIR /usr/src/app WORKDIR /usr/src/app
@@ -67,4 +76,4 @@ RUN npm run build
RUN npm install pm2 -g RUN npm install pm2 -g
EXPOSE 8000 EXPOSE 8000
CMD [ "pm2-runtime", "ecosystem.config.js" ] CMD [ "pm2-runtime", "ecosystem.config.cjs" ]

0
ecosystem.config.js → ecosystem.config.cjs
View File

6
util/generateUniqueFilename.ts
View File

@@ -8,7 +8,11 @@ export function generateUniqueBillFilename(file: Express.Multer.File, invoice_nu
return `${sanitizeFileName(invoice_number)}-${Math.floor(Date.now() / 1000)}${path.extname(file.originalname)}`; return `${sanitizeFileName(invoice_number)}-${Math.floor(Date.now() / 1000)}${path.extname(file.originalname)}`;
} }
export function generateUniqueHeicFilename(file: Express.Multer.File) {
return `${path.parse(sanitizeFileName(path.basename(file.originalname))).name}-${Math.floor(Date.now() / 1000)}.jpeg`;
}
function sanitizeFileName(fileName: string): string { function sanitizeFileName(fileName: string): string {
const restrictedChars = /[<>:"/\\|?*\x00-\x1F]/g; const restrictedChars = /[<>:"/\\|?*#\x00-\x1F]/g;
return fileName.replace(restrictedChars, ""); return fileName.replace(restrictedChars, "");
} }

29
util/heicConverter.ts
View File

@@ -5,6 +5,7 @@ import fs from "fs-extra";
import gm from "gm"; import gm from "gm";
import path from "path"; import path from "path";
import { logger } from "../server.js"; import { logger } from "../server.js";
import { generateUniqueHeicFilename } from "./generateUniqueFilename.js";
import { FolderPaths } from "./serverInit.js"; import { FolderPaths } from "./serverInit.js";
dotenv.config({ dotenv.config({
@@ -15,19 +16,21 @@ const imageMagick = gm.subClass({ imageMagick: true });
export async function ConvertHeicFiles(files: Express.Multer.File[]) { export async function ConvertHeicFiles(files: Express.Multer.File[]) {
const validFiles = await filterValidHeicFiles(files); const validFiles = await filterValidHeicFiles(files);
await Promise.all(validFiles.map(async (file) => { await Promise.all(
const convertedFileName = `${path.parse(path.basename(file.originalname)).name}-${Math.floor(Date.now() / 1000)}.jpeg`; validFiles.map(async (file) => {
try { const convertedFileName = generateUniqueHeicFilename(file);
await ConvertToJpeg(file.path, `${file.destination}/${convertedFileName}`); try {
logger.log("debug", `Converted ${file.filename} image to JPEG from HEIC.`); await ConvertToJpeg(file.path, `${file.destination}/${convertedFileName}`);
await handleOriginalFile(file, convertedFileName); logger.log("debug", `Converted ${file.filename} image to JPEG from HEIC.`);
file.filename = convertedFileName; await handleOriginalFile(file, convertedFileName);
file.mimetype = "image/jpeg"; file.filename = convertedFileName;
file.path = `${file.destination}/${convertedFileName}`; file.mimetype = "image/jpeg";
} catch (error) { file.path = `${file.destination}/${convertedFileName}`;
logger.log("error", `Error converting ${file.filename} image to JPEG from HEIC. ${JSON.stringify(error)}`); } catch (error) {
} logger.log("error", `Error converting ${file.filename} image to JPEG from HEIC. ${JSON.stringify(error)}`);
})); }
})
);
} }
async function filterValidHeicFiles(files: Express.Multer.File[]) { async function filterValidHeicFiles(files: Express.Multer.File[]) {