File checks

parent baf22c7a
...@@ -16,8 +16,9 @@ class App ...@@ -16,8 +16,9 @@ class App
protected $ci = null; protected $ci = null;
protected $logger = null; protected $logger = null;
protected $savePath; protected $savePath = 'tmp';
protected $saveFileTTL; protected $saveFileTTL = 0;
protected $maxFileSize = 0;
public function __construct(ContainerInterface $ci) public function __construct(ContainerInterface $ci)
{ {
...@@ -29,9 +30,10 @@ class App ...@@ -29,9 +30,10 @@ class App
if (isset($settings['app'])) { if (isset($settings['app'])) {
$this->savePath = (isset($settings['app']['save_path']) ? $settings['app']['save_path'] : 'tmp'); $this->savePath = (isset($settings['app']['save_path']) ? $settings['app']['save_path'] : 'tmp');
$this->saveFileTTL = (isset($settings['app']['save_file_ttl']) ? $settings['app']['save_file_ttl'] : 0); $this->saveFileTTL = (isset($settings['app']['save_file_ttl']) ? $settings['app']['save_file_ttl'] : 0);
$this->maxFileSize = (isset($settings['app']['max_file_size']) ? $settings['app']['max_file_size'] : 0);
} }
} }
/** /**
* Χαιρετισμός - οδηγίες. * Χαιρετισμός - οδηγίες.
* *
...@@ -101,9 +103,15 @@ class App ...@@ -101,9 +103,15 @@ class App
]), 501); ]), 501);
} }
foreach ($files as $id => $file) { // foreach ($files as $id => $file) {
// as requested, only handle one file
$file = array_pop($files);
if ($file->getError() === UPLOAD_ERR_OK) { if ($file->getError() === UPLOAD_ERR_OK) {
// $contents = base64_encode($file->getStream()->getContents()); if ($file->getSize() > $this->maxFileSize) {
return $res->withJson(array_merge($this->coreResponseData(false), [
'message' => 'Exceeded maximum file size limit'
]), 400);
}
$filename = $file->getClientFilename(); $filename = $file->getClientFilename();
$store_filename = $this->savePath . DIRECTORY_SEPARATOR . uniqid() . '_' . $store_filename = $this->savePath . DIRECTORY_SEPARATOR . uniqid() . '_' .
$this->sanitizeFilename($filename); $this->sanitizeFilename($filename);
...@@ -117,7 +125,7 @@ class App ...@@ -117,7 +125,7 @@ class App
} }
$this->logger->info("validate binary upload::{$store_filename}"); $this->logger->info("validate binary upload::{$store_filename}");
} }
} // }
$this->vaccuumSavePath(); $this->vaccuumSavePath();
...@@ -144,12 +152,22 @@ class App ...@@ -144,12 +152,22 @@ class App
// $parsedBody = $req->getParsedBody(); // $parsedBody = $req->getParsedBody();
$filename = $req->getParsedBodyParam('filename', null); $filename = $req->getParsedBodyParam('filename', null);
$content = $req->getParsedBodyParam('base64content', null); $content = $req->getParsedBodyParam('base64content', null);
if ($filename === null || $content === null) { if ($filename === null && $content === null) {
return $res->withJson(array_merge($this->coreResponseData(false), [
'message' => 'invalid JSON format encoding'
]), 400);
} elseif ($filename === null || $content === null) {
return $res->withJson(array_merge($this->coreResponseData(false), [ return $res->withJson(array_merge($this->coreResponseData(false), [
'message' => 'Filename and file content is mandatory' 'message' => 'Filename and file content is mandatory'
]), 400); ]), 400);
} }
if (mb_strlen($content) > (ceil($this->maxFileSize * 4 / 3) + 3)) { // approx base64 length
return $res->withJson(array_merge($this->coreResponseData(false), [
'message' => 'Exceeded maximum file size limit'
]), 400);
}
if (($filecontent = base64_decode($content)) === false) { if (($filecontent = base64_decode($content)) === false) {
return $res->withJson(array_merge($this->coreResponseData(false), [ return $res->withJson(array_merge($this->coreResponseData(false), [
'message' => 'File content is not valid base64 encoded' 'message' => 'File content is not valid base64 encoded'
...@@ -172,6 +190,12 @@ class App ...@@ -172,6 +190,12 @@ class App
]), 501); ]), 501);
} }
if (filesize($store_filename) > $this->maxFileSize) { // double checking
return $res->withJson(array_merge($this->coreResponseData(false), [
'message' => 'Exceeded maximum file size limit'
]), 400);
}
$this->logger->info("validate base64 upload::{$store_filename}"); $this->logger->info("validate base64 upload::{$store_filename}");
// delete any leftover files // delete any leftover files
......
...@@ -19,6 +19,7 @@ return [ ...@@ -19,6 +19,7 @@ return [
'app' => [ 'app' => [
'save_path' => __DIR__ . '/../files', // upload file location 'save_path' => __DIR__ . '/../files', // upload file location
'save_file_ttl' => 0, // if 0 delete file after doing work; if Nr delete some time after Nr seconds 'save_file_ttl' => 0, // if 0 delete file after doing work; if Nr delete some time after Nr seconds
'max_file_size' => 26214401, // maximum uploaded file size in bytes
'secure_endpoint_username' => 'username-for-this-wrapper', 'secure_endpoint_username' => 'username-for-this-wrapper',
'secure_endpoint_password' => 'password-for-this-wrapper' 'secure_endpoint_password' => 'password-for-this-wrapper'
] ]
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment