File checks

parent baf22c7a
......@@ -16,8 +16,9 @@ class App
protected $ci = null;
protected $logger = null;
protected $savePath;
protected $saveFileTTL;
protected $savePath = 'tmp';
protected $saveFileTTL = 0;
protected $maxFileSize = 0;
public function __construct(ContainerInterface $ci)
{
......@@ -29,9 +30,10 @@ class App
if (isset($settings['app'])) {
$this->savePath = (isset($settings['app']['save_path']) ? $settings['app']['save_path'] : 'tmp');
$this->saveFileTTL = (isset($settings['app']['save_file_ttl']) ? $settings['app']['save_file_ttl'] : 0);
$this->maxFileSize = (isset($settings['app']['max_file_size']) ? $settings['app']['max_file_size'] : 0);
}
}
/**
* Χαιρετισμός - οδηγίες.
*
......@@ -101,9 +103,15 @@ class App
]), 501);
}
foreach ($files as $id => $file) {
// foreach ($files as $id => $file) {
// as requested, only handle one file
$file = array_pop($files);
if ($file->getError() === UPLOAD_ERR_OK) {
// $contents = base64_encode($file->getStream()->getContents());
if ($file->getSize() > $this->maxFileSize) {
return $res->withJson(array_merge($this->coreResponseData(false), [
'message' => 'Exceeded maximum file size limit'
]), 400);
}
$filename = $file->getClientFilename();
$store_filename = $this->savePath . DIRECTORY_SEPARATOR . uniqid() . '_' .
$this->sanitizeFilename($filename);
......@@ -117,7 +125,7 @@ class App
}
$this->logger->info("validate binary upload::{$store_filename}");
}
}
// }
$this->vaccuumSavePath();
......@@ -144,12 +152,22 @@ class App
// $parsedBody = $req->getParsedBody();
$filename = $req->getParsedBodyParam('filename', null);
$content = $req->getParsedBodyParam('base64content', null);
if ($filename === null || $content === null) {
if ($filename === null && $content === null) {
return $res->withJson(array_merge($this->coreResponseData(false), [
'message' => 'invalid JSON format encoding'
]), 400);
} elseif ($filename === null || $content === null) {
return $res->withJson(array_merge($this->coreResponseData(false), [
'message' => 'Filename and file content is mandatory'
]), 400);
}
if (mb_strlen($content) > (ceil($this->maxFileSize * 4 / 3) + 3)) { // approx base64 length
return $res->withJson(array_merge($this->coreResponseData(false), [
'message' => 'Exceeded maximum file size limit'
]), 400);
}
if (($filecontent = base64_decode($content)) === false) {
return $res->withJson(array_merge($this->coreResponseData(false), [
'message' => 'File content is not valid base64 encoded'
......@@ -172,6 +190,12 @@ class App
]), 501);
}
if (filesize($store_filename) > $this->maxFileSize) { // double checking
return $res->withJson(array_merge($this->coreResponseData(false), [
'message' => 'Exceeded maximum file size limit'
]), 400);
}
$this->logger->info("validate base64 upload::{$store_filename}");
// delete any leftover files
......
......@@ -19,6 +19,7 @@ return [
'app' => [
'save_path' => __DIR__ . '/../files', // upload file location
'save_file_ttl' => 0, // if 0 delete file after doing work; if Nr delete some time after Nr seconds
'max_file_size' => 26214401, // maximum uploaded file size in bytes
'secure_endpoint_username' => 'username-for-this-wrapper',
'secure_endpoint_password' => 'password-for-this-wrapper'
]
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment