Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(common): file type validator #9832

Merged
merged 1 commit into from
Jun 27, 2022
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 9 additions & 3 deletions packages/common/pipes/file/file-type.validator.ts
Original file line number Diff line number Diff line change
@@ -1,11 +1,15 @@
import { FileValidator } from './file-validator.interface';

export type FileTypeValidatorOptions = {
fileType: string;
fileType: string | RegExp;
};

/**
* Defines the built-in FileType File Validator
* Defines the built-in FileType File Validator. It validates incoming files mime-type
* matching a string or a regular expression. Note that this validator uses a naive strategy
* to check the mime-type and could be fooled if the client provided a file with renamed extension.
* (for instance, renaming a 'malicious.bat' to 'malicious.jpeg'). To handle such security issues
* with more reliability, consider checking against the file's [magic-numbers](https://en.wikipedia.org/wiki/Magic_number_%28programming%29)
*
* @see [File Validators](https://docs.nestjs.com/techniques/file-upload#validators)
*
Expand All @@ -25,6 +29,8 @@ export class FileTypeValidator extends FileValidator<FileTypeValidatorOptions> {
return false;
}

return (file.mimetype as string).endsWith(this.validationOptions.fileType);
return Boolean(
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure how I feel about the use of Boolean here 😄 What about just !! instead?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I usually use Boolean cast because I think it is more explicit than using !!, and IMHO, quoting Uncle Bob:

We want code to be as expressive as possible

But if using !! is preferred for standardization reasons I can change it as well, just let me know!

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since it's just Boolean not new Boolean, I'm OK with that! I've assumed you're instantiating a boxing type here that wraps a primitive value (instead of just coercing the value).

(file.mimetype as string).match(this.validationOptions.fileType),
);
}
}
24 changes: 24 additions & 0 deletions packages/common/test/pipes/file/file-type.validator.spec.ts
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,18 @@ describe('FileTypeValidator', () => {
expect(fileTypeValidator.isValid(requestFile)).to.equal(true);
});

it('should return true when the file mimetype matches the specified regexp', () => {
const fileTypeValidator = new FileTypeValidator({
fileType: /word/,
});

const requestFile = {
mimetype: 'application/msword',
};

expect(fileTypeValidator.isValid(requestFile)).to.equal(true);
});

it('should return false when the file mimetype is different from the specified', () => {
const fileTypeValidator = new FileTypeValidator({
fileType: 'image/jpeg',
Expand All @@ -39,6 +51,18 @@ describe('FileTypeValidator', () => {
expect(fileTypeValidator.isValid(requestFile)).to.equal(false);
});

it('should return false when the file mimetype does not match the provided regexp', () => {
const fileTypeValidator = new FileTypeValidator({
fileType: /mp4/,
});

const requestFile = {
mimetype: 'image/png',
};

expect(fileTypeValidator.isValid(requestFile)).to.equal(false);
});

it('should return false when the file mimetype was not provided', () => {
const fileTypeValidator = new FileTypeValidator({
fileType: 'image/jpeg',
Expand Down