api: add file limitations for the avatar service + content disposition
Parents:
387edc21 file(s) changed
- api/src/services/avatar.ts +16 -3
api/src/services/avatar.ts
@@ -5,19 +5,32 @@ import path from 'path';
5 5 import crypto from 'crypto';
6 6
7 7 const avatarMulter = multerBase({
8 + limits: { fileSize: 8 * 1024 * 1024 }, // 8MB
9 + fileFilter: (_req, file, cb) => {
10 + const allowed = [
11 + 'image/jpeg',
12 + 'image/png',
13 + 'image/webp',
14 + 'image/jpg'
15 + ];
16 +
17 + cb(null, allowed.includes(file.mimetype));
18 + },
19 +
8 20 storage: multerS3({
9 21 s3,
10 22 acl: "public-read",
23 + contentDisposition: "inline",
11 24 bucket: process.env.S3_BUCKET!,
12 - metadata: function (req, file, cb) {
25 + metadata: (req, file, cb) => {
13 26 cb(null, { fieldName: file.fieldname });
14 27 },
15 - key: function (req, file, cb) {
28 + key: (req, file, cb) => {
16 29 const ext = path.extname(file.originalname).slice(1);
17 30 const uuid = crypto.randomUUID();
18 31
19 32 cb(null, `avatars/${uuid}.${ext}`)
20 - }
33 + },
21 34 })
22 35 })
23 36