mirrors/recipes
1
0
Fork 0
mirror of https://github.com/TandoorRecipes/recipes.git synced 2026-01-03 13:19:16 -05:00
Code Issues Packages Projects Releases Wiki Activity

restrict file upload to certain types

Browse Source
This commit is contained in:
vabene1111
2025-01-18 09:22:29 +01:00
parent 36e83a9d01
commit 3e37d11c6a
2 changed files with 30 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
cookbook/helper/image_processing.py
View File

@@ -35,6 +35,20 @@ def get_filetype(name):
return '.jpeg' return '.jpeg'
def is_file_type_allowed(filename, image_only=False):
is_file_allowed = False
allowed_file_types = ['.pdf','.docx', '.xlsx']
allowed_image_types = ['.png', '.jpg', '.jpeg']
check_list = allowed_image_types
if not image_only:
check_list += allowed_file_types
for file_type in check_list:
if filename.endswith(file_type):
is_file_allowed = True
return is_file_allowed
# TODO this whole file needs proper documentation, refactoring, and testing # TODO this whole file needs proper documentation, refactoring, and testing
# TODO also add env variable to define which images sizes should be compressed # TODO also add env variable to define which images sizes should be compressed
# filetype argument can not be optional, otherwise this function will treat all images as if they were a jpeg # filetype argument can not be optional, otherwise this function will treat all images as if they were a jpeg

16
cookbook/serializer.py
View File

@@ -22,6 +22,7 @@ from rest_framework.fields import IntegerField
from cookbook.helper.CustomStorageClass import CachedS3Boto3Storage from cookbook.helper.CustomStorageClass import CachedS3Boto3Storage
from cookbook.helper.HelperFunctions import str2bool from cookbook.helper.HelperFunctions import str2bool
from cookbook.helper.image_processing import is_file_type_allowed
from cookbook.helper.permission_helper import above_space_limit from cookbook.helper.permission_helper import above_space_limit
from cookbook.helper.property_helper import FoodPropertyHelper from cookbook.helper.property_helper import FoodPropertyHelper
from cookbook.helper.shopping_helper import RecipeShoppingEditor from cookbook.helper.shopping_helper import RecipeShoppingEditor
@@ -233,12 +234,17 @@ class UserFileSerializer(serializers.ModelSerializer):
raise ValidationError(_('You have reached your file upload limit.')) raise ValidationError(_('You have reached your file upload limit.'))
def create(self, validated_data): def create(self, validated_data):
if not is_file_type_allowed(validated_data['file'].name):
return None
self.check_file_limit(validated_data) self.check_file_limit(validated_data)
validated_data['created_by'] = self.context['request'].user validated_data['created_by'] = self.context['request'].user
validated_data['space'] = self.context['request'].space validated_data['space'] = self.context['request'].space
return super().create(validated_data) return super().create(validated_data)
def update(self, instance, validated_data): def update(self, instance, validated_data):
if not is_file_type_allowed(validated_data['file'].name):
return None
self.check_file_limit(validated_data) self.check_file_limit(validated_data)
return super().update(instance, validated_data) return super().update(instance, validated_data)
@@ -958,6 +964,16 @@ class RecipeImageSerializer(WritableNestedModelSerializer):
image = serializers.ImageField(required=False, allow_null=True) image = serializers.ImageField(required=False, allow_null=True)
image_url = serializers.CharField(max_length=4096, required=False, allow_null=True) image_url = serializers.CharField(max_length=4096, required=False, allow_null=True)
def create(self, validated_data):
if not is_file_type_allowed(validated_data['image'].name, image_only=True):
return None
return super().create( validated_data)
def update(self, instance, validated_data):
if not is_file_type_allowed(validated_data['image'].name, image_only=True):
return None
return super().update(instance, validated_data)
class Meta: class Meta:
model = Recipe model = Recipe
fields = ['image', 'image_url', ] fields = ['image', 'image_url', ]