revert d53795184

2021-12-29 17:21:08 +09:00 · 2021-12-29 17:21:08 +09:00 · aedbab17cc
commit aedbab17cc
parent 3e00ce0d88
4 changed files with 4 additions and 54 deletions
--- a/packages/backend/src/const.ts
+++ b/packages/backend/src/const.ts
@ -1,47 +1,2 @@
 export const USER_ONLINE_THRESHOLD = 1000 * 60 * 10; // 10min
 export const USER_ACTIVE_THRESHOLD = 1000 * 60 * 60 * 24 * 3; // 3days
 // ブラウザで直接表示することを許可するファイルの種類のリスト
 // ここに含まれないものは application/octet-stream としてレスポンスされる
 // SVGはXSSを生むので許可しない
 export const FILE_TYPE_BROWSERSAFE = [
 	// Images
 	'image/png',
 	'image/gif',
 	'image/jpeg',
 	'image/webp',
 	'image/apng',
 	'image/bmp',
 	'image/tiff',
 	'image/x-icon',
 	// OggS
 	'audio/opus',
 	'video/ogg',
 	'audio/ogg',
 	'application/ogg',
 	// ISO/IEC base media file format
 	'video/quicktime',
 	'video/mp4',
 	'audio/mp4',
 	'video/x-m4v',
 	'audio/x-m4a',
 	'video/3gpp',
 	'video/3gpp2',
 	'video/mpeg',
 	'audio/mpeg',
 	'video/webm',
 	'audio/webm',
 	'audio/aac',
 	'audio/x-flac',
 	'audio/vnd.wave',
 ];
 /*
 https://github.com/sindresorhus/file-type/blob/main/supported.js
 https://github.com/sindresorhus/file-type/blob/main/core.js
 https://developer.mozilla.org/en-US/docs/Web/Media/Formats/Containers
 */
--- a/packages/backend/src/server/file/send-drive-file.ts
+++ b/packages/backend/src/server/file/send-drive-file.ts
@ -14,7 +14,6 @@ import { detectType } from '@/misc/get-file-info';
 import { convertToJpeg, convertToPngOrJpeg } from '@/services/drive/image-processor';
 import { GenerateVideoThumbnail } from '@/services/drive/generate-video-thumbnail';
 import { StatusError } from '@/misc/fetch';
 import { FILE_TYPE_BROWSERSAFE } from '@/const';
 //const _filename = fileURLToPath(import.meta.url);
 const _filename = __filename;
@ -28,7 +27,6 @@ const commonReadableHandlerGenerator = (ctx: Koa.Context) => (e: Error): void =>
 	ctx.set('Cache-Control', 'max-age=300');
 };
 // eslint-disable-next-line import/no-default-export
 export default async function(ctx: Koa.Context) {
 	const key = ctx.params.key;
@ -83,7 +81,7 @@ export default async function(ctx: Koa.Context) {
 				const image = await convertFile();
 				ctx.body = image.data;
-				ctx.set('Content-Type', FILE_TYPE_BROWSERSAFE.includes(image.type) ? image.type : 'application/octet-stream');
+				ctx.set('Content-Type', image.type);
 				ctx.set('Cache-Control', 'max-age=31536000, immutable');
 			} catch (e) {
 				serverLogger.error(`${e}`);
@ -114,14 +112,14 @@ export default async function(ctx: Koa.Context) {
 		}).toString();
 		ctx.body = InternalStorage.read(key);
-		ctx.set('Content-Type', FILE_TYPE_BROWSERSAFE.includes(mime) ? mime : 'application/octet-stream');
+		ctx.set('Content-Type', mime);
 		ctx.set('Cache-Control', 'max-age=31536000, immutable');
 		ctx.set('Content-Disposition', contentDisposition('inline', filename));
 	} else {
 		const readable = InternalStorage.read(file.accessKey!);
 		readable.on('error', commonReadableHandlerGenerator(ctx));
 		ctx.body = readable;
-		ctx.set('Content-Type', FILE_TYPE_BROWSERSAFE.includes(file.type) ? file.type : 'application/octet-stream');
+		ctx.set('Content-Type', file.type);
 		ctx.set('Cache-Control', 'max-age=31536000, immutable');
 		ctx.set('Content-Disposition', contentDisposition('inline', file.name));
 	}
--- a/packages/backend/src/server/proxy/proxy-media.ts
+++ b/packages/backend/src/server/proxy/proxy-media.ts
@ -6,7 +6,6 @@ import { createTemp } from '@/misc/create-temp';
 import { downloadUrl } from '@/misc/download-url';
 import { detectType } from '@/misc/get-file-info';
 import { StatusError } from '@/misc/fetch';
 import { FILE_TYPE_BROWSERSAFE } from '@/const';
 export async function proxyMedia(ctx: Koa.Context) {
 	const url = 'url' in ctx.query ? ctx.query.url : 'https://' + ctx.params.url;
@ -19,7 +18,7 @@ export async function proxyMedia(ctx: Koa.Context) {
 		const { mime, ext } = await detectType(path);
-		if (!FILE_TYPE_BROWSERSAFE.includes(mime)) throw 403;
+		if (!mime.startsWith('image/')) throw 403;
 		let image: IImage;
--- a/packages/backend/src/services/drive/add-file.ts
+++ b/packages/backend/src/services/drive/add-file.ts
@ -20,7 +20,6 @@ import { isDuplicateKeyValueError } from '@/misc/is-duplicate-key-value-error';
 import * as S3 from 'aws-sdk/clients/s3';
 import { getS3 } from './s3';
 import * as sharp from 'sharp';
 import { FILE_TYPE_BROWSERSAFE } from '@/const';
 const logger = driveLogger.createSubLogger('register', 'yellow');
@ -242,7 +241,6 @@ export async function generateAlts(path: string, type: string, generateWeb: bool
 */
 async function upload(key: string, stream: fs.ReadStream | Buffer, type: string, filename?: string) {
 	if (type === 'image/apng') type = 'image/png';
 	if (!FILE_TYPE_BROWSERSAFE.includes(type)) type = 'application/octet-stream';
 	const meta = await fetchMeta();