From aad0c5fd5138a31dfd766d2e6808a35b7dfb4a74 Mon Sep 17 00:00:00 2001 From: Julian Lam Date: Wed, 9 Feb 2022 13:52:46 -0500 Subject: [PATCH] refactor: abstract some common code out to local utility methods --- src/posts/uploads.js | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/src/posts/uploads.js b/src/posts/uploads.js index cfab10671b..132a73fe12 100644 --- a/src/posts/uploads.js +++ b/src/posts/uploads.js @@ -1,6 +1,5 @@ 'use strict'; -const async = require('async'); const nconf = require('nconf'); const crypto = require('crypto'); const path = require('path'); @@ -20,6 +19,12 @@ module.exports = function (Posts) { const pathPrefix = path.join(nconf.get('upload_path'), 'files'); const searchRegex = /\/assets\/uploads\/files\/([^\s")]+\.?[\w]*)/g; + const _getFullPath = relativePath => path.resolve(pathPrefix, relativePath); + const _filterValidPaths = async filePaths => (await Promise.all(filePaths.map(async (filePath) => { + const fullPath = _getFullPath(filePath); + return fullPath.startsWith(pathPrefix) && await file.exists(fullPath) ? filePath : false; + }))).filter(Boolean); + Posts.uploads.sync = async function (pid) { // Scans a post's content and updates sorted set of uploads @@ -92,8 +97,7 @@ module.exports = function (Posts) { if (!filePaths.length) { return; } - // Only process files that exist - filePaths = await async.filter(filePaths, async filePath => await file.exists(path.join(pathPrefix, filePath))); + filePaths = await _filterValidPaths(filePaths); // Only process files that exist and are within uploads directory const now = Date.now(); const scores = filePaths.map(() => now); @@ -131,7 +135,7 @@ module.exports = function (Posts) { }); await Promise.all(filePaths.map(async (fileName) => { try { - const size = await image.size(path.join(pathPrefix, fileName)); + const size = await image.size(_getFullPath(fileName)); winston.verbose(`[posts/uploads/${fileName}] Saving size`); await db.setObject(`upload:${md5(fileName)}`, { width: size.width,