fix(uploads): ugly filenames on uploaded asset downloading

During regular processing, a timestamp is prepended to the filename for any uploaded files. We don't want this to be part of the filename if an end-user elects to download the file. This commit adds a middleware to strip out that portion of the basename and adds the appropriate Content-Disposition header for files in /uploads/files Fixes #6953
6 years ago · f96208a0c8
parent e7f9cff7b5
commit f96208a0c8
2 changed files with 16 additions and 1 deletions
--- a/src/middleware/index.js
+++ b/src/middleware/index.js
@ -28,6 +28,10 @@ var delayCache = LRU({

 var middleware = module.exports;

+middleware.regexes = {
+	timestampedUpload: /^\d+-.+$/,
+};
+
 middleware.applyCSRF = csrf();

 middleware.ensureLoggedIn = ensureLoggedIn.ensureLoggedIn(nconf.get('relative_path') + '/login');
@ -218,3 +222,14 @@ middleware.buildSkinAsset = function (req, res, next) {
 		setImmediate(next);
 	}
 };
+
+middleware.trimUploadTimestamps = (req, res, next) => {
+	// Check match
+	let basename = path.basename(req.path);
+	if (req.path.startsWith('/uploads/files/') && middleware.regexes.timestampedUpload.test(basename)) {
+		basename = basename.slice(14);
+		res.header('Content-Disposition', 'inline; filename="' + basename + '"');
+	}
+
+	return next();
+};
--- a/src/routes/index.js
+++ b/src/routes/index.js
@ -159,7 +159,7 @@ module.exports = function (app, middleware, callback) {
 	});

 	statics.forEach(function (obj) {
-		app.use(relativePath + obj.route, express.static(obj.path, staticOptions));
+		app.use(relativePath + obj.route, middleware.trimUploadTimestamps, express.static(obj.path, staticOptions));
 	});
 	app.use(relativePath + '/uploads', function (req, res) {
 		res.redirect(relativePath + '/assets/uploads' + req.path + '?' + meta.config['cache-buster']);