From 93b419f6bb68c05b66d3465fe85450548486776c Mon Sep 17 00:00:00 2001 From: Nevo David Date: Fri, 11 Jul 2025 18:55:29 +0700 Subject: [PATCH] feat: restrict upload directory --- .../src/components/launches/set.context.tsx | 5 ----- .../components/new-launch/add.edit.modal.tsx | 5 ++--- libraries/helpers/src/utils/valid.url.path.ts | 17 +++++++++++++++++ .../src/dtos/media/media.dto.ts | 4 +++- 4 files changed, 22 insertions(+), 9 deletions(-) delete mode 100644 apps/frontend/src/components/launches/set.context.tsx create mode 100644 libraries/helpers/src/utils/valid.url.path.ts diff --git a/apps/frontend/src/components/launches/set.context.tsx b/apps/frontend/src/components/launches/set.context.tsx deleted file mode 100644 index 80ba568d..00000000 --- a/apps/frontend/src/components/launches/set.context.tsx +++ /dev/null @@ -1,5 +0,0 @@ -import { createContext, useContext } from 'react'; -import { type CreatePostDto } from '@gitroom/nestjs-libraries/dtos/posts/create.post.dto'; - -export const SetContext = createContext<{set?: CreatePostDto}>({}); -export const useSet = () => useContext(SetContext); \ No newline at end of file diff --git a/apps/frontend/src/components/new-launch/add.edit.modal.tsx b/apps/frontend/src/components/new-launch/add.edit.modal.tsx index 151a24b2..b891eeb6 100644 --- a/apps/frontend/src/components/new-launch/add.edit.modal.tsx +++ b/apps/frontend/src/components/new-launch/add.edit.modal.tsx @@ -2,7 +2,6 @@ import 'reflect-metadata'; import { useLaunchStore } from '@gitroom/frontend/components/new-launch/store'; import dayjs from 'dayjs'; -import type { CreatePostDto } from '@gitroom/nestjs-libraries/dtos/posts/create.post.dto'; import { FC, useEffect } from 'react'; import { makeId } from '@gitroom/nestjs-libraries/services/make.is'; import { ManageModal } from '@gitroom/frontend/components/new-launch/manage.modal'; @@ -16,7 +15,7 @@ export interface AddEditModalProps { integrations: Integrations[]; allIntegrations?: Integrations[]; selectedChannels?: string[]; - set?: CreatePostDto; + set?: any; focusedChannel?: string; addEditSets?: (data: any) => void; reopenModal: () => void; @@ -162,7 +161,7 @@ export const AddEditModalInnerInner: FC = (props) => { media: p.image || [], })) : props.set?.posts?.length - ? props.set.posts[0].value.map((p) => ({ + ? props.set.posts[0].value.map((p: any) => ({ id: makeId(10), content: p.content, // @ts-ignore diff --git a/libraries/helpers/src/utils/valid.url.path.ts b/libraries/helpers/src/utils/valid.url.path.ts new file mode 100644 index 00000000..5abf2aa6 --- /dev/null +++ b/libraries/helpers/src/utils/valid.url.path.ts @@ -0,0 +1,17 @@ +import { ValidationArguments, ValidatorConstraintInterface, ValidatorConstraint } from "class-validator"; + +@ValidatorConstraint({ name: 'checkValidPath', async: false }) +export class ValidUrlPath implements ValidatorConstraintInterface { + validate(text: string, args: ValidationArguments) { + if (!process.env.RESTRICT_UPLOAD_DOMAINS) { + return true; + } + + return text.indexOf(process.env.RESTRICT_UPLOAD_DOMAINS) > -1; + } + + defaultMessage(args: ValidationArguments) { + // here you can provide default error message if validation failed + return 'URL must contain the domain: ' + process.env.RESTRICT_UPLOAD_DOMAINS; + } +} \ No newline at end of file diff --git a/libraries/nestjs-libraries/src/dtos/media/media.dto.ts b/libraries/nestjs-libraries/src/dtos/media/media.dto.ts index bdedb525..2078921a 100644 --- a/libraries/nestjs-libraries/src/dtos/media/media.dto.ts +++ b/libraries/nestjs-libraries/src/dtos/media/media.dto.ts @@ -1,4 +1,5 @@ -import { IsDefined, IsString, IsUrl, ValidateIf } from 'class-validator'; +import { IsDefined, IsString, IsUrl, ValidateIf, Validate } from 'class-validator'; +import { ValidUrlPath } from '@gitroom/helpers/utils/valid.url.path'; export class MediaDto { @IsString() @@ -7,6 +8,7 @@ export class MediaDto { @IsString() @IsDefined() + @Validate(ValidUrlPath) path: string; @ValidateIf((o) => o.alt)