From 716c48f3b407f2ebe9af59691523b9b877e59dc5 Mon Sep 17 00:00:00 2001 From: Mohamed Marrouchi Date: Mon, 13 Jan 2025 17:55:20 +0100 Subject: [PATCH] fix: omit jwt extra attrs + add stream support for storing attachments --- api/src/attachment/services/attachment.service.ts | 6 +++--- api/src/channel/lib/Handler.ts | 6 +++++- api/src/chat/schemas/types/attachment.ts | 2 +- api/src/plugins/base-storage-plugin.ts | 4 ++-- 4 files changed, 11 insertions(+), 7 deletions(-) diff --git a/api/src/attachment/services/attachment.service.ts b/api/src/attachment/services/attachment.service.ts index 1ad83a1b..c8975c78 100644 --- a/api/src/attachment/services/attachment.service.ts +++ b/api/src/attachment/services/attachment.service.ts @@ -8,7 +8,7 @@ import fs, { createReadStream, promises as fsPromises } from 'fs'; import { join, resolve } from 'path'; -import { Readable } from 'stream'; +import { Readable, Stream } from 'stream'; import { Injectable, @@ -202,7 +202,7 @@ export class AttachmentService extends BaseService { * @returns A promise that resolves to an array of uploaded attachments. */ async store( - file: Buffer | Readable | Express.Multer.File, + file: Buffer | Stream | Readable | Express.Multer.File, metadata: AttachmentMetadataDto, rootDir = config.parameters.uploadDir, ): Promise { @@ -219,7 +219,7 @@ export class AttachmentService extends BaseService { if (Buffer.isBuffer(file)) { await fsPromises.writeFile(filePath, file); - } else if (file instanceof Readable) { + } else if (file instanceof Readable || file instanceof Stream) { await new Promise((resolve, reject) => { const writeStream = fs.createWriteStream(filePath); file.pipe(writeStream); diff --git a/api/src/channel/lib/Handler.ts b/api/src/channel/lib/Handler.ts index 10578b14..d488cc72 100644 --- a/api/src/channel/lib/Handler.ts +++ b/api/src/channel/lib/Handler.ts @@ -277,7 +277,11 @@ export default abstract class ChannelHandler< */ public async download(token: string, _req: Request) { try { - const result = this.jwtService.verify(token, this.jwtSignOptions); + const { + exp: _exp, + iat: _iat, + ...result + } = this.jwtService.verify(token, this.jwtSignOptions); const attachment = plainToClass(Attachment, result); return await this.attachmentService.download(attachment); } catch (err) { diff --git a/api/src/chat/schemas/types/attachment.ts b/api/src/chat/schemas/types/attachment.ts index 274d5926..cdf02e5f 100644 --- a/api/src/chat/schemas/types/attachment.ts +++ b/api/src/chat/schemas/types/attachment.ts @@ -27,7 +27,7 @@ export type AttachmentRef = id: string | null; } | { - /** To be used only for external URLs (plugins), for attachments use "id" instead */ + /** @deprecated To be used only for external URLs (plugins), for stored attachments use "id" instead */ url: string; }; diff --git a/api/src/plugins/base-storage-plugin.ts b/api/src/plugins/base-storage-plugin.ts index 8d01ce46..0583069e 100644 --- a/api/src/plugins/base-storage-plugin.ts +++ b/api/src/plugins/base-storage-plugin.ts @@ -6,7 +6,7 @@ * 2. All derivative works must include clear attribution to the original creator and software, Hexastack and Hexabot, in a prominent location (e.g., in the software's "About" section, documentation, and README file). */ -import { Readable } from 'stream'; +import { Readable, Stream } from 'stream'; import { Injectable, StreamableFile } from '@nestjs/common'; @@ -48,7 +48,7 @@ export abstract class BaseStoragePlugin extends BasePlugin { readAsBuffer?(attachment: Attachment): Promise; store?( - file: Buffer | Readable | Express.Multer.File, + file: Buffer | Stream | Readable | Express.Multer.File, metadata: AttachmentMetadataDto, rootDir?: string, ): Promise;