From 7e84268f0d4f1cdfcafb5a9b4897bfed3c1bac38 Mon Sep 17 00:00:00 2001 From: Ilango Date: Fri, 23 Feb 2024 15:59:14 +0530 Subject: [PATCH] Add content-disposition package for handling content disposition response header --- packages/server/package.json | 2 ++ packages/server/src/index.ts | 45 ++++++++++++++++++++---------------- 2 files changed, 27 insertions(+), 20 deletions(-) diff --git a/packages/server/package.json b/packages/server/package.json index 3698a216..cff39a89 100644 --- a/packages/server/package.json +++ b/packages/server/package.json @@ -48,6 +48,7 @@ "@oclif/core": "^1.13.10", "async-mutex": "^0.4.0", "axios": "1.6.2", + "content-disposition": "0.5.4", "cors": "^2.8.5", "crypto-js": "^4.1.1", "dotenv": "^16.0.0", @@ -70,6 +71,7 @@ "winston": "^3.9.0" }, "devDependencies": { + "@types/content-disposition": "0.5.8", "@types/cors": "^2.8.12", "@types/crypto-js": "^4.1.1", "@types/multer": "^1.4.7", diff --git a/packages/server/src/index.ts b/packages/server/src/index.ts index 824a217f..938a2351 100644 --- a/packages/server/src/index.ts +++ b/packages/server/src/index.ts @@ -5,6 +5,7 @@ import cors from 'cors' import http from 'http' import * as fs from 'fs' import basicAuth from 'express-basic-auth' +import contentDisposition from 'content-disposition' import { Server } from 'socket.io' import logger from './utils/logger' import { expressRequestLogger } from './utils/logger' @@ -1143,7 +1144,7 @@ export class App { if (!(filePath.includes('.flowise') && filePath.includes('openai-assistant'))) return res.status(500).send(`Invalid file path`) if (fs.existsSync(filePath)) { - res.setHeader('Content-Disposition', 'attachment; filename=' + path.basename(filePath)) + res.setHeader('Content-Disposition', contentDisposition(path.basename(filePath))) streamFileToUser(res, filePath) } else { return res.status(404).send(`File ${req.body.fileName} not found`) @@ -1158,27 +1159,31 @@ export class App { // stream uploaded image this.app.get('/api/v1/get-upload-file', async (req: Request, res: Response) => { - if (!req.query.chatflowId || !req.query.chatId || !req.query.fileName) { + try { + if (!req.query.chatflowId || !req.query.chatId || !req.query.fileName) { + return res.status(500).send(`Invalid file path`) + } + const chatflowId = req.query.chatflowId as string + const chatId = req.query.chatId as string + const fileName = req.query.fileName as string + + const filePath = path.join(getStoragePath(), chatflowId, chatId, fileName) + //raise error if file path is not absolute + if (!path.isAbsolute(filePath)) return res.status(500).send(`Invalid file path`) + //raise error if file path contains '..' + if (filePath.includes('..')) return res.status(500).send(`Invalid file path`) + //only return from the storage folder + if (!filePath.startsWith(getStoragePath())) return res.status(500).send(`Invalid file path`) + + if (fs.existsSync(filePath)) { + res.setHeader('Content-Disposition', contentDisposition(path.basename(filePath))) + streamFileToUser(res, filePath) + } else { + return res.status(404).send(`File ${fileName} not found`) + } + } catch (error) { return res.status(500).send(`Invalid file path`) } - const chatflowId = req.query.chatflowId as string - const chatId = req.query.chatId as string - const fileName = req.query.fileName as string - - const filePath = path.join(getStoragePath(), chatflowId, chatId, fileName) - //raise error if file path is not absolute - if (!path.isAbsolute(filePath)) return res.status(500).send(`Invalid file path`) - //raise error if file path contains '..' - if (filePath.includes('..')) return res.status(500).send(`Invalid file path`) - //only return from the storage folder - if (!filePath.startsWith(getStoragePath())) return res.status(500).send(`Invalid file path`) - - if (fs.existsSync(filePath)) { - res.setHeader('Content-Disposition', 'attachment; filename=' + path.basename(filePath)) - streamFileToUser(res, filePath) - } else { - return res.status(404).send(`File ${fileName} not found`) - } }) // ----------------------------------------