11 сар өмнө · 2008db0852
--- a/packages/backend/src/routers/filesystem_api/batch/all.js
+++ b/packages/backend/src/routers/filesystem_api/batch/all.js
@@ -27,6 +27,7 @@ const { BatchExecutor } = require("../../../filesystem/batch/BatchExecutor");
 
				 const { TeePromise } = require("../../../util/promise");
			
 
				 const { EWMA, MovingMode } = require("../../../util/opmath");
			
 
				 const { get_app } = require('../../../helpers');
			
 
				+const { valid_file_size } = require("../../../util/validutil");
			
 
				 
			
 
				 const commands = require('../../../filesystem/batch/commands.js').commands;
			
 
				 
			
@@ -189,9 +190,11 @@ module.exports = eggspress('/batch', {
 
				 
			
 
				             if ( fieldname === 'fileinfo' ) {
			
 
				                 const fileinfo = JSON.parse(value);
			
 
				-                if ( fileinfo.size < 0 ) {
			
 
				+                const { v: size, ok: size_ok } = valid_file_size(fileinfo.size);
			
 
				+                if ( ! size_ok ) {
			
 
				                     throw APIError.create('invalid_file_metadata');
			
 
				                 }
			
 
				+                fileinfo.size = size;
			
 
				                 fileinfos.push(fileinfo);
			
 
				                 return;
			
 
				             }
			
--- a/packages/backend/src/routers/filesystem_api/write.js
+++ b/packages/backend/src/routers/filesystem_api/write.js
@@ -26,6 +26,7 @@ const Busboy = require('busboy');
 
				 const { TeePromise } = require('../../util/promise.js');
			
 
				 const APIError = require('../../api/APIError.js');
			
 
				 const api_error_handler = require('../../api/api_error_handler.js');
			
 
				+const { valid_file_size } = require('../../util/validutil.js');
			
 
				 
			
 
				 // -----------------------------------------------------------------------//
			
 
				 // POST /up | /write
			
@@ -119,9 +120,19 @@ module.exports = eggspress(['/up', '/write'], {
 
				         const {
			
 
				             filename, mimetype,
			
 
				         } = details;
			
 
				+        
			
 
				+        const { v: size, ok: size_ok } =
			
 
				+            valid_file_size(req.body.size);
			
 
				+            
			
 
				+        if ( ! size_ok ) {
			
 
				+            p_ready.reject(
			
 
				+                APIError.create('invalid_file_metadata')
			
 
				+            );
			
 
				+            return;
			
 
				+        }
			
 
				 
			
 
				         uploaded_file = {
			
 
				-            size: req.body.size,
			
 
				+            size: size,
			
 
				             name: filename,
			
 
				             mimetype,
			
 
				             stream,
			
--- a/packages/backend/src/util/validutil.js
+++ b/packages/backend/src/util/validutil.js
@@ -0,0 +1,14 @@
 
				+const valid_file_size = v => {
			
 
				+    v =  Number(v);
			
 
				+    if ( ! Number.isInteger(v) ) {
			
 
				+        return { ok: false, v };
			
 
				+    }
			
 
				+    if ( ! (v >= 0) ) {
			
 
				+        return { ok: false, v };
			
 
				+    }
			
 
				+    return { ok: true, v };
			
 
				+};
			
 
				+
			
 
				+module.exports = {
			
 
				+    valid_file_size,
			
 
				+};