(req, res, next)
| 368 | } |
| 369 | |
| 370 | async createHandler(req, res, next) { |
| 371 | if (req.auth.isReadOnly) { |
| 372 | const error = createSanitizedHttpError(403, "read-only masterKey isn't allowed to create a file.", req.config); |
| 373 | res.status(error.status); |
| 374 | res.end(`{"error":"${error.message}"}`); |
| 375 | return; |
| 376 | } |
| 377 | const config = req.config; |
| 378 | const isMaster = req.auth.isMaster; |
| 379 | const isMaintenance = req.auth.isMaintenance; |
| 380 | if (!isMaster && !isMaintenance) { |
| 381 | const user = req.auth.user; |
| 382 | const isLinked = user && Parse.AnonymousUtils.isLinked(user); |
| 383 | if (!config.fileUpload.enableForAnonymousUser && isLinked) { |
| 384 | next( |
| 385 | new Parse.Error(Parse.Error.FILE_SAVE_ERROR, 'File upload by anonymous user is disabled.') |
| 386 | ); |
| 387 | return; |
| 388 | } |
| 389 | if (!config.fileUpload.enableForAuthenticatedUser && !isLinked && user) { |
| 390 | next( |
| 391 | new Parse.Error( |
| 392 | Parse.Error.FILE_SAVE_ERROR, |
| 393 | 'File upload by authenticated user is disabled.' |
| 394 | ) |
| 395 | ); |
| 396 | return; |
| 397 | } |
| 398 | if (!config.fileUpload.enableForPublic && !user) { |
| 399 | next(new Parse.Error(Parse.Error.FILE_SAVE_ERROR, 'File upload by public is disabled.')); |
| 400 | return; |
| 401 | } |
| 402 | } |
| 403 | const filesController = config.filesController; |
| 404 | const { filename } = req.params; |
| 405 | const contentType = req.get('Content-type'); |
| 406 | |
| 407 | const error = filesController.validateFilename(filename); |
| 408 | if (error) { |
| 409 | next(error); |
| 410 | return; |
| 411 | } |
| 412 | |
| 413 | const fileExtensions = config.fileUpload?.fileExtensions; |
| 414 | if (!isMaster && fileExtensions) { |
| 415 | const isValidExtension = extension => { |
| 416 | return fileExtensions.some(ext => { |
| 417 | if (ext === '*') { |
| 418 | return true; |
| 419 | } |
| 420 | const regex = new RegExp(ext); |
| 421 | if (regex.test(extension)) { |
| 422 | return true; |
| 423 | } |
| 424 | }); |
| 425 | }; |
| 426 | let extension = contentType; |
| 427 | if (filename && filename.includes('.')) { |
nothing calls this directly
no test coverage detected