(filename: string)
| 121 | } |
| 122 | |
| 123 | export async function findLocalFile(filename: string): Promise<string | null> { |
| 124 | try { |
| 125 | const sanitizedFilename = sanitizeFileKey(filename) |
| 126 | |
| 127 | if (!sanitizedFilename || !sanitizedFilename.trim() || /^[/\\.\s]+$/.test(sanitizedFilename)) { |
| 128 | return null |
| 129 | } |
| 130 | |
| 131 | const { existsSync } = await import('fs') |
| 132 | const path = await import('path') |
| 133 | const { UPLOAD_DIR_SERVER } = await import('@/lib/uploads/core/setup.server') |
| 134 | |
| 135 | const resolvedPath = path.join(UPLOAD_DIR_SERVER, sanitizedFilename) |
| 136 | |
| 137 | if ( |
| 138 | !resolvedPath.startsWith(UPLOAD_DIR_SERVER + path.sep) || |
| 139 | resolvedPath === UPLOAD_DIR_SERVER |
| 140 | ) { |
| 141 | return null |
| 142 | } |
| 143 | |
| 144 | if (existsSync(resolvedPath)) { |
| 145 | return resolvedPath |
| 146 | } |
| 147 | |
| 148 | return null |
| 149 | } catch (error) { |
| 150 | logger.error('Error in findLocalFile:', error) |
| 151 | return null |
| 152 | } |
| 153 | } |
| 154 | |
| 155 | const SAFE_INLINE_TYPES = new Set([ |
| 156 | 'image/png', |
no test coverage detected