* Reads the file bytes straight from storage via the storage SDK (not by HTTP-fetching the * signed URL), so there is no server-side URL fetch to be an SSRF vector and internal * object storage works. Bounded by the provider's attachment ceiling.
(file: UserFile, maxBytes: number)
| 178 | * object storage works. Bounded by the provider's attachment ceiling. |
| 179 | */ |
| 180 | async function downloadFileForUpload(file: UserFile, maxBytes: number): Promise<Blob> { |
| 181 | const { buffer, contentType } = await downloadServableFileFromStorage( |
| 182 | file, |
| 183 | 'provider-file-upload', |
| 184 | logger, |
| 185 | { maxBytes } |
| 186 | ) |
| 187 | return new Blob([new Uint8Array(buffer)], { |
| 188 | type: contentType || file.type || inferAttachmentMimeType(file), |
| 189 | }) |
| 190 | } |
| 191 | |
| 192 | /** |
| 193 | * Uploads to `POST /v1/files` via multipart directly (not the SDK), because the installed |
no test coverage detected