fix: Ensure that downloaded asset images are from the allowed content types

author: MohamedBassem <me@mbassem.com> 2024-04-20 00:03:44 +0100
committer: Mohamed Bassem <me@mbassem.com> 2024-04-20 00:05:31 +0100
commit: 12c682b357f09cbba7d66d3dbb6d41dda3b46c7b (patch)
tree: 8024c4ff324a16db9363a589b47d34a738e53e19 /apps/web
parent: e12fe024a9c837dc88569f80f3f75ead85bdfbde (diff)
download: karakeep-12c682b357f09cbba7d66d3dbb6d41dda3b46c7b.tar.zst
1 files changed, 5 insertions, 8 deletions
diff --git a/apps/web/app/api/assets/route.ts b/apps/web/app/api/assets/route.ts
index a1ebea0f..f1a17fc9 100644
--- a/apps/web/app/api/assets/route.ts
+++ b/apps/web/app/api/assets/route.ts
@@ -2,16 +2,13 @@ import { createContextFromRequest } from "@/server/api/client";
 import { TRPCError } from "@trpc/server";
 
 import type { ZUploadResponse } from "@hoarder/shared/types/uploads";
-import { newAssetId, saveAsset } from "@hoarder/shared/assetdb";
+import {
+  newAssetId,
+  saveAsset,
+  SUPPORTED_ASSET_TYPES,
+} from "@hoarder/shared/assetdb";
 import serverConfig from "@hoarder/shared/config";
 
-const SUPPORTED_ASSET_TYPES = new Set([
-  "image/jpeg",
-  "image/png",
-  "image/webp",
-  "application/pdf",
-]);
-
 const MAX_UPLOAD_SIZE_BYTES = serverConfig.maxAssetSizeMb * 1024 * 1024;
 
 export const dynamic = "force-dynamic";
author	MohamedBassem <me@mbassem.com>	2024-04-20 00:03:44 +0100
committer	Mohamed Bassem <me@mbassem.com>	2024-04-20 00:05:31 +0100
commit	12c682b357f09cbba7d66d3dbb6d41dda3b46c7b (patch)
tree	8024c4ff324a16db9363a589b47d34a738e53e19 /apps/web
parent	e12fe024a9c837dc88569f80f3f75ead85bdfbde (diff)
download	karakeep-12c682b357f09cbba7d66d3dbb6d41dda3b46c7b.tar.zst