From 12c682b357f09cbba7d66d3dbb6d41dda3b46c7b Mon Sep 17 00:00:00 2001
From: MohamedBassem <me@mbassem.com>
Date: Sat, 20 Apr 2024 00:03:44 +0100
Subject: fix: Ensure that downloaded asset images are from the allowed content
 types

---
 apps/web/app/api/assets/route.ts | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)

(limited to 'apps/web/app')

diff --git a/apps/web/app/api/assets/route.ts b/apps/web/app/api/assets/route.ts
index a1ebea0f..f1a17fc9 100644
--- a/apps/web/app/api/assets/route.ts
+++ b/apps/web/app/api/assets/route.ts
@@ -2,16 +2,13 @@ import { createContextFromRequest } from "@/server/api/client";
 import { TRPCError } from "@trpc/server";
 
 import type { ZUploadResponse } from "@hoarder/shared/types/uploads";
-import { newAssetId, saveAsset } from "@hoarder/shared/assetdb";
+import {
+  newAssetId,
+  saveAsset,
+  SUPPORTED_ASSET_TYPES,
+} from "@hoarder/shared/assetdb";
 import serverConfig from "@hoarder/shared/config";
 
-const SUPPORTED_ASSET_TYPES = new Set([
-  "image/jpeg",
-  "image/png",
-  "image/webp",
-  "application/pdf",
-]);
-
 const MAX_UPLOAD_SIZE_BYTES = serverConfig.maxAssetSizeMb * 1024 * 1024;
 
 export const dynamic = "force-dynamic";
-- 
cgit v1.2.3-70-g09d2