regalijan/car-crushers-portal
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Enforce submission type in upload endpoint

Browse Source
This commit is contained in:
Regalijan
2025-07-27 00:25:59 -04:00
parent 451d1c93d4
commit f9d9bdbac6
1 changed files with 26 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
functions/api/reports/submit.ts
View File

@ -2,8 +2,14 @@ import { jsonError, jsonResponse } from "../../common.js";
import upload from "../../upload.js";
export async function onRequestPost(context: RequestContext) {
const { description, files, senderTokenId, turnstileResponse, usernames } =
context.data.body;
const {
description,
files,
senderTokenId,
submissionType,
turnstileResponse,
usernames,
} = context.data.body;
if (!context.data.current_user) {
if (typeof turnstileResponse !== "string")
@ -32,6 +38,9 @@ export async function onRequestPost(context: RequestContext) {
if (!Array.isArray(usernames))
return jsonError("Usernames must be type of array", 400);
if (!["abuse", "exploit"].includes(submissionType))
return jsonError("Invalid submission type", 400);
if (
!["string", "undefined"].includes(typeof description) ||
description?.length > 512
@ -131,7 +140,19 @@ export async function onRequestPost(context: RequestContext) {
if (
fileParts.length < 2 ||
!["mkv", "mp4", "wmv", "m4v", "gif", "webm"].includes(fileExten)
![
"avif",
"gif",
"jpeg",
"jpg",
"m4v",
"mkv",
"mp4",
"png",
"webm",
"webp",
"wmv",
].includes(fileExten)
)
return jsonError(
`File ${file.name} cannot be uploaded as it is unsupported`,
@ -196,7 +217,7 @@ export async function onRequestPost(context: RequestContext) {
}
await context.env.D1.prepare(
"INSERT INTO reports (attachments, created_at, id, open, target_ids, target_usernames, user) VALUES (?, ?, ?, 1, ?, ?, ?);",
"INSERT INTO reports (attachments, created_at, id, open, target_ids, target_usernames, type, user) VALUES (?, ?, ?, 1, ?, ?, ?, ?);",
)
.bind(
JSON.stringify(attachments),
@ -204,6 +225,7 @@ export async function onRequestPost(context: RequestContext) {
reportId,
JSON.stringify(metaIDs),
JSON.stringify(metaNames),
submissionType,
currentUser ? JSON.stringify(currentUser) : null,
)
.run();