Most modern browsers support it now

` Update ALLOWED_TYPES #96 ` https://gitea.com/gitea/docs/pulls/96

---------

Co-authored-by: silverwind <me@silverwind.io>
This commit is contained in:
wxiaoguang 2024-11-15 08:55:50 +08:00 коммит произвёл GitHub
Родитель 68731c07c5
Коммит 6f1de0a9e5
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: B5690EEEBB952194
7 изменённых файлов: 81 добавлений и 25 удалений

Просмотреть файл

@ -1912,7 +1912,7 @@ LEVEL = Info
;ENABLED = true ;ENABLED = true
;; ;;
;; Comma-separated list of allowed file extensions (`.zip`), mime types (`text/plain`) or wildcard type (`image/*`, `audio/*`, `video/*`). Empty value or `*/*` allows all types. ;; Comma-separated list of allowed file extensions (`.zip`), mime types (`text/plain`) or wildcard type (`image/*`, `audio/*`, `video/*`). Empty value or `*/*` allows all types.
;ALLOWED_TYPES = .csv,.docx,.fodg,.fodp,.fods,.fodt,.gif,.gz,.jpeg,.jpg,.log,.md,.mov,.mp4,.odf,.odg,.odp,.ods,.odt,.patch,.pdf,.png,.pptx,.svg,.tgz,.txt,.webm,.xls,.xlsx,.zip ;ALLOWED_TYPES = .avif,.cpuprofile,.csv,.dmp,.docx,.fodg,.fodp,.fods,.fodt,.gif,.gz,.jpeg,.jpg,.json,.jsonc,.log,.md,.mov,.mp4,.odf,.odg,.odp,.ods,.odt,.patch,.pdf,.png,.pptx,.svg,.tgz,.txt,.webm,.webp,.xls,.xlsx,.zip
;; ;;
;; Max size of each file. Defaults to 2048MB ;; Max size of each file. Defaults to 2048MB
;MAX_SIZE = 2048 ;MAX_SIZE = 2048

Просмотреть файл

@ -46,7 +46,7 @@ func ServeSetHeaders(w http.ResponseWriter, opts *ServeHeaderOptions) {
w.Header().Add(gzhttp.HeaderNoCompression, "1") w.Header().Add(gzhttp.HeaderNoCompression, "1")
} }
contentType := typesniffer.ApplicationOctetStream contentType := typesniffer.MimeTypeApplicationOctetStream
if opts.ContentType != "" { if opts.ContentType != "" {
if opts.ContentTypeCharset != "" { if opts.ContentTypeCharset != "" {
contentType = opts.ContentType + "; charset=" + strings.ToLower(opts.ContentTypeCharset) contentType = opts.ContentType + "; charset=" + strings.ToLower(opts.ContentTypeCharset)
@ -107,7 +107,7 @@ func setServeHeadersByFile(r *http.Request, w http.ResponseWriter, filePath stri
} else if isPlain { } else if isPlain {
opts.ContentType = "text/plain" opts.ContentType = "text/plain"
} else { } else {
opts.ContentType = typesniffer.ApplicationOctetStream opts.ContentType = typesniffer.MimeTypeApplicationOctetStream
} }
} }

Просмотреть файл

@ -3,33 +3,33 @@
package setting package setting
// Attachment settings type AttachmentSettingType struct {
var Attachment = struct {
Storage *Storage Storage *Storage
AllowedTypes string AllowedTypes string
MaxSize int64 MaxSize int64
MaxFiles int MaxFiles int
Enabled bool Enabled bool
}{ }
Storage: &Storage{},
AllowedTypes: ".cpuprofile,.csv,.dmp,.docx,.fodg,.fodp,.fods,.fodt,.gif,.gz,.jpeg,.jpg,.json,.jsonc,.log,.md,.mov,.mp4,.odf,.odg,.odp,.ods,.odt,.patch,.pdf,.png,.pptx,.svg,.tgz,.txt,.webm,.xls,.xlsx,.zip", var Attachment AttachmentSettingType
func loadAttachmentFrom(rootCfg ConfigProvider) (err error) {
Attachment = AttachmentSettingType{
AllowedTypes: ".avif,.cpuprofile,.csv,.dmp,.docx,.fodg,.fodp,.fods,.fodt,.gif,.gz,.jpeg,.jpg,.json,.jsonc,.log,.md,.mov,.mp4,.odf,.odg,.odp,.ods,.odt,.patch,.pdf,.png,.pptx,.svg,.tgz,.txt,.webm,.webp,.xls,.xlsx,.zip",
MaxSize: 2048, MaxSize: 2048,
MaxFiles: 5, MaxFiles: 5,
Enabled: true, Enabled: true,
} }
func loadAttachmentFrom(rootCfg ConfigProvider) (err error) {
sec, _ := rootCfg.GetSection("attachment") sec, _ := rootCfg.GetSection("attachment")
if sec == nil { if sec == nil {
Attachment.Storage, err = getStorage(rootCfg, "attachments", "", nil) Attachment.Storage, err = getStorage(rootCfg, "attachments", "", nil)
return err return err
} }
Attachment.AllowedTypes = sec.Key("ALLOWED_TYPES").MustString(".cpuprofile,.csv,.dmp,.docx,.fodg,.fodp,.fods,.fodt,.gif,.gz,.jpeg,.jpg,.json,.jsonc,.log,.md,.mov,.mp4,.odf,.odg,.odp,.ods,.odt,.patch,.pdf,.png,.pptx,.svg,.tgz,.txt,.webm,.xls,.xlsx,.zip") Attachment.AllowedTypes = sec.Key("ALLOWED_TYPES").MustString(Attachment.AllowedTypes)
Attachment.MaxSize = sec.Key("MAX_SIZE").MustInt64(2048) Attachment.MaxSize = sec.Key("MAX_SIZE").MustInt64(Attachment.MaxSize)
Attachment.MaxFiles = sec.Key("MAX_FILES").MustInt(5) Attachment.MaxFiles = sec.Key("MAX_FILES").MustInt(Attachment.MaxFiles)
Attachment.Enabled = sec.Key("ENABLED").MustBool(true) Attachment.Enabled = sec.Key("ENABLED").MustBool(Attachment.Enabled)
Attachment.Storage, err = getStorage(rootCfg, "attachments", "", sec) Attachment.Storage, err = getStorage(rootCfg, "attachments", "", sec)
return err return err
} }

Просмотреть файл

@ -5,10 +5,12 @@ package typesniffer
import ( import (
"bytes" "bytes"
"encoding/binary"
"fmt" "fmt"
"io" "io"
"net/http" "net/http"
"regexp" "regexp"
"slices"
"strings" "strings"
"code.gitea.io/gitea/modules/util" "code.gitea.io/gitea/modules/util"
@ -18,10 +20,10 @@ import (
const sniffLen = 1024 const sniffLen = 1024
const ( const (
// SvgMimeType MIME type of SVG images. MimeTypeImageSvg = "image/svg+xml"
SvgMimeType = "image/svg+xml" MimeTypeImageAvif = "image/avif"
// ApplicationOctetStream MIME type of binary files.
ApplicationOctetStream = "application/octet-stream" MimeTypeApplicationOctetStream = "application/octet-stream"
) )
var ( var (
@ -47,7 +49,7 @@ func (ct SniffedType) IsImage() bool {
// IsSvgImage detects if data is an SVG image format // IsSvgImage detects if data is an SVG image format
func (ct SniffedType) IsSvgImage() bool { func (ct SniffedType) IsSvgImage() bool {
return strings.Contains(ct.contentType, SvgMimeType) return strings.Contains(ct.contentType, MimeTypeImageSvg)
} }
// IsPDF detects if data is a PDF format // IsPDF detects if data is a PDF format
@ -81,6 +83,26 @@ func (ct SniffedType) GetMimeType() string {
return strings.SplitN(ct.contentType, ";", 2)[0] return strings.SplitN(ct.contentType, ";", 2)[0]
} }
// https://en.wikipedia.org/wiki/ISO_base_media_file_format#File_type_box
func detectFileTypeBox(data []byte) (brands []string, found bool) {
if len(data) < 12 {
return nil, false
}
boxSize := int(binary.BigEndian.Uint32(data[:4]))
if boxSize < 12 || boxSize > len(data) {
return nil, false
}
tag := string(data[4:8])
if tag != "ftyp" {
return nil, false
}
brands = append(brands, string(data[8:12]))
for i := 16; i+4 <= boxSize; i += 4 {
brands = append(brands, string(data[i:i+4]))
}
return brands, true
}
// DetectContentType extends http.DetectContentType with more content types. Defaults to text/unknown if input is empty. // DetectContentType extends http.DetectContentType with more content types. Defaults to text/unknown if input is empty.
func DetectContentType(data []byte) SniffedType { func DetectContentType(data []byte) SniffedType {
if len(data) == 0 { if len(data) == 0 {
@ -94,7 +116,6 @@ func DetectContentType(data []byte) SniffedType {
} }
// SVG is unsupported by http.DetectContentType, https://github.com/golang/go/issues/15888 // SVG is unsupported by http.DetectContentType, https://github.com/golang/go/issues/15888
detectByHTML := strings.Contains(ct, "text/plain") || strings.Contains(ct, "text/html") detectByHTML := strings.Contains(ct, "text/plain") || strings.Contains(ct, "text/html")
detectByXML := strings.Contains(ct, "text/xml") detectByXML := strings.Contains(ct, "text/xml")
if detectByHTML || detectByXML { if detectByHTML || detectByXML {
@ -102,7 +123,7 @@ func DetectContentType(data []byte) SniffedType {
dataProcessed = bytes.TrimSpace(dataProcessed) dataProcessed = bytes.TrimSpace(dataProcessed)
if detectByHTML && svgTagRegex.Match(dataProcessed) || if detectByHTML && svgTagRegex.Match(dataProcessed) ||
detectByXML && svgTagInXMLRegex.Match(dataProcessed) { detectByXML && svgTagInXMLRegex.Match(dataProcessed) {
ct = SvgMimeType ct = MimeTypeImageSvg
} }
} }
@ -116,6 +137,11 @@ func DetectContentType(data []byte) SniffedType {
} }
} }
fileTypeBrands, found := detectFileTypeBox(data)
if found && slices.Contains(fileTypeBrands, "avif") {
ct = MimeTypeImageAvif
}
if ct == "application/ogg" { if ct == "application/ogg" {
dataHead := data dataHead := data
if len(dataHead) > 256 { if len(dataHead) > 256 {

Просмотреть файл

@ -134,3 +134,33 @@ func TestDetectContentTypeOgg(t *testing.T) {
assert.NoError(t, err) assert.NoError(t, err)
assert.True(t, st.IsVideo()) assert.True(t, st.IsVideo())
} }
func TestDetectFileTypeBox(t *testing.T) {
_, found := detectFileTypeBox([]byte("\x00\x00\xff\xffftypAAAA...."))
assert.False(t, found)
brands, found := detectFileTypeBox([]byte("\x00\x00\x00\x0cftypAAAA"))
assert.True(t, found)
assert.Equal(t, []string{"AAAA"}, brands)
brands, found = detectFileTypeBox([]byte("\x00\x00\x00\x10ftypAAAA....BBBB"))
assert.True(t, found)
assert.Equal(t, []string{"AAAA"}, brands)
brands, found = detectFileTypeBox([]byte("\x00\x00\x00\x14ftypAAAA....BBBB"))
assert.True(t, found)
assert.Equal(t, []string{"AAAA", "BBBB"}, brands)
_, found = detectFileTypeBox([]byte("\x00\x00\x00\x14ftypAAAA....BBB"))
assert.False(t, found)
brands, found = detectFileTypeBox([]byte("\x00\x00\x00\x13ftypAAAA....BBB"))
assert.True(t, found)
assert.Equal(t, []string{"AAAA"}, brands)
}
func TestDetectContentTypeAvif(t *testing.T) {
buf := []byte("\x00\x00\x00\x20ftypavif.......................")
st := DetectContentType(buf)
assert.Equal(t, MimeTypeImageAvif, st.contentType)
}

Просмотреть файл

@ -118,7 +118,7 @@ test('encodeURLEncodedBase64, decodeURLEncodedBase64', () => {
}); });
test('file detection', () => { test('file detection', () => {
for (const name of ['a.jpg', '/a.jpeg', '.file.png', '.webp', 'file.svg']) { for (const name of ['a.avif', 'a.jpg', '/a.jpeg', '.file.png', '.webp', 'file.svg']) {
expect(isImageFile({name})).toBeTruthy(); expect(isImageFile({name})).toBeTruthy();
} }
for (const name of ['', 'a.jpg.x', '/path.png/x', 'webp']) { for (const name of ['', 'a.jpg.x', '/path.png/x', 'webp']) {

Просмотреть файл

@ -165,7 +165,7 @@ export function sleep(ms: number): Promise<void> {
} }
export function isImageFile({name, type}: {name: string, type?: string}): boolean { export function isImageFile({name, type}: {name: string, type?: string}): boolean {
return /\.(jpe?g|png|gif|webp|svg|heic)$/i.test(name || '') || type?.startsWith('image/'); return /\.(avif|jpe?g|png|gif|webp|svg|heic)$/i.test(name || '') || type?.startsWith('image/');
} }
export function isVideoFile({name, type}: {name: string, type?: string}): boolean { export function isVideoFile({name, type}: {name: string, type?: string}): boolean {