Allow filename validation and key generation to be methods

Author: Mike Patnode

README.md

@@ -67,8 +67,8 @@ The preferred method is to use the default AWS credentials pattern.  If no AWS c
       "signatureVersion": 'v4', // default value
       "globalCacheControl": null, // default value. Or 'public, max-age=86400' for 24 hrs Cache-Control
       "ServerSideEncryption": 'AES256|aws:kms', //AES256 or aws:kms, or if you do not pass this, encryption won't be done
-      "fileNameCheck": 'strict', // safe, strict or loose.   
-      "preserveFileName": 'always' // never, haspath, always (default always)
+      "validateFilename": null, // Default to parse-server FilesAdapter::validateFilename.   
+      "generateKey": null // Will default to Parse.FilesController.preserveFileName
     }
   }
 }
@@ -113,8 +113,15 @@ var s3Adapter = new S3Adapter('accessKey',
                     baseUrl: 'http://images.example.com',
                     signatureVersion: 'v4',
                     globalCacheControl: 'public, max-age=86400',  // 24 hrs Cache-Control.
-                    fileNameCheck: 'safe' // allow "directory" creation
-                    preserveFileName: 'haspath' // keep the filename if there's a / (directory) in the name
+                    validateFilename: (filename) => {
+                      if (filename.length > 1024) {
+                         return 'Filename too long.';
+                       }
+                       return null; // Return null on success
+                    },
+                    generateKey: (filename) => {
+                        return `${Date.now()}_${filename}`; // unique prefix for every filename
+                    }
                   });
 
 var api = new ParseServer({
@@ -151,8 +158,8 @@ var s3Options = {
   "baseUrl": null // default value
   "signatureVersion": 'v4', // default value
   "globalCacheControl": null, // default value. Or 'public, max-age=86400' for 24 hrs Cache-Control
-  "fileNameCheck": 'loose' // anything goes
-  "preserveFileName": 'never' // Ensure Parse.FileController.preserveFileName is true!
+  "validateFilename": () => null, // Anything goes!
+  "generateKey": (filename) => filename,  // Ensure Parse.FilesController.preserveFileName is true!
 }
 
 var s3Adapter = new S3Adapter(s3Options);
@@ -176,8 +183,6 @@ var s3Options = {
   baseUrl: process.env.SPACES_BASE_URL, 
   region: process.env.SPACES_REGION,
   directAccess: true,
-  preserveFilename: "always",
-  fileNameCheck: "safe",
   globalCacheControl: "public, max-age=31536000", 
   bucketPrefix: process.env.SPACES_BUCKET_PREFIX,
   s3overrides: {

index.js

@@ -26,8 +26,9 @@ class S3Adapter {
     this._signatureVersion = options.signatureVersion;
     this._globalCacheControl = options.globalCacheControl;
     this._encryption = options.ServerSideEncryption;
-    this._fileNameCheck = options.fileNameCheck;
-    this._preserveFileName = options.preserveFileName;
+    this._generateKey = options.generateKey;
+    // Optional FilesAdaptor method
+    this.validateFilename = options.validateFilename;
 
     const s3Options = {
       params: { Bucket: this._bucket },
@@ -67,22 +68,12 @@ class S3Adapter {
   // Returns a promise containing the S3 object creation response
   createFile(filename, data, contentType) {
     const params = {
-      Key: this._bucketPrefix,
+      Key: this._bucketPrefix + filename,
       Body: data,
     };
 
-    let prefix = '';
-    const lastSlash = filename.lastIndexOf('/');
-    if (this._preserveFileName === 'never' || (this._preserveFileName === 'haspath' && lastSlash === -1)) {
-      prefix = `${Date.now()}_`;
-    }
-
-    if (lastSlash > 0) {
-      // put the prefix before the last component of the filename
-      params.Key += filename.substring(0, lastSlash + 1) + prefix
-          + filename.substring(lastSlash + 1);
-    } else {
-      params.Key += prefix + filename;
+    if (this._generateKey instanceof Function) {
+      params.Key = this._bucketPrefix + this._generateKey(filename);
     }
 
     if (this._directAccess) {
@@ -180,36 +171,6 @@ class S3Adapter {
       });
     }));
   }
-
-  validateFilename(filename) {
-    let regex;
-
-    if (filename.length > 1024) {
-      return 'Filename too long.';
-    }
-
-    // From https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html#object-keys
-    switch (this._fileNameCheck) {
-    case 'loose':
-      // Just don't start with a /
-      regex = /[^/].*$/;
-      break;
-    case 'safe':
-      // eslint-disable-next-line no-control-regex
-      regex = /^[_a-zA-Z0-9][a-zA-Z0-9@. ~_\-/$&\x00-\x1F\x7F=;:+,?%]*$/;
-      break;
-    case 'strict':
-    default:
-      regex = /^[_a-zA-Z0-9][a-zA-Z0-9@. ~_-]*$/;
-      break;
-    }
-
-    if (!filename.match(regex)) {
-      return 'Filename contains invalid characters.';
-    }
-
-    return null;
-  }
 }
 
 module.exports = S3Adapter;

lib/optionsFromArguments.js

@@ -64,8 +64,8 @@ const optionsFromArguments = function optionsFromArguments(args) {
       options.signatureVersion = otherOptions.signatureVersion;
       options.globalCacheControl = otherOptions.globalCacheControl;
       options.ServerSideEncryption = otherOptions.ServerSideEncryption;
-      options.fileNameCheck = otherOptions.fileNameCheck;
-      options.preserveFileName = otherOptions.preserveFileName;
+      options.generateKey = otherOptions.generateKey;
+      options.validateFilename = otherOptions.validateFilename;
       s3overrides = otherOptions.s3overrides;
     }
   } else if (args.length === 1) {
@@ -92,8 +92,8 @@ const optionsFromArguments = function optionsFromArguments(args) {
   options = fromEnvironmentOrDefault(options, 'baseUrlDirect', 'S3_BASE_URL_DIRECT', false);
   options = fromEnvironmentOrDefault(options, 'signatureVersion', 'S3_SIGNATURE_VERSION', 'v4');
   options = fromEnvironmentOrDefault(options, 'globalCacheControl', 'S3_GLOBAL_CACHE_CONTROL', null);
-  options = fromEnvironmentOrDefault(options, 'fileNameCheck', 'S3_FILENAME_CHECK', 'strict');
-  options = fromEnvironmentOrDefault(options, 'preserveFileName', 'S3_PRESERVE_FILENAME', 'always');
+  options = fromOptionsDictionaryOrDefault(options, 'generateKey', null);
+  options = fromOptionsDictionaryOrDefault(options, 'validateFilename', null);
 
   return options;
 };

package-lock.json

@@ -25,7 +25,8 @@
   },
   "homepage": "https://github.com/parse-community/parse-server-s3-adapter#readme",
   "dependencies": {
-    "aws-sdk": "^2.59.0"
+    "aws-sdk": "^2.59.0",
+    "parse": "^2.9.1"
   },
   "devDependencies": {
     "codecov": "^3.0.0",

package.json

@@ -1,6 +1,7 @@
 const AWS = require('aws-sdk');
 const config = require('config');
 const filesAdapterTests = require('parse-server-conformance-tests').files;
+const Parse = require('parse').Parse;
 const S3Adapter = require('../index.js');
 const optionsFromArguments = require('../lib/optionsFromArguments');
 
@@ -304,32 +305,27 @@ describe('S3Adapter tests', () => {
 
     beforeEach(() => {
       options = {
-        fileNameCheck: 'strict',
+        validateFilename: null,
       };
     });
 
-    it('should not allow directories when strict', () => {
-      options.fileNameCheck = 'strict';
+    it('should be null by default', () => {
       const s3 = new S3Adapter('accessKey', 'secretKey', 'myBucket', options);
-      expect(s3.validateFilename('foo/bar')).toBe('Filename contains invalid characters.');
+      expect(s3.validateFilename === null).toBe(true);
     });
 
-    it('should allow directories when safe', () => {
-      options.fileNameCheck = 'safe';
-      const s3 = new S3Adapter('accessKey', 'secretKey', 'myBucket', options);
-      expect(s3.validateFilename('foo/bar')).toBe(null);
-    });
-
-    it('should allow not allow emojis when safe', () => {
-      options.fileNameCheck = 'safe';
-      const s3 = new S3Adapter('accessKey', 'secretKey', 'myBucket', options);
-      expect(s3.validateFilename('foo🛒/bar')).toBe('Filename contains invalid characters.');
-    });
-
-    it('should allow allow emojis when loose', () => {
-      options.fileNameCheck = 'loose';
+    it('should not allow directories when overridden', () => {
+      options.validateFilename = (filename) => {
+        if (filename.indexOf('/') !== -1) {
+          return new Parse.Error(
+            Parse.Error.INVALID_FILE_NAME,
+            'Filename contains invalid characters.',
+          );
+        }
+        return null;
+      };
       const s3 = new S3Adapter('accessKey', 'secretKey', 'myBucket', options);
-      expect(s3.validateFilename('foo🛒/bar')).toBe(null);
+      expect(s3.validateFilename('foo/bar') instanceof Parse.Error).toBe(true);
     });
   });
 
@@ -387,19 +383,30 @@ describe('S3Adapter tests', () => {
     return s3;
   }
 
-  describe('preserveFilename', () => {
+  describe('generateKey', () => {
     let options;
     const promises = [];
 
     beforeEach(() => {
       options = {
-        fileNameCheck: 'loose',
-        preserveFileName: 'never',
+        bucketPrefix: 'test/',
+        generateKey: (filename) => {
+          let key = '';
+          const lastSlash = filename.lastIndexOf('/');
+          const prefix = `${Date.now()}_`;
+          if (lastSlash > 0) {
+            // put the prefix before the last component of the filename
+            key += filename.substring(0, lastSlash + 1) + prefix
+                + filename.substring(lastSlash + 1);
+          } else {
+            key += prefix + filename;
+          }
+          return key;
+        },
       };
     });
 
-    it('should add a unique timestamp to the file name when the preserveFileName option is never', () => {
-      options.preserveFileName = 'never';
+    it('should return a file with a date stamp inserted in the path', () => {
       const s3 = makeS3Adapter(options);
       const fileName = 'randomFileName.txt';
       const response = s3.createFile(fileName, 'hello world', 'text/utf8').then((value) => {
@@ -409,24 +416,23 @@ describe('S3Adapter tests', () => {
       promises.push(response);
     });
 
-    it('should not add unique timestamp to the file name when the preserveFileName option is hasPath and there is a path', () => {
-      options.preserveFileName = 'hasPath';
+    it('should do nothing when null', () => {
+      options.generateKey = null;
       const s3 = makeS3Adapter(options);
       const fileName = 'foo/randomFileName.txt';
       const response = s3.createFile(fileName, 'hello world', 'text/utf8').then((value) => {
         const url = new URL(value.Location);
-        expect(url.pathname.substring(1)).toEqual(fileName);
+        expect(url.pathname.substring(1)).toEqual(options.bucketPrefix + fileName);
       });
       promises.push(response);
     });
 
-    it('should add unique timestamp to the file name after the last directory when the preserveFileName option is never and there is a path', () => {
-      options.preserveFileName = 'never';
+    it('should add unique timestamp to the file name after the last directory when there is a path', () => {
       const s3 = makeS3Adapter(options);
       const fileName = 'foo/randomFileName.txt';
       const response = s3.createFile(fileName, 'hello world', 'text/utf8').then((value) => {
         const url = new URL(value.Location);
-        expect(url.pathname.indexOf('foo/')).toEqual(1);
+        expect(url.pathname.indexOf('foo/')).toEqual(6);
         expect(url.pathname.indexOf('random') > 13).toBe(true);
       });
       promises.push(response);