refactor

Author: dblythy

spec/.eslintrc.json

@@ -34,8 +34,7 @@
       "jequal": true,
       "create": true,
       "arrayContains": true,
-      "databaseAdapter": true,
-      "requestWithExpectedError": true
+      "databaseAdapter": true
     },
     "rules": {
       "no-console": [0],

spec/ParseFile.spec.js

@@ -1112,22 +1112,22 @@ describe('Parse.File testing', () => {
       await expectAsync(
         reconfigureServer({
           fileUpload: {
-            fileTypes: 1,
+            fileExtensions: 1,
           },
         })
-      ).toBeRejectedWith('fileUpload.fileTypes must be an array or string.');
+      ).toBeRejectedWith('fileUpload.fileExtensions must be an array.');
     });
   });
-  describe('fileTypes', () => {
+  describe('fileExtensions', () => {
     it('works with _ContentType', async () => {
       await reconfigureServer({
         fileUpload: {
           enableForPublic: true,
-          fileTypes: '(^image)(/)[a-zA-Z0-9_]*',
+          fileExtensions: ['png'],
         },
       });
       await expectAsync(
-        requestWithExpectedError({
+        request({
           method: 'POST',
           url: 'http://localhost:8378/1/files/file',
           body: JSON.stringify({
@@ -1136,44 +1136,47 @@ describe('Parse.File testing', () => {
             _ContentType: 'text/html',
             base64: 'PGh0bWw+PC9odG1sPgo=',
           }),
+        }).catch(e => {
+          throw new Error(e.data.error);
         })
       ).toBeRejectedWith(
-        new Parse.Error(Parse.Error.FILE_SAVE_ERROR, `File upload of type text/html is disabled.`)
+        new Parse.Error(Parse.Error.FILE_SAVE_ERROR, `File upload of type html is disabled.`)
       );
     });
 
     it('works without Content-Type', async () => {
       await reconfigureServer({
         fileUpload: {
           enableForPublic: true,
-          fileTypes: '(^image)(/)[a-zA-Z0-9_]*',
         },
       });
       const headers = {
         'X-Parse-Application-Id': 'test',
         'X-Parse-REST-API-Key': 'rest',
       };
       await expectAsync(
-        requestWithExpectedError({
+        request({
           method: 'POST',
           headers: headers,
           url: 'http://localhost:8378/1/files/file.html',
           body: '<html></html>\n',
+        }).catch(e => {
+          throw new Error(e.data.error);
         })
       ).toBeRejectedWith(
-        new Parse.Error(Parse.Error.FILE_SAVE_ERROR, `File upload of type text/html is disabled.`)
+        new Parse.Error(Parse.Error.FILE_SAVE_ERROR, `File upload of type html is disabled.`)
       );
     });
 
     it('works with array', async () => {
       await reconfigureServer({
         fileUpload: {
           enableForPublic: true,
-          fileTypes: ['image/jpg'],
+          fileExtensions: ['jpg'],
         },
       });
       await expectAsync(
-        requestWithExpectedError({
+        request({
           method: 'POST',
           url: 'http://localhost:8378/1/files/file',
           body: JSON.stringify({
@@ -1182,40 +1185,44 @@ describe('Parse.File testing', () => {
             _ContentType: 'text/html',
             base64: 'PGh0bWw+PC9odG1sPgo=',
           }),
+        }).catch(e => {
+          throw new Error(e.data.error);
         })
       ).toBeRejectedWith(
-        new Parse.Error(Parse.Error.FILE_SAVE_ERROR, `File upload of type text/html is disabled.`)
+        new Parse.Error(Parse.Error.FILE_SAVE_ERROR, `File upload of type html is disabled.`)
       );
     });
 
     it('works with array without Content-Type', async () => {
       await reconfigureServer({
         fileUpload: {
           enableForPublic: true,
-          fileTypes: ['image/jpg'],
+          fileExtensions: ['jpg'],
         },
       });
       const headers = {
         'X-Parse-Application-Id': 'test',
         'X-Parse-REST-API-Key': 'rest',
       };
       await expectAsync(
-        requestWithExpectedError({
+        request({
           method: 'POST',
           headers: headers,
           url: 'http://localhost:8378/1/files/file.html',
           body: '<html></html>\n',
+        }).catch(e => {
+          throw new Error(e.data.error);
         })
       ).toBeRejectedWith(
-        new Parse.Error(Parse.Error.FILE_SAVE_ERROR, `File upload of type text/html is disabled.`)
+        new Parse.Error(Parse.Error.FILE_SAVE_ERROR, `File upload of type html is disabled.`)
       );
     });
 
     it('works with array with correct file type', async () => {
       await reconfigureServer({
         fileUpload: {
           enableForPublic: true,
-          fileTypes: ['text/html'],
+          fileExtensions: ['html'],
         },
       });
       const response = await request({
@@ -1232,27 +1239,5 @@ describe('Parse.File testing', () => {
       expect(b.name).toMatch(/_file.html$/);
       expect(b.url).toMatch(/^http:\/\/localhost:8378\/1\/files\/test\/.*file.html$/);
     });
-
-    it('works with regex with correct file type', async () => {
-      await reconfigureServer({
-        fileUpload: {
-          enableForPublic: true,
-          fileTypes: '(^text)(/)[a-zA-Z0-9_]*',
-        },
-      });
-      const headers = {
-        'X-Parse-Application-Id': 'test',
-        'X-Parse-REST-API-Key': 'rest',
-      };
-      const response = await request({
-        method: 'POST',
-        headers: headers,
-        url: 'http://localhost:8378/1/files/file.html',
-        body: '<html></html>\n',
-      });
-      const b = response.data;
-      expect(b.name).toMatch(/_file.html$/);
-      expect(b.url).toMatch(/^http:\/\/localhost:8378\/1\/files\/test\/.*file.html$/);
-    });
   });
 });

spec/helper.js

@@ -4,7 +4,6 @@ const semver = require('semver');
 const CurrentSpecReporter = require('./support/CurrentSpecReporter.js');
 const { SpecReporter } = require('jasmine-spec-reporter');
 const SchemaCache = require('../lib/Adapters/Cache/SchemaCache').default;
-const request = require('../lib/request');
 
 // Ensure localhost resolves to ipv4 address first on node v17+
 if (dns.setDefaultResultOrder) {
@@ -31,13 +30,7 @@ if (global._babelPolyfill) {
   console.error('We should not use polyfilled tests');
   process.exit(1);
 }
-global.requestWithExpectedError = async params => {
-  try {
-    return await request(params);
-  } catch (e) {
-    throw new Error(e.data.error);
-  }
-};
+
 process.noDeprecation = true;
 
 const cache = require('../lib/cache').default;
@@ -117,6 +110,7 @@ const defaultConfiguration = {
     enableForPublic: true,
     enableForAnonymousUser: true,
     enableForAuthenticatedUser: true,
+    fileExtensions: ['*']
   },
   push: {
     android: {

src/Config.js

@@ -421,10 +421,10 @@ export class Config {
     } else if (typeof fileUpload.enableForAuthenticatedUser !== 'boolean') {
       throw 'fileUpload.enableForAuthenticatedUser must be a boolean value.';
     }
-    if (fileUpload.fileTypes === undefined) {
-      fileUpload.fileTypes = FileUploadOptions.fileTypes.default;
-    } else if (typeof fileUpload.fileTypes !== 'string' && !Array.isArray(fileUpload.fileTypes)) {
-      throw 'fileUpload.fileTypes must be an array or string.';
+    if (fileUpload.fileExtensions === undefined) {
+      fileUpload.fileExtensions = FileUploadOptions.fileExtensions.default;
+    } else if (!Array.isArray(fileUpload.fileExtensions)) {
+      throw 'fileUpload.fileExtensions must be an array.';
     }
   }
 

src/Deprecator/Deprecations.js

@@ -24,5 +24,4 @@ module.exports = [
   },
   { optionKey: 'enforcePrivateUsers', changeNewDefault: 'true' },
   { optionKey: 'allowClientClassCreation', changeNewDefault: 'false' },
-  { optionKey: 'fileUpload.fileTypes', changeNewDefault: '^(.(?!.*html?))*$' },
 ];

src/Options/Definitions.js

@@ -866,10 +866,11 @@ module.exports.FileUploadOptions = {
     action: parsers.booleanParser,
     default: false,
   },
-  fileTypes: {
-    env: 'PARSE_SERVER_FILE_UPLOAD_FILE_TYPES',
-    help: 'If set, allowed content types of files',
-    default: '.*',
+  fileExtensions: {
+    env: 'PARSE_SERVER_FILE_UPLOAD_FILE_EXTENSIONS',
+    help: 'Allowed content types of files',
+    action: parsers.arrayParser,
+    default: [],
   },
 };
 module.exports.DatabaseOptions = {

src/Options/docs.js

@@ -202,7 +202,7 @@
  * @property {Boolean} enableForAnonymousUser Is true if file upload should be allowed for anonymous users.
  * @property {Boolean} enableForAuthenticatedUser Is true if file upload should be allowed for authenticated users.
  * @property {Boolean} enableForPublic Is true if file upload should be allowed for anyone, regardless of user authentication.
- * @property {String} fileTypes If set, allowed content types of files
+ * @property {String[]} fileExtensions Allowed content types of files
  */
 
 /**

src/Options/index.js

@@ -490,9 +490,9 @@ export interface PasswordPolicyOptions {
 }
 
 export interface FileUploadOptions {
-  /*  If set, allowed content types of files
-  :DEFAULT: .* */
-  fileTypes: ?string;
+  /* Allowed content types of files
+  :DEFAULT: [] */
+  fileExtensions: ?(string[]);
   /*  Is true if file upload should be allowed for anonymous users.
   :DEFAULT: false */
   enableForAnonymousUser: ?boolean;

src/Routers/FilesRouter.js

@@ -137,18 +137,14 @@ export class FilesRouter {
       return;
     }
 
-    const fileTypes = config.fileUpload && config.fileUpload.fileTypes;
-    if (!isMaster && fileTypes) {
+    const fileExtensions = config.fileUpload && config.fileUpload.fileExtensions;
+    if (!isMaster && fileExtensions && !fileExtensions.includes('*')) {
       try {
-        if (Array.isArray(fileTypes)) {
-          if (!fileTypes.includes(contentType)) {
-            throw `File upload of type ${contentType} is disabled.`;
-          }
-        } else if (typeof fileTypes === 'string') {
-          const regex = new RegExp(fileTypes);
-          if (!regex.test(contentType)) {
-            throw `File upload of type ${contentType} is disabled.`;
-          }
+        const extension = filename.includes('.')
+          ? filename.split('.')[1]
+          : contentType.split('/')[1];
+        if (!fileExtensions.includes(extension)) {
+          throw `File upload of type ${extension} is disabled.`;
         }
       } catch (e) {
         next(new Parse.Error(Parse.Error.FILE_SAVE_ERROR, e));