Mirrors/audiobookshelf
Mirrors/audiobookshelf
1
0
Fork 0
mirror of https://github.com/advplyr/audiobookshelf.git synced 2025-10-27 11:18:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update upload API endpoint to validate request body

Browse Source
This commit is contained in:
advplyr 2025-04-27 09:18:52 -05:00
parent ec05bd36e4
commit 35870a0158
2 changed files with 16 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
client/pages/upload/index.vue
View File

@ -316,9 +316,8 @@ export default {
.$post('/api/upload', form) .$post('/api/upload', form)
.then(() => true) .then(() => true)
.catch((error) => { .catch((error) => {
console.error('Failed', error) console.error('Failed to upload item', error)
var errorMessage = error.response && error.response.data ? error.response.data : 'Oops, something went wrong...' this.$toast.error(error.response?.data || 'Oops, something went wrong...')
this.$toast.error(errorMessage)
return false return false
}) })
}, },
@ -382,13 +381,9 @@ export default {
} }
} }
let itemsUploaded = 0
let itemsFailed = 0
for (const item of itemsToUpload) { for (const item of itemsToUpload) {
this.updateItemCardStatus(item.index, 'uploading') this.updateItemCardStatus(item.index, 'uploading')
const result = await this.uploadItem(item) const result = await this.uploadItem(item)
if (result) itemsUploaded++
else itemsFailed++
this.updateItemCardStatus(item.index, result ? 'success' : 'failed') this.updateItemCardStatus(item.index, result ? 'success' : 'failed')
} }
this.processing = false this.processing = false

22
server/controllers/MiscController.js
View File

@ -37,25 +37,31 @@ class MiscController {
Logger.warn(`User "${req.user.username}" attempted to upload without permission`) Logger.warn(`User "${req.user.username}" attempted to upload without permission`)
return res.sendStatus(403) return res.sendStatus(403)
} }
if (!req.files) { if (!req.files || !Object.values(req.files).length) {
Logger.error('Invalid request, no files') Logger.error('Invalid request, no files')
return res.sendStatus(400) return res.sendStatus(400)
} }
const files = Object.values(req.files) const files = Object.values(req.files)
const { title, author, series, folder: folderId, library: libraryId } = req.body let { title, author, series, folder: folderId, library: libraryId } = req.body
// Validate request body
if (!libraryId || !folderId || typeof libraryId !== 'string' || typeof folderId !== 'string' || !title || typeof title !== 'string') {
return res.status(400).send('Invalid request body')
}
if (!series || typeof series !== 'string') {
series = null
}
if (!author || typeof author !== 'string') {
author = null
}
const library = await Database.libraryModel.findByIdWithFolders(libraryId) const library = await Database.libraryModel.findByIdWithFolders(libraryId)
if (!library) { if (!library) {
return res.status(404).send(`Library not found with id ${libraryId}`) return res.status(404).send('Library not found')
} }
const folder = library.libraryFolders.find((fold) => fold.id === folderId) const folder = library.libraryFolders.find((fold) => fold.id === folderId)
if (!folder) { if (!folder) {
return res.status(404).send(`Folder not found with id ${folderId} in library ${library.name}`) return res.status(404).send('Folder not found')
}
if (!files.length || !title) {
return res.status(500).send(`Invalid post data`)
} }
// Podcasts should only be one folder deep // Podcasts should only be one folder deep