Check image type from file extension

Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>

Author: Yukaii

lib/imageRouter/index.js

@@ -1,11 +1,13 @@
 'use strict'
 
 const fs = require('fs')
+const path = require('path')
 const Router = require('express').Router
 const formidable = require('formidable')
 
 const readChunk = require('read-chunk')
 const imageType = require('image-type')
+const mime = require('mime-types')
 
 const config = require('../config')
 const logger = require('../logger')
@@ -14,10 +16,13 @@ const response = require('../response')
 const imageRouter = module.exports = Router()
 
 function checkImageValid (filepath) {
-  const supported = ['png', 'jpg', 'jpeg', 'bmp', 'tif', 'tiff', 'gif']
   const buffer = readChunk.sync(filepath, 0, 12)
-  const type = imageType(buffer)
-  return type && supported.some(e => e === type.ext)
+  /** @type {{ ext: string, mime: string } | null} */
+  const mimetypeFromBuf = imageType(buffer)
+  const mimeTypeFromExt = mime.lookup(path.extname(filepath))
+
+  return mimetypeFromBuf && config.allowedUploadMimeTypes.includes(mimetypeFromBuf.mime) &&
+         mimeTypeFromExt && config.allowedUploadMimeTypes.includes(mimeTypeFromExt)
 }
 
 // upload image