Merge pull request #46 from rrudakov/hotfix/fix-upload-api-invalid-filenames

Roman Rudakov · web-flow · commit a49674fcdd52 · 2021-02-22T14:53:59.000+01:00
Accept invalid filenames for upload endpoint
diff --git a/src/education/http/endpoints/upload.clj b/src/education/http/endpoints/upload.clj
@@ -27,10 +27,17 @@
   (with-open [out (output-stream (file name))]
     (.write out (file->byte-array f))))
 
+(defn- extract-file-extension
+  [filename]
+  (if (str/includes? filename ".")
+    (str "." (last (str/split filename #"\.")))
+    ""))
+
 (defn upload-file-handler
   [{:keys [filename _content-type tempfile]} config]
-  (let [name (str/join "_" [(uuid) filename])
-        path (path/join (config/storage-path config) img-prefix name)]
+  (let [extension (extract-file-extension filename)
+        name      (str/join [(uuid) extension])
+        path      (path/join (config/storage-path config) img-prefix name)]
     (write-file tempfile path)
     (ok {:url (path/join (config/base-url config) img-prefix name)})))
 
diff --git a/test-resources/2 b/test-resources/2
diff --git a/test/education/http/endpoints/upload_test.clj b/test/education/http/endpoints/upload_test.clj
@@ -16,6 +16,12 @@
   Must be real image name from `test-resources` folder."
   "1.png")
 
+(def ^:private test-image-name-without-extension
+  "Image name to be uploaded.
+
+  This image without extension to check `extract-file-extension` function."
+  "2")
+
 (deftest uuid-test
   (testing "Test `uuid` function returns unique string every time"
     (let [first-uuid  (sut/uuid)
@@ -37,14 +43,30 @@
   (testing "Test POST /upload successfully"
     (with-redefs [sut/write-file (spy/spy)
                   sut/uuid       (spy/stub test-uuid)]
-      (let [app        (test-app/api-routes-with-auth)
+      (let [file       (io/file (io/resource test-img-name))
+            app        (test-app/api-routes-with-auth)
+            response   (app (-> (mock/request :post "/api/upload")
+                                (merge (mp/build {:file file}))))
+            body       (test-app/parse-body (:body response))
+            [[f name]] (spy/calls sut/write-file)]
+        (is (= 200 (:status response)))
+        (is (= {:url (str (config/base-url td/test-config) "/img/" test-uuid ".png")} body))
+        (is (= (str (config/storage-path td/test-config) "img/" test-uuid ".png") name))
+        (is (= (slurp f) (slurp file))))))
+
+  (testing "test POST /upload successfully without file extension"
+    (with-redefs [sut/write-file (spy/spy)
+                  sut/uuid       (spy/stub test-uuid)]
+      (let [file       (io/file (io/resource test-image-name-without-extension))
+            app        (test-app/api-routes-with-auth)
             response   (app (-> (mock/request :post "/api/upload")
-                                (merge (mp/build {:file (io/file (io/resource test-img-name))}))))
+                                (merge (mp/build {:file file}))))
             body       (test-app/parse-body (:body response))
-            [[_ name]] (spy/calls sut/write-file)]
+            [[f name]] (spy/calls sut/write-file)]
         (is (= 200 (:status response)))
-        (is (= {:url (str (config/base-url td/test-config) "/img/" test-uuid "_" test-img-name)} body))
-        (is (= (str (config/storage-path td/test-config) "img/" test-uuid "_" test-img-name) name)))))
+        (is (= {:url (str (config/base-url td/test-config) "/img/" test-uuid)} body))
+        (is (= (str (config/storage-path td/test-config) "img/" test-uuid) name))
+        (is (= (slurp f) (slurp file))))))
 
   (testing "Test POST /upload with invalid request"
     (with-redefs [sut/write-file (spy/spy)]
