9 月之前 · 41d8aa63f7
--- a/apps/app/src/server/routes/apiv3/configurable-mime-types.ts
+++ b/apps/app/src/server/routes/apiv3/configurable-mime-types.ts
@@ -0,0 +1,15 @@
 
				+export const CONFIGURABLE_MIME_TYPES_FOR_DISPOSITION = [
			
 
				+  'image/png',
			
 
				+  'image/jpeg',
			
 
				+  'image/gif',
			
 
				+  'image/webp',
			
 
				+  'image/bmp',
			
 
				+  'image/x-icon',
			
 
				+  'application/pdf',
			
 
				+  'video/mp4',
			
 
				+  'audio/mpeg',
			
 
				+  'text/plain',
			
 
				+  'text/html', // Likely default to false
			
 
				+  'application/javascript', // Likely default to false
			
 
				+  'image/svg+xml', // Likely default to false
			
 
				+];
			
--- a/apps/app/src/server/routes/apiv3/content-disposition-settings.js
+++ b/apps/app/src/server/routes/apiv3/content-disposition-settings.js
@@ -7,13 +7,14 @@ import loggerFactory from '~/utils/logger';
 
				 import { generateAddActivityMiddleware } from '../../middlewares/add-activity';
			
 
				 import { apiV3FormValidator } from '../../middlewares/apiv3-form-validator';
			
 
				 
			
 
				+import { CONFIGURABLE_MIME_TYPES_FOR_DISPOSITION } from './configurable-mime-types';
			
 
				 
			
 
				+// set config definitions
			
 
				+// change to content disposition settings
			
 
				 const logger = loggerFactory('growi:routes:apiv3:markdown-setting');
			
 
				-
			
 
				 const express = require('express');
			
 
				 
			
 
				 const router = express.Router();
			
 
				-
			
 
				 const { body } = require('express-validator');
			
 
				 
			
 
				 
			
@@ -24,23 +25,70 @@ module.exports = (crowi) => {
 
				   const activityEvent = crowi.event('activity');
			
 
				 
			
 
				 
			
 
				-  router.get('/', loginRequiredStrictly, adminRequired, async(req, res) => {
			
 
				-    const contentDispositionSettings = {
			
 
				-      // change to mime types
			
 
				-      isEnabledLinebreaks: await crowi.configManager.getConfig('markdown:isEnabledLinebreaks'),
			
 
				-      isEnabledLinebreaksInComments: await crowi.configManager.getConfig('markdown:isEnabledLinebreaksInComments'),
			
 
				-      adminPreferredIndentSize: await crowi.configManager.getConfig('markdown:adminPreferredIndentSize'),
			
 
				-      isIndentSizeForced: await crowi.configManager.getConfig('markdown:isIndentSizeForced'),
			
 
				-      isEnabledXss: await crowi.configManager.getConfig('markdown:rehypeSanitize:isEnabledPrevention'),
			
 
				-      xssOption: await crowi.configManager.getConfig('markdown:rehypeSanitize:option'),
			
 
				-      tagWhitelist: await crowi.configManager.getConfig('markdown:rehypeSanitize:tagNames'),
			
 
				-      attrWhitelist: await crowi.configManager.getConfig('markdown:rehypeSanitize:attributes'),
			
 
				-    };
			
 
				+  router.get('/content-disposition', loginRequiredStrictly, adminRequired, async(req, res) => {
			
 
				+    const promises = CONFIGURABLE_MIME_TYPES_FOR_DISPOSITION.map(async(mimeType) => {
			
 
				+      const configKey = `attachments:contentDisposition:${mimeType}:inline`;
			
 
				+      try {
			
 
				+        const value = await crowi.configManager.getConfig(configKey);
			
 
				+        return { mimeType, value };
			
 
				+      }
			
 
				+
			
 
				+      catch (err) {
			
 
				+        logger.warn(`Could not retrieve config for ${configKey}: ${err.message}`);
			
 
				+        return { mimeType, value: false };
			
 
				+      }
			
 
				+    });
			
 
				+
			
 
				+    const results = await Promise.all(promises);
			
 
				+
			
 
				+    const contentDispositionSettings = {};
			
 
				+    for (const result of results) {
			
 
				+      contentDispositionSettings[result.mimeType] = result.value;
			
 
				+    }
			
 
				 
			
 
				     return res.apiv3({ contentDispositionSettings });
			
 
				   });
			
 
				 
			
 
				-  // add functions for adding and removing allowed mime types
			
 
				+  // sets any specified mime type
			
 
				+  // needs body { isInline: boolean }
			
 
				+  router.put('/content-disposition/:mimeType',
			
 
				+    loginRequiredStrictly,
			
 
				+    adminRequired,
			
 
				+    addActivity,
			
 
				+    // validator.updateContentDisposition, // Validate path and body
			
 
				+    apiV3FormValidator,
			
 
				+    async(req, res) => {
			
 
				+      const { mimeType } = req.params; // Get mimeType from URL path
			
 
				+      const { isInline } = req.body; // Get isInline from request body
			
 
				+
			
 
				+      const configKey = `attachments:contentDisposition:${mimeType}:inline`;
			
 
				+
			
 
				+      try {
			
 
				+        // Update the configuration in the database
			
 
				+        await configManager.updateConfigs({ [configKey]: isInline });
			
 
				+
			
 
				+        // Retrieve the updated value to send back in the response (best practice)
			
 
				+        const updatedIsInline = await crowi.configManager.getConfig(configKey);
			
 
				+
			
 
				+        // Emit activity event for auditing
			
 
				+        const parameters = {
			
 
				+          action: SupportedAction.ACTION_ADMIN_ATTACHMENT_DISPOSITION_UPDATE, // need to define this SupportedAction
			
 
				+          mimeType,
			
 
				+          isInline: updatedIsInline,
			
 
				+        };
			
 
				+        activityEvent.emit('update', res.locals.activity._id, parameters);
			
 
				+
			
 
				+        // Return success response
			
 
				+        return res.apiv3({ mimeType, isInline: updatedIsInline });
			
 
				+      }
			
 
				+      // Moved catch to new line for brace-style
			
 
				+      catch (err) {
			
 
				+        const msg = `Error occurred in updating content disposition for MIME type: ${mimeType}`;
			
 
				+        logger.error(msg, err);
			
 
				+        return res.apiv3Err(new ErrorV3(msg, 'update-content-disposition-failed'));
			
 
				+      }
			
 
				+    });
			
 
				+
			
 
				   // add function for setting predetermined allowed mime types in lists
			
 
				   // Recommended, Strict, Moderately strict, Lax, etc