Fix for multer 1.2

fix

lib/crowi/express-init.js

@@ -4,7 +4,6 @@ module.exports = function(crowi, app) {
   var debug = require('debug')('crowi:crowi:express-init')
     , express        = require('express')
     , bodyParser     = require('body-parser')
-    , multer         = require('multer')
     , cookieParser   = require('cookie-parser')
     , methodOverride = require('method-override')
     , session        = require('express-session')
@@ -71,7 +70,6 @@ module.exports = function(crowi, app) {
   app.use(bodyParser.urlencoded({ extended: true, limit: '50mb' }));
   app.use(bodyParser.json({limit: '50mb'}));
   app.use(cookieParser());
-  app.use(multer());
   app.use(session(crowi.sessionConfig));
   app.use(flash());
 

lib/models/attachment.js

@@ -101,7 +101,7 @@ module.exports = function(crowi) {
   };
 
   attachmentSchema.statics.createAttachmentFilePath = function (pageId, fileName, fileType) {
-    var ext = '.' + fileName.match(/(.*)(?:\.([^.]+$))/)[2];
+    var ext = '.' + fileName.match(/(.*)(?:\.([^.]+$))/)[2] || '';
 
     return 'attachment/' + pageId + '/' + generateFileHash(fileName) + ext;
   };

lib/routes/attachment.js

@@ -68,7 +68,7 @@ module.exports = function(crowi, app) {
 
     debug('id and path are: ', id, path);
 
-    var tmpFile = req.files.file || null;
+    var tmpFile = req.file || null;
     debug('Uploaded tmpFile: ', tmpFile);
     if (!tmpFile) {
       return res.json(ApiResponse.error('File error.'));
@@ -95,7 +95,7 @@ module.exports = function(crowi, app) {
 
       var tmpPath = tmpFile.path,
         originalName = tmpFile.originalname,
-        fileName = tmpFile.name,
+        fileName = tmpFile.filename + tmpFile.originalname,
         fileType = tmpFile.mimetype,
         fileSize = tmpFile.size,
         filePath = Attachment.createAttachmentFilePath(id, fileName, fileType),

lib/routes/index.js

@@ -1,5 +1,7 @@
 module.exports = function(crowi, app) {
   var middleware = require('../util/middlewares')
+    , multer    = require('multer')
+    , uploads   = multer({dest: crowi.tmpDir + 'uploads'})
     , form      = require('../form')
     , page      = require('./page')(crowi, app)
     , login     = require('./login')(crowi, app)
@@ -85,7 +87,7 @@ module.exports = function(crowi, app) {
   app.get( '/_api/search'             , accessTokenParser , loginRequired(crowi, app) , search.api.search);
 
   app.get( '/_api/check_username'     , user.api.checkUsername);
-  app.post('/_api/me/picture/upload'  , loginRequired(crowi, app) , me.api.uploadPicture);
+  app.post('/_api/me/picture/upload'  , loginRequired(crowi, app) , uploads.single('userPicture'), me.api.uploadPicture);
   app.get( '/_api/user/bookmarks'     , loginRequired(crowi, app) , user.api.bookmarks);
 
   app.get( '/user/:username([^/]+)/bookmarks'      , loginRequired(crowi, app) , page.userBookmarkList);
@@ -109,7 +111,7 @@ module.exports = function(crowi, app) {
   app.post('/_api/likes.add'          , accessTokenParser , loginRequired(crowi, app) , csrf, page.api.like);
   app.post('/_api/likes.remove'       , accessTokenParser , loginRequired(crowi, app) , csrf, page.api.unlike);
   app.get( '/_api/attachments.list'   , accessTokenParser , loginRequired(crowi, app) , attachment.api.list);
-  app.post('/_api/attachments.add'    , accessTokenParser , loginRequired(crowi, app) , csrf, attachment.api.add);
+  app.post('/_api/attachments.add'    , accessTokenParser , loginRequired(crowi, app) , uploads.single('file'), csrf, attachment.api.add);
   app.post('/_api/attachments.remove' , accessTokenParser , loginRequired(crowi, app) , csrf, attachment.api.remove);
 
   app.get( '/_api/revisions.get'      , accessTokenParser , loginRequired(crowi, app) , revision.api.get);

lib/routes/me.js

@@ -20,7 +20,7 @@ module.exports = function(crowi, app) {
     //var storagePlugin = new pluginService('storage');
     //var storage = require('../service/storage').StorageService(config);
 
-    var tmpFile = req.files.userPicture || null;
+    var tmpFile = req.file || null;
     if (!tmpFile) {
       return res.json({
         'status': false,
@@ -29,7 +29,7 @@ module.exports = function(crowi, app) {
     }
 
     var tmpPath = tmpFile.path;
-    var filePath = User.createUserPictureFilePath(req.user, tmpFile.name);
+    var filePath = User.createUserPictureFilePath(req.user, tmpFile.filename + tmpFile.originalname);
     var acceptableFileType = /image\/.+/;
 
     if (!tmpFile.mimetype.match(acceptableFileType)) {

lib/util/middlewares.js

@@ -43,6 +43,7 @@ exports.csrfVerify = function(crowi, app) {
       return next();
     }
 
+    debug('csrf verification failed. return 403', csrfKey, token);
     return res.sendStatus(403);
   };
 };

tmp/uploads/.gitignore

@@ -0,0 +1 @@
+*