fix(pets): adds file ext validation on the server side

2024-12-10 17:48:29 -03:00
parent 24c01ff2bb
commit 4c5cdfb13d
2 changed files with 14 additions and 4 deletions
--- a/app/services/pet_service.py
+++ b/app/services/pet_service.py
@@ -14,6 +14,7 @@ from app.utils.errors.pets.pet_register_errors import PetRegisterError
 from app.utils.flash_message import FlashMessage
 from app.utils.helpers import pet_sex_id_to_str
 from app.utils.validators.pet_validators import PetValidators
+from app.utils.validators.validators import Validators
 class PetService:
    
    @staticmethod
@@ -54,14 +55,18 @@ class PetService:
        
        img = request.files['img']
        img_url = None
-        if(request.files['img']):
+        if(img):
            try:
+                if not Validators.allowed_file_img(img.filename):
+                    raise(PetRegisterError("Invalid image format")) 
                cloudinary.config(cloud_name = os.environ.get('CLOUD_NAME'), api_key=os.getenv('API_KEY'), 
                    api_secret=os.getenv('API_SECRET'))
                upload_result = cloudinary.uploader.upload(img)
                img_url = upload_result['secure_url']
+            except PetRegisterError as e:
+                flash(FlashMessage(e.message, AlertType.DANGER.value ))
            except:
-                print("err!")
+                print("error")

        try:
            name =  PetValidators.is_valid_name(request.form.get('name'))
--- a/app/utils/validators/validators.py
+++ b/app/utils/validators/validators.py
@@ -1,6 +1,5 @@
 import re
 from typing import Optional
-
 class Validators:

    @staticmethod
@@ -18,3 +17,9 @@ class Validators:
            return True
        except:
            return False
+        
+    @staticmethod
+    def allowed_file_img(filename):
+        ALLOWED_EXTENSIONS = {'png', 'jpg', 'jpeg', 'webp'}
+        return '.' in filename and \
+            filename.rsplit('.', 1)[1].lower() in ALLOWED_EXTENSIONS