hypercerts-org
diff --git a/‎package.json‎
Lines changed: 3 additions & 0 deletions b/‎package.json‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎pnpm-lock.yaml‎
Lines changed: 75 additions & 0 deletions b/‎pnpm-lock.yaml‎
Lines changed: 75 additions & 0 deletions
diff --git a/‎src/middleware/upload.ts‎
Lines changed: 53 additions & 0 deletions b/‎src/middleware/upload.ts‎
Lines changed: 53 additions & 0 deletions
@@ -54,6 +54,7 @@
     "cors": "^2.8.5",
     "ethers": "^6.12.2",
     "express": "^4.19.2",
+    "file-type": "^19.6.0",
     "gql.tada": "^1.2.1",
     "graphql": "^16.8.1",
     "graphql-filter": "^1.1.5",
@@ -63,6 +64,7 @@
     "kysely": "^0.27.4",
     "lodash": "^4.17.21",
     "lru-cache": "^11.0.0",
+    "mime-types": "^2.1.35",
     "multer": "1.4.5-lts.1",
     "node-cron": "^3.0.3",
     "pg": "^8.12.0",
@@ -96,6 +98,7 @@
     "@swc/cli": "^0.3.12",
     "@swc/core": "^1.4.15",
     "@types/body-parser": "^1.19.5",
+    "@types/mime-types": "^2.1.4",
     "@types/multer": "^1.4.12",
     "@types/node-cron": "^3.0.11",
     "@types/pg": "^8.11.6",
 
@@ -1,9 +1,62 @@
+import { Request } from "express";
+import { fileTypeFromBuffer } from "file-type";
+import { lookup } from "mime-types";
 import multer from "multer";
 
+// Allowed file types
+const ALLOWED_MIMES = new Set([
+  "image/jpeg",
+  "image/png",
+  "image/gif",
+  "application/pdf",
+  "text/plain",
+  "application/json",
+]);
+
+// File validation error types
+export enum FileValidationError {
+  INVALID_TYPE = "INVALID_TYPE",
+  CONTENT_MISMATCH = "CONTENT_MISMATCH",
+  SIZE_EXCEEDED = "SIZE_EXCEEDED",
+}
+
+// File validation middleware
+export const validateFile = async (
+  req: Request,
+  file: Express.Multer.File,
+): Promise<void> => {
+  // 1. Check file size
+  if (file.size > 10 * 1024 * 1024) {
+    throw new Error(FileValidationError.SIZE_EXCEEDED);
+  }
+
+  // 2. Verify mime type
+  const detectedType = await fileTypeFromBuffer(file.buffer);
+  const declaredMime = lookup(file.originalname) || file.mimetype;
+
+  if (!ALLOWED_MIMES.has(declaredMime)) {
+    throw new Error(FileValidationError.INVALID_TYPE);
+  }
+
+  // 3. Check if declared type matches actual content
+  if (detectedType && detectedType.mime !== declaredMime) {
+    throw new Error(FileValidationError.CONTENT_MISMATCH);
+  }
+};
+
+// Configure multer with validation
 export const upload = multer({
   limits: {
     fileSize: 10 * 1024 * 1024, // 10MB
     files: 5,
   },
   storage: multer.memoryStorage(),
+  fileFilter: async (req, file, cb) => {
+    try {
+      await validateFile(req, file);
+      cb(null, true);
+    } catch (error) {
+      cb(error as Error);
+    }
+  },
 });