Releases: api-tsukasa/PhotoVoyage
Security Patch #2
Second Security Patch
We are pleased to inform you about the recent security patch implemented on our platform. In this patch, we have made significant improvements to ensure the integrity and efficiency of our service. One of the most notable changes has been the implementation of a file format filter when uploading images.
Previously, there was an issue where any type of file could be uploaded to our platform, causing saturation of our database with unwanted images. This situation not only compromised the quality of our service but also caused inconvenience in storing a large amount of unnecessary content.
To address this issue, we have developed a filter that now only allows the upload of image and GIF formats. This means that any file that does not meet these criteria will be automatically rejected when attempting to upload it to our platform. This measure not only improves the overall quality of the images hosted on our system but also contributes to a smoother and safer user experience.
We appreciate your understanding and cooperation as we continuously work to improve our platform and ensure the best possible experience for all our users. If you have any further questions or concerns about this security patch or any other aspect of our service, please do not hesitate to contact our support team.
Thank you for your attention and ongoing support!
Sincerely,
[PhotoVoyage Team]
Add - FileFilter.js
Setting up the Express application:
const fileFilter = (req, file, cb) => {
if (file.mimetype.startsWith('image/') || file.mimetype === 'image/gif') {
cb(null, true);
} else {
req.fileValidationError = 'Only images and GIFs are allowed to be uploaded';
cb(null, false);
}
};
module.exports = fileFilter;
This code defines a middleware function named fileFilter which is used to filter uploaded files in a Node.js application using Express framework.
const fileFilter = (req, file, cb) => { ... }: Defines a function named fileFilter which accepts three parameters: req (the request object), file (the uploaded file), and cb (a callback function).
if (file.mimetype.startsWith('image/') || file.mimetype === 'image/gif') { ... }: This if block checks whether the MIME type of the uploaded file starts with 'image/' or it's 'image/gif'. The file.mimetype property provides the MIME type of the uploaded file. If the file is an image or a GIF, it calls the cb callback with null as the first argument and true as the second argument.
cb(null, true);: This is the callback that is called if the file meets the filtering criteria. null indicates that there is no error and true indicates that the file is accepted.
cb(null, false);: It calls the callback with null as the first argument (indicating no errors) and false as the second argument (indicating that the file does not meet the filtering criteria and thus should not be accepted).
module.exports = fileFilter;: Exports the fileFilter function so that it can be used in other files of the application.
In summary, this code defines a middleware function that checks if the uploaded file is an image or a GIF. If it is, it allows the request to proceed; otherwise, it sets an error message on the request and rejects the file.
pre-release generator by the official PhotoVoyage bot
Add - cookieHandler.js
Setting up the Express application:
const express = require('express');
const { configureCookieParser, setLoggedInUserCookie } = require('./cookieHandler'); // Assuming the module is in the cookieHandler.js file
const app = express();
// Configure the cookie-parser middleware
configureCookieParser(app);
// Route to set the authenticated user cookie
app.get('/login', (req, res) => {
// Simulating a successful login
const username = 'exampleUser';
const expires = new Date(Date.now() + 3600000); // Cookie expires in 1 hour (3600000 ms)
setLoggedInUserCookie(res, username, expires);
res.send('Authenticated user cookie set successfully.');
});
app.listen(3000, () => {
console.log('Server listening on port 3000...');
});
Example request to set the authenticated user cookie:
- Suppose you access http://localhost:3000/login in your browser.
- This route will simulate a successful login and set a cookie in your browser named 'loggedInUser' with the value 'exampleUser'.
This is a basic example, and you'll need to adjust it according to your application's needs and structure. Additionally, you'll need to have Express and the cookie-parser module installed and configured in your project for this to work correctly.
pre-release generator by the official PhotoVoyage bot
Security Patch #1
First Security Patch
I'd like to inform you about an important security patch that we've implemented in our system. Recently, we discovered a vulnerability in the admin-users.ejs and user-details.ejs pages that allowed users to access these pages without having administrator privileges or being properly authenticated in the system. I understand that this may raise concerns about the security of our data and the integrity of our platform, so I wanted to provide you with a detailed explanation of the implications of this vulnerability.
The user-details.ejs page, in particular, stores sensitive information about user accounts, including the ability to delete accounts. The ability to access this page without authorization could have led to the improper exposure of confidential data and, at worst, unauthorized deletion of user accounts. As guardians of our users' security and privacy, we take this threat very seriously and have acted promptly to remedy it.
Our development team has worked diligently to implement a patch that closes this security gap and ensures that only authorized users, specifically properly authenticated administrators, can access these pages and perform sensitive actions. This patch has been thoroughly tested to ensure its effectiveness and has been immediately deployed on our platform.
I want to take this opportunity to reiterate our commitment to the security and protection of our users' data. We are constantly monitoring and improving our systems to ensure that they are at the forefront of best cybersecurity practices. We appreciate your understanding and ongoing support as we work to maintain a safe and reliable online environment for everyone.
If you have any further questions or concerns about this issue or any other aspect of our platform, please don't hesitate to reach out to our support team. We are here to help and are committed to providing clear answers and effective solutions to any issues that may arise.
Thank you for your attention and your trust in us.
Sincerely,
[PhotoVoyage Team]