From bcf2e64b19629f14ed69f84e304d873360f2cecd Mon Sep 17 00:00:00 2001
From: OxSaitama <arnaud.daubernatali@smart-chain.fr>
Date: Fri, 6 Oct 2023 13:32:43 +0200
Subject: [PATCH] add mimetype check on file middleware

---
 src/app/api/customer/FilesController.ts            | 4 ----
 src/app/middlewares/CustomerHandler/FileHandler.ts | 5 +++++
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/app/api/customer/FilesController.ts b/src/app/api/customer/FilesController.ts
index 67fea6e2..925b30c7 100644
--- a/src/app/api/customer/FilesController.ts
+++ b/src/app/api/customer/FilesController.ts
@@ -88,10 +88,6 @@ export default class FilesController extends ApiController {
 		try {
 			//get file
 			if (!req.file) throw new Error("No file provided");
-			if (req.file.mimetype !== "application/pdf" && req.file.mimetype !== "image/png" && req.file.mimetype !== "image/jpeg") {
-				this.httpBadRequest(response, "File type not supported");
-				return;
-			}
 
 			//init File resource with request body values
 			const fileEntity = File.hydrate<File>(JSON.parse(req.body["q"]));
diff --git a/src/app/middlewares/CustomerHandler/FileHandler.ts b/src/app/middlewares/CustomerHandler/FileHandler.ts
index 0c9d82a1..42a85c11 100644
--- a/src/app/middlewares/CustomerHandler/FileHandler.ts
+++ b/src/app/middlewares/CustomerHandler/FileHandler.ts
@@ -9,6 +9,11 @@ export default async function fileHandler(req: Request, response: Response, next
 	const uid = req.path && req.path.split("/")[5];
 	const document = req.body.document;
 
+	if (req.file?.mimetype !== "application/pdf" && req.file?.mimetype !== "image/png" && req.file?.mimetype !== "image/jpeg") {
+		response.status(HttpCodes.BAD_REQUEST).send("File type not supported");
+		return;
+	}
+
 	if (uid) {
 		const fileService = Container.get(FilesService);
 		const file = await fileService.getByUidWithDocument(uid);