Remove tmp file on image processing error

[oweals/peertube.git] / server / helpers / requests.ts

diff --git a/server/helpers/requests.ts b/server/helpers/requests.ts
index 3fc776f1a53299ceb2630313938d8c4757b24b33..8dda6c039c4705e032340f7d0cab88e1cb6f0329 100644 (file)
--- a/server/helpers/requests.ts
+++ b/server/helpers/requests.ts
@@ -1,13 +1,16 @@
 import * as Bluebird from 'bluebird'
-import { createWriteStream } from 'fs-extra'
+import { createWriteStream, remove } from 'fs-extra'
 import * as request from 'request'
-import { ACTIVITY_PUB, CONFIG } from '../initializers'
+import { ACTIVITY_PUB } from '../initializers/constants'
 import { processImage } from './image-utils'
 import { join } from 'path'
+import { logger } from './logger'
+import { CONFIG } from '../initializers/config'
 
 function doRequest <T> (
-  requestOptions: request.CoreOptions & request.UriOptions & { activityPub?: boolean }
-): Bluebird<{ response: request.RequestResponse, body: any }> {
+  requestOptions: request.CoreOptions & request.UriOptions & { activityPub?: boolean },
+  bodyKBLimit = 1000 // 1MB
+): Bluebird<{ response: request.RequestResponse, body: T }> {
   if (requestOptions.activityPub === true) {
     if (!Array.isArray(requestOptions.headers)) requestOptions.headers = {}
     requestOptions.headers['accept'] = ACTIVITY_PUB.ACCEPT_HEADER
@@ -15,16 +18,29 @@ function doRequest <T> (
 
   return new Bluebird<{ response: request.RequestResponse, body: T }>((res, rej) => {
     request(requestOptions, (err, response, body) => err ? rej(err) : res({ response, body }))
+      .on('data', onRequestDataLengthCheck(bodyKBLimit))
   })
 }
 
-function doRequestAndSaveToFile (requestOptions: request.CoreOptions & request.UriOptions, destPath: string) {
+function doRequestAndSaveToFile (
+  requestOptions: request.CoreOptions & request.UriOptions,
+  destPath: string,
+  bodyKBLimit = 10000 // 10MB
+) {
   return new Bluebird<void>((res, rej) => {
     const file = createWriteStream(destPath)
     file.on('finish', () => res())
 
     request(requestOptions)
-      .on('error', err => rej(err))
+      .on('data', onRequestDataLengthCheck(bodyKBLimit))
+      .on('error', err => {
+        file.close()
+
+        remove(destPath)
+          .catch(err => logger.error('Cannot remove %s after request failure.', destPath, { err }))
+
+        return rej(err)
+      })
       .pipe(file)
   })
 }
@@ -34,7 +50,14 @@ async function downloadImage (url: string, destDir: string, destName: string, si
   await doRequestAndSaveToFile({ method: 'GET', uri: url }, tmpPath)
 
   const destPath = join(destDir, destName)
-  await processImage({ path: tmpPath }, destPath, size)
+
+  try {
+    await processImage({ path: tmpPath }, destPath, size)
+  } catch (err) {
+    await remove(tmpPath)
+
+    throw err
+  }
 }
 
 // ---------------------------------------------------------------------------
@@ -44,3 +67,21 @@ export {
   doRequestAndSaveToFile,
   downloadImage
 }
+
+// ---------------------------------------------------------------------------
+
+// Thanks to https://github.com/request/request/issues/2470#issuecomment-268929907 <3
+function onRequestDataLengthCheck (bodyKBLimit: number) {
+  let bufferLength = 0
+  const bytesLimit = bodyKBLimit * 1000
+
+  return function (chunk) {
+    bufferLength += chunk.length
+    if (bufferLength > bytesLimit) {
+      this.abort()
+
+      const error = new Error(`Response was too large - aborted after ${bytesLimit} bytes.`)
+      this.emit('error', error)
+    }
+  }
+}