refactor

packages/backend/src/const.ts

@@ -4,7 +4,7 @@ export const USER_ACTIVE_THRESHOLD = 1000 * 60 * 60 * 24 * 3; // 3days
 // ブラウザで直接表示することを許可するファイルの種類のリスト
 // ここに含まれないものは application/octet-stream としてレスポンスされる
 // SVGはXSSを生むので許可しない
-export const FILE_TYPE_WHITELIST = [
+export const FILE_TYPE_BROWSERSAFE = [
 	'image/png',
 	'image/gif',
 	'image/jpeg',

packages/backend/src/server/file/send-drive-file.ts

@@ -14,7 +14,7 @@ import { detectType } from '@/misc/get-file-info';
 import { convertToJpeg, convertToPngOrJpeg } from '@/services/drive/image-processor';
 import { GenerateVideoThumbnail } from '@/services/drive/generate-video-thumbnail';
 import { StatusError } from '@/misc/fetch';
-import { FILE_TYPE_WHITELIST } from '@/const';
+import { FILE_TYPE_BROWSERSAFE } from '@/const';
 
 //const _filename = fileURLToPath(import.meta.url);
 const _filename = __filename;
@@ -83,7 +83,7 @@ export default async function(ctx: Koa.Context) {
 
 				const image = await convertFile();
 				ctx.body = image.data;
-				ctx.set('Content-Type', FILE_TYPE_WHITELIST.includes(image.type) ? image.type : 'application/octet-stream');
+				ctx.set('Content-Type', FILE_TYPE_BROWSERSAFE.includes(image.type) ? image.type : 'application/octet-stream');
 				ctx.set('Cache-Control', 'max-age=31536000, immutable');
 			} catch (e) {
 				serverLogger.error(`${e}`);
@@ -114,14 +114,14 @@ export default async function(ctx: Koa.Context) {
 		}).toString();
 
 		ctx.body = InternalStorage.read(key);
-		ctx.set('Content-Type', FILE_TYPE_WHITELIST.includes(mime) ? mime : 'application/octet-stream');
+		ctx.set('Content-Type', FILE_TYPE_BROWSERSAFE.includes(mime) ? mime : 'application/octet-stream');
 		ctx.set('Cache-Control', 'max-age=31536000, immutable');
 		ctx.set('Content-Disposition', contentDisposition('inline', filename));
 	} else {
 		const readable = InternalStorage.read(file.accessKey!);
 		readable.on('error', commonReadableHandlerGenerator(ctx));
 		ctx.body = readable;
-		ctx.set('Content-Type', FILE_TYPE_WHITELIST.includes(file.type) ? file.type : 'application/octet-stream');
+		ctx.set('Content-Type', FILE_TYPE_BROWSERSAFE.includes(file.type) ? file.type : 'application/octet-stream');
 		ctx.set('Cache-Control', 'max-age=31536000, immutable');
 		ctx.set('Content-Disposition', contentDisposition('inline', file.name));
 	}

packages/backend/src/server/proxy/proxy-media.ts

@@ -6,7 +6,7 @@ import { createTemp } from '@/misc/create-temp';
 import { downloadUrl } from '@/misc/download-url';
 import { detectType } from '@/misc/get-file-info';
 import { StatusError } from '@/misc/fetch';
-import { FILE_TYPE_WHITELIST } from '@/const';
+import { FILE_TYPE_BROWSERSAFE } from '@/const';
 
 export async function proxyMedia(ctx: Koa.Context) {
 	const url = 'url' in ctx.query ? ctx.query.url : 'https://' + ctx.params.url;
@@ -19,7 +19,7 @@ export async function proxyMedia(ctx: Koa.Context) {
 
 		const { mime, ext } = await detectType(path);
 
-		if (!FILE_TYPE_WHITELIST.includes(mime)) throw 403;
+		if (!FILE_TYPE_BROWSERSAFE.includes(mime)) throw 403;
 
 		let image: IImage;
 

packages/backend/src/services/drive/add-file.ts

@@ -20,7 +20,7 @@ import { isDuplicateKeyValueError } from '@/misc/is-duplicate-key-value-error';
 import * as S3 from 'aws-sdk/clients/s3';
 import { getS3 } from './s3';
 import * as sharp from 'sharp';
-import { FILE_TYPE_WHITELIST } from '@/const';
+import { FILE_TYPE_BROWSERSAFE } from '@/const';
 
 const logger = driveLogger.createSubLogger('register', 'yellow');
 
@@ -242,7 +242,7 @@ export async function generateAlts(path: string, type: string, generateWeb: bool
  */
 async function upload(key: string, stream: fs.ReadStream | Buffer, type: string, filename?: string) {
 	if (type === 'image/apng') type = 'image/png';
-	if (!FILE_TYPE_WHITELIST.includes(type)) type = 'application/octet-stream';
+	if (!FILE_TYPE_BROWSERSAFE.includes(type)) type = 'application/octet-stream';
 
 	const meta = await fetchMeta();