Implement mime type validation for attachments and enhance error hand… (#316)

…ling

---------

Co-authored-by: Marten Schiwek <marten.schiwek@sap.com>
Co-authored-by: Simon Engel <simon.engel01@sap.com>

Author: 3 people

CHANGELOG.md

@@ -4,6 +4,27 @@ All notable changes to this project will be documented in this file.
 This project adheres to [Semantic Versioning](http://semver.org/).
 The format is based on [Keep a Changelog](http://keepachangelog.com/).
 
+## Version 3.4.0
+
+### Added
+
+- Introduced support for the `@Core.AcceptableMediaTypes` annotation, allowing specification of permitted MIME types for attachment uploads:
+    ```cds
+    annotate my.Books.attachments with {
+        content @Core.AcceptableMediaTypes: ['image/jpeg'];
+    }
+    ```
+- Added support for the `@Validation.Maximum` annotation to define the maximum allowed file size for attachments:
+    ```cds
+    annotate my.Books.attachments with {
+        content @Validation.Maximum: '2MB';
+    }
+    ```
+
+### Fixed
+
+- Removed the previous hard limit of `400 MB` for file uploads. Files exceeding this size may still fail during malware scanning and will be marked with a `Failed` status.
+- Resolved issues with generic handler registration, enabling services to intercept the attachments plugin using middleware.
 
 ## Version 3.3.0
 

README.md

@@ -262,6 +262,39 @@ annotate Incidents.attachments with {
 
 The default is 400MB
 
+### Restrict allowed MIME types
+
+You can restrict which MIME types are allowed for attachments by annotating the content property with `@Core.AcceptableMediaTypes`. This validation is performed during file upload.
+
+```cds
+entity Incidents {
+  ...
+  attachments: Composition of many Attachments;
+}
+
+annotate Incidents.attachments with {
+  content @Core.AcceptableMediaTypes : ['image/jpeg', 'image/png', 'application/pdf'];
+}
+```
+
+Wildcard patterns are supported:
+
+```cds
+annotate Incidents.attachments with {
+  content @Core.AcceptableMediaTypes : ['image/*', 'application/pdf'];
+}
+```
+
+To allow all MIME types (default behavior), either omit the annotation or use:
+
+```cds
+annotate Incidents.attachments with {
+  content @Core.AcceptableMediaTypes : ['*/*'];
+}
+```
+
+When a file with a disallowed MIME type is uploaded, the request will be rejected with a `400` error.
+
 ## Releases
 
 - The plugin is released to [NPM Registry](https://www.npmjs.com/package/@cap-js/attachments).

_i18n/messages.properties

@@ -1,3 +1,4 @@
 UnableToDownloadAttachmentScanStatusNotClean=Unable to download the attachment as scan status is not clean.
 AttachmentSizeExceeded=File size limit exceeded beyond {0}.
 MultiUpdateNotSupported=Multi update is not supported.
+AttachmentMimeTypeDisallowed=The attachment file type '{mimeType}' is not allowed.

db/data/sap.attachments-ScanStates.csv

@@ -3,4 +3,4 @@ Unscanned;Unscanned;The file is not yet scanned for malware.;2
 Scanning;Scanning;The file is currently being scanned for malware.;2
 Infected;Infected;The file contains malware! Do not download!;1
 Clean;Clean;The file does not contain any malware.;3
-Failed;Failed;The file could not be scanned for malware.;1
+Failed;Failed;The file could not be scanned for malware.;1

db/data/sap.attachments-ScanStates_texts.csv

@@ -3,4 +3,4 @@ en;Unscanned;Unscanned;The file is not yet scanned for malware.
 en;Scanning;Scanning;The file is currently being scanned for malware.
 en;Infected;Infected;The file contains malware! Do not download!
 en;Clean;Clean;The file does not contain any malware.
-en;Failed;Failed;The file could not be scanned for malware.
+en;Failed;Failed;The file could not be scanned for malware.

lib/generic-handlers.js

@@ -1,7 +1,7 @@
 const cds = require('@sap/cds')
 const LOG = cds.log('attachments')
 const { extname } = require("path")
-const { MAX_FILE_SIZE, sizeInBytes } = require('./helper')
+const { MAX_FILE_SIZE, sizeInBytes, checkMimeTypeMatch } = require('./helper')
 
 const isMultitenacyEnabled = !!cds.env.requires.multitenancy
 const objectStoreKind = cds.env.requires?.attachments?.objectStore?.kind
@@ -20,6 +20,7 @@ function onPrepareAttachment(req) {
 
   let ext = req.data.filename ? extname(req.data.filename).toLowerCase().slice(1) : null
   req.data.mimeType = Ext2MimeTypes[ext]
+
   if (!req.data.mimeType) {
     LOG.warn(`An attachment ${req.data.ID} is uploaded whose extension "${ext}" is not known! Falling back to "application/octet-stream"`)
     req.data.mimeType = "application/octet-stream"
@@ -73,7 +74,7 @@ async function readAttachment([attachment], req) {
  * Checks the attachments size against the maximum defined by the annotation `@Validation.Maximum`. Default 400mb.
  * If the limit is reached by the reported size of the content-length header or if the stream length exceeds 
  * the limits the error is thrown.
- * @param {import('@sap/cds').Request} req 
+ * @param {import('@sap/cds').Request} req - The request object
  * @throws AttachmentSizeExceeded 
  */
 function validateAttachmentSize(req) {
@@ -87,16 +88,30 @@ function validateAttachmentSize(req) {
   }
 }
 
+/**
+ * Validates the attachment mime type against acceptable media types
+ * @param {import('@sap/cds').Request} req - The request object
+ */
+function validateAttachmentMimeType(req) {
+  if (!req.target?._attachments.isAttachmentsEntity || !req.data.content) return;
+
+  const mimeType = req.data.mimeType
 
+  const acceptableMediaTypes = req.target.elements.content['@Core.AcceptableMediaTypes'] || '*/*'
+  if (!checkMimeTypeMatch(acceptableMediaTypes, mimeType)) {
+    return req.reject(400, "AttachmentMimeTypeDisallowed", { mimeType: mimeType })
+  }
+}
 
 module.exports = {
   validateAttachmentSize,
   onPrepareAttachment,
   readAttachment,
-  validateAttachment
+  validateAttachment,
+  validateAttachmentMimeType
 }
 
-// Supported mime types
+// Mapping table from file extensions to mime types
 const Ext2MimeTypes = {
   aac: "audio/aac",
   abw: "application/x-abiword",

lib/helper.js

@@ -100,7 +100,7 @@ async function fetchObjectStoreBinding(tenantID, token) {
 
 /**
  * Retrieves object store credentials for a given tenant
- * @param {*} tenantID - Tenant ID
+ * @param {string} tenantID - Tenant ID
  * @returns {Promise<Object|null>} - Promise resolving to object store credentials or null
  */
 async function getObjectStoreCredentials(tenantID) {
@@ -295,6 +295,38 @@ async function fetchTokenWithMTLS(certURL, clientid, certificate, key) {
   }
 }
 
+/**
+ * Checks if the given mimeType matches any of the allowedTypes patterns
+ * @param {Array<string>} allowedTypes - Array of allowed mime types (can include wildcards)
+ * @param {string} mimeType - Mime type to check
+ * @returns {boolean} - True if mimeType matches any allowedTypes, false otherwise
+ */
+function checkMimeTypeMatch(allowedTypes, mimeType) {
+  if (!allowedTypes || allowedTypes.length === 0) {
+    return true
+  }
+
+  if (typeof allowedTypes === 'string') {
+    allowedTypes = [allowedTypes]
+  }
+
+  if (allowedTypes.includes('*/*')) {
+    return true
+  }
+
+  // Remove any parameters (e.g., "; charset=utf-8", "; boundary=...")
+  const baseMimeType = mimeType.split(';')[0].trim()
+
+  return allowedTypes.some(allowedType => {
+    if (allowedType.endsWith('/*')) {
+      const prefix = allowedType.slice(0, -2)
+      return baseMimeType.startsWith(prefix + '/')
+    } else {
+      return baseMimeType === allowedType
+    }
+  })
+}
+
 async function computeHash(input) {
   const hash = crypto.createHash('sha256')
 
@@ -359,5 +391,6 @@ module.exports = {
   sizeInBytes,
   fetchObjectStoreBinding,
   validateServiceManagerCredentials,
+  checkMimeTypeMatch,
   MAX_FILE_SIZE
-}
+}

lib/mtx/server.js

@@ -144,9 +144,9 @@ const _getOfferingID = async (sm_url, token) => {
 
 /**
  * Registers attachment handlers for the given service and entity
- * @param {*} sm_url - Service Manager URL
- * @param {*} token - OAuth token
- * @param {*} offeringID - Service Offering ID
+ * @param {string} sm_url - Service Manager URL
+ * @param {string} token - OAuth token
+ * @param {string} offeringID - Service Offering ID
  * @returns 
  */
 const _getPlanID = async (sm_url, token, offeringID) => {
@@ -183,10 +183,10 @@ const _getPlanID = async (sm_url, token, offeringID) => {
 
 /**
  * Creates an object store instance for the given tenant
- * @param {*} sm_url - Service Manager URL
- * @param {*} tenant - Tenant ID
- * @param {*} planID - Service Plan ID
- * @param {*} token  - OAuth token
+ * @param {string} sm_url - Service Manager URL
+ * @param {string} tenant - Tenant ID
+ * @param {string} planID - Service Plan ID
+ * @param {string} token  - OAuth token
  * @returns 
  */
 const _createObjectStoreInstance = async (sm_url, tenant, planID, token) => {
@@ -215,9 +215,9 @@ const _createObjectStoreInstance = async (sm_url, tenant, planID, token) => {
 
 /**
  * Polls the service manager until the instance is in a terminal state
- * @param {*} sm_url - Service Manager URL
- * @param {*} instancePath - Path to the service instance
- * @param {*} token - OAuth token
+ * @param {string} sm_url - Service Manager URL
+ * @param {string} instancePath - Path to the service instance
+ * @param {string} token - OAuth token
  * @returns 
  */
 const _pollUntilDone = async (sm_url, instancePath, token) => {
@@ -255,10 +255,10 @@ const _pollUntilDone = async (sm_url, instancePath, token) => {
 
 /**
  * Registers attachment handlers for the given service and entity
- * @param {*} sm_url - Service Manager URL
- * @param {*} tenant - Tenant ID
- * @param {*} instanceID - Service Instance ID
- * @param {*} token - OAuth token
+ * @param {string} sm_url - Service Manager URL
+ * @param {string} tenant - Tenant ID
+ * @param {string} instanceID - Service Instance ID
+ * @param {string} token - OAuth token
  * @returns 
  */
 const _bindObjectStoreInstance = async (sm_url, tenant, instanceID, token) => {

lib/plugin.js

@@ -1,5 +1,5 @@
 const cds = require("@sap/cds")
-const { validateAttachment, readAttachment, validateAttachmentSize, onPrepareAttachment } = require("./generic-handlers")
+const { validateAttachment, readAttachment, validateAttachmentSize, onPrepareAttachment, validateAttachmentMimeType } = require("./generic-handlers")
 require("./csn-runtime-extension")
 const LOG = cds.log('attachments')
 
@@ -50,6 +50,7 @@ cds.ApplicationService.handle_attachments = cds.service.impl(async function () {
   this.before("READ", validateAttachment)
   this.after("READ", readAttachment)
   this.before("PUT", validateAttachmentSize)
+  this.before("PUT", validateAttachmentMimeType)
   this.before("NEW", onPrepareAttachment)
   this.before("CREATE", (req) => {
     return onPrepareAttachment(req)
@@ -119,8 +120,6 @@ cds.ApplicationService.handle_attachments = cds.service.impl(async function () {
     )
   )
 
-
-
   const AttachmentsSrv = await cds.connect.to("attachments")
   AttachmentsSrv.registerHandlers(this)
-})
+})

package.json

@@ -1,7 +1,7 @@
 {
   "name": "@cap-js/attachments",
   "description": "CAP cds-plugin providing image and attachment storing out-of-the-box.",
-  "version": "3.3.0",
+  "version": "3.4.0",
   "repository": "cap-js/attachments",
   "author": "SAP SE (https://www.sap.com)",
   "homepage": "https://cap.cloud.sap/",
@@ -122,4 +122,4 @@
   "workspaces": [
     "tests/incidents-app/"
   ]
-}
+}