exceed/dc-recorder
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: harden media source resolution

Browse Source
This commit is contained in:
MythEclipse
2026-05-15 17:11:26 +07:00
parent 93134a9793
commit acb43b6dac
2 changed files with 49 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
src/media/mediaResolver.ts
View File

@@ -11,18 +11,14 @@ export async function resolveMediaSource(
throw new AppError("Media source is required", "MISSING_MEDIA_SOURCE", 400); throw new AppError("Media source is required", "MISSING_MEDIA_SOURCE", 400);
} }
if (source.startsWith("http://") || source.startsWith("https://")) { const urlSource = resolveUrlSource(source);
return { if (urlSource) return urlSource;
source,
title: titleFromUrl(source),
kind: "url",
};
}
if (existsSync(source) && statSync(source).isFile()) { const localPath = path.resolve(source);
if (existsSync(localPath) && statSync(localPath).isFile()) {
return { return {
source, source: localPath,
title: path.basename(source), title: path.basename(localPath),
kind: "local", kind: "local",
}; };
} }
@@ -34,8 +30,24 @@ export async function resolveMediaSource(
); );
} }
function titleFromUrl(source: string): string { function resolveUrlSource(source: string): ResolvedMediaSource | null {
const url = new URL(source); let url: URL;
const filename = decodeURIComponent(url.pathname.split("/").pop() || ""); try {
return filename || url.hostname; url = new URL(source);
} catch {
return null;
}
if (url.protocol !== "http:" && url.protocol !== "https:") return null;
return {
source,
title: titleFromUrl(url),
kind: "url",
};
}
function titleFromUrl(url: URL): string {
const filename = decodeURIComponent(url.pathname.split("/").pop() || "");
return path.basename(filename) || url.hostname;
} }

23
tests/media/mediaResolver.test.ts
View File

@@ -33,10 +33,33 @@ describe("resolveMediaSource", () => {
} satisfies Partial<AppError>); } satisfies Partial<AppError>);
}); });
it("sanitizes URL titles", async () => {
await expect(
resolveMediaSource("https://example.com/%2e%2e%2fsecret.mp3"),
).resolves.toMatchObject({
title: "secret.mp3",
kind: "url",
});
});
it("rejects unsupported sources", async () => { it("rejects unsupported sources", async () => {
await expect(resolveMediaSource("not a url or file")).rejects.toMatchObject({ await expect(resolveMediaSource("not a url or file")).rejects.toMatchObject({
code: "UNSUPPORTED_MEDIA_SOURCE", code: "UNSUPPORTED_MEDIA_SOURCE",
statusCode: 400, statusCode: 400,
} satisfies Partial<AppError>); } satisfies Partial<AppError>);
}); });
it("rejects non-http URL sources", async () => {
await expect(resolveMediaSource("file:///tmp/song.mp3")).rejects.toMatchObject({
code: "UNSUPPORTED_MEDIA_SOURCE",
statusCode: 400,
} satisfies Partial<AppError>);
});
it("rejects malformed http URLs as unsupported sources", async () => {
await expect(resolveMediaSource("https://[invalid")).rejects.toMatchObject({
code: "UNSUPPORTED_MEDIA_SOURCE",
statusCode: 400,
} satisfies Partial<AppError>);
});
}); });