Update Apache SSL configuration and enhance security features across multiple files. Changed X-Frame-Options to SAMEORIGIN for better security, added optional Content Security Policy headers for testing, and improved password handling with HaveIBeenPwned checks during user registration and password reset. Implemented passkey login functionality in the authentication flow, including UI updates for user experience. Enhanced image upload processing with size limits and validation, and added rate limiting for various API endpoints to prevent abuse.
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 51s
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 51s
This commit is contained in:
Torsten Schulz (local)
@@ -4,6 +4,7 @@ import path from 'path'
|
||||
import sharp from 'sharp'
|
||||
import { getUserFromToken, verifyToken, hasAnyRole } from '../../utils/auth.js'
|
||||
import { randomUUID } from 'crypto'
|
||||
import { clamp } from '../../utils/upload-validation.js'
|
||||
|
||||
// Handle both dev and production paths
|
||||
// nosemgrep: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal
|
||||
@@ -125,9 +126,33 @@ export default defineEventHandler(async (event) => {
|
||||
const newPath = path.join(PERSONEN_DIR, sanitizedFilename)
|
||||
|
||||
// Bild verarbeiten: EXIF-Orientierung korrigieren
|
||||
await sharp(originalPath)
|
||||
.rotate()
|
||||
.toFile(newPath)
|
||||
const maxPixels = Number(process.env.IMAGE_MAX_PIXELS || 20_000_000) // 20MP
|
||||
const maxDim = Number(process.env.IMAGE_MAX_DIM || 2500) // px
|
||||
|
||||
const meta = await sharp(originalPath).metadata()
|
||||
const w = meta.width || 0
|
||||
const h = meta.height || 0
|
||||
|
||||
let pipeline = sharp(originalPath).rotate()
|
||||
|
||||
if (w > 0 && h > 0) {
|
||||
const pixels = w * h
|
||||
// Falls extrem groß: auf maxPixels runter skalieren
|
||||
if (pixels > maxPixels) {
|
||||
const scale = Math.sqrt(maxPixels / pixels)
|
||||
const nw = clamp(Math.floor(w * scale), 1, maxDim)
|
||||
const nh = clamp(Math.floor(h * scale), 1, maxDim)
|
||||
pipeline = pipeline.resize(nw, nh, { fit: 'inside', withoutEnlargement: true })
|
||||
} else if (w > maxDim || h > maxDim) {
|
||||
pipeline = pipeline.resize(maxDim, maxDim, { fit: 'inside', withoutEnlargement: true })
|
||||
}
|
||||
} else {
|
||||
// Unbekannte Dimensionen: dennoch hartes Größenlimit
|
||||
pipeline = pipeline.resize(maxDim, maxDim, { fit: 'inside', withoutEnlargement: true })
|
||||
}
|
||||
|
||||
// toFile re-encodiert => EXIF/Metadata wird entfernt (sofern nicht withMetadata() genutzt wird)
|
||||
await pipeline.toFile(newPath)
|
||||
|
||||
// Temporäre Datei löschen
|
||||
await fs.unlink(originalPath).catch(() => {
|
||||
|
||||
Reference in New Issue
Block a user