Remove client MIME type parameter from Upload

- Fix: Always detect MIME type server-side from file content instead of
  trusting or forwarding the client-supplied value.
This commit is contained in:
2026-06-24 20:27:22 +08:00
parent be4fcad605
commit a78d43b166
3 changed files with 34 additions and 35 deletions
+10 -13
View File
@@ -60,7 +60,8 @@ func NewFileService(
}
// Upload stores a file's content and creates its metadata record.
func (s *FileService) Upload(ctx context.Context, userID string, parentID *string, fileName string, reader io.Reader, clientMime string) (*FileInfo, error) {
// The MIME type is always detected server-side from the file content.
func (s *FileService) Upload(ctx context.Context, userID string, parentID *string, fileName string, reader io.Reader) (*FileInfo, error) {
if err := validateFileName(fileName); err != nil {
return nil, err
}
@@ -83,19 +84,15 @@ func (s *FileService) Upload(ctx context.Context, userID string, parentID *strin
reader = io.LimitReader(reader, s.maxUploadSize+1)
}
// Detect MIME type when the client does not provide a meaningful one.
mimeType := clientMime
if mimeType == "" || mimeType == "application/octet-stream" {
// Read the first 512 bytes for detection, then replay them.
head := make([]byte, 512)
n, readErr := io.ReadFull(reader, head)
if readErr != nil && readErr != io.ErrUnexpectedEOF && readErr != io.EOF {
return nil, fmt.Errorf("read for mime detection: %w", readErr)
}
head = head[:n]
mimeType = mimetype.Detect(head).String()
reader = io.MultiReader(bytes.NewReader(head), reader)
// Detect MIME type from file content.
head := make([]byte, 512)
n, readErr := io.ReadFull(reader, head)
if readErr != nil && readErr != io.ErrUnexpectedEOF && readErr != io.EOF {
return nil, fmt.Errorf("read for mime detection: %w", readErr)
}
head = head[:n]
mimeType := mimetype.Detect(head).String()
reader = io.MultiReader(bytes.NewReader(head), reader)
fileID := uuid.NewString()
storagePath := fmt.Sprintf("%s/%s", userID, fileID)