Lumieducation/H5P-Nodejs-library

Check uploaded (content) files

Open

#84 opened on Aug 30, 2019

View on GitHub
 (2 comments) (0 reactions) (0 assignees)TypeScript (198 stars) (104 forks)auto 404
H5P-Editorenhancementgood first issue

Description

Files uploaded through the AJAX endpoint (images, video etc.) need to be check whether they are valid:

  • the extension must be in H5PEditorConfig.contentWhitelist
  • the file must be smaller than H5PEditorConfig.maxFileSize
  • the package it is added to must not have a greater total size than H5PEditorConfig.maxTotalSize

There are further checks in h5p-editor-php-library:h5p-editor-file.class.php:

  • check if field type & mime-type match
  • check if mime-type is allowed
    • if image (check by mime type): - only allow png,jpg,jpg,gif - read image (& get file size)
    • if audio (check by mime type): only allow mpeg, mp3, m4a, mp4, wav, x-wav, ogg
    • if video (check by mime type): only allow mp4,webm, ogg
  • check if mime-type matches extension

Contributor guide

Tech stack
typescriptnodejs
Domain
backend
Issue type
feature
DifficultyEstimated implementation difficulty for a new contributor, from 1 for very small changes to 5 for expert-level work.
3
Estimated timeA rough time range for an experienced contributor to investigate, implement, test, and prepare a pull request.
half day
Activity statusHow available the issue appears right now: fresh, active, stale, blocked, or waiting on maintainer input.
active
ClarityHow clearly the issue explains the expected change, acceptance criteria, and next step.
clear
Prerequisites
GitNode.js
Newbie friendlinessA 1-100 score estimating how approachable this issue is for first-time contributors.
60
Research direction
Examine the PHP implementation in h5p editor php library for the complete set of checks, then implement them in the Node.js library for the AJAX upload endpoint.