Merge pull request #11 from theoleuthardt/feat/doc-converter

fix: doc-converter security bug
feat: doc-converter is completed with this pull request!

backend/server.ts

@@ -6,7 +6,12 @@ import { colorConvert } from "./src/routes/colorconvert.route";
 
 const app = Fastify({ logger: true });
 
-app.register(cors, { origin: "*", exposedHeaders: 'Content-Disposition' });
+app.register(cors, {
+  origin: "*",
+  exposedHeaders: "Content-Disposition",
+  methods: "POST",
+  allowedHeaders: "Content-Type",
+});
 app.register(multipart);
 app.register(libreConvert);
 app.register(colorConvert);

backend/src/routes/libreconvert.route.ts

@@ -6,23 +6,25 @@ import { MultipartValue } from "@fastify/multipart";
 const libreConvertAsync = promisify(libre.convert);
 
 const mimeTypes: { [key: string]: string } = {
-  'pdf': 'application/pdf',
+  pdf: "application/pdf",
-  'html': 'text/html',
+  html: "text/html",
-  'doc': 'application/msword',
+  doc: "application/msword",
-  'docx': 'application/vnd.openxmlformats-officedocument.wordprocessingml.document',
+  docx: "application/vnd.openxmlformats-officedocument.wordprocessingml.document",
-  'txt': 'text/plain',
+  txt: "text/plain",
-  'rtf': 'application/rtf',
+  rtf: "application/rtf",
-  'odt': 'application/vnd.oasis.opendocument.text',
+  odt: "application/vnd.oasis.opendocument.text",
-  'xlsx': 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',
+  xlsx: "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet",
-  'xls': 'application/vnd.ms-excel',
+  xls: "application/vnd.ms-excel",
-  'ods': 'application/vnd.oasis.opendocument.spreadsheet',
+  ods: "application/vnd.oasis.opendocument.spreadsheet",
-  'pptx': 'application/vnd.openxmlformats-officedocument.presentationml.presentation',
+  pptx: "application/vnd.openxmlformats-officedocument.presentationml.presentation",
-  'ppt': 'application/vnd.ms-powerpoint',
+  ppt: "application/vnd.ms-powerpoint",
-  'odp': 'application/vnd.oasis.opendocument.presentation'
+  odp: "application/vnd.oasis.opendocument.presentation",
 };
 
 export async function libreConvert(app: FastifyInstance) {
-  app.post("/api/libre-convert", async (request: FastifyRequest, reply: FastifyReply) => {
+  app.post(
+    "/api/libre-convert",
+    async (request: FastifyRequest, reply: FastifyReply) => {
       try {
         const parts = request.parts();
 
@@ -32,9 +34,11 @@ export async function libreConvert(app: FastifyInstance) {
         for await (const part of parts) {
           if (part.type === "file") {
             fileBuffer = await part.toBuffer();
-        } else if (part.fieldname === "outputFormat" && part.type === "field") {
+          } else if (
+            part.fieldname === "outputFormat" &&
+            part.type === "field"
+          ) {
             outputFileExt = (part as MultipartValue<string>).value;
-          console.log("Output format:", outputFileExt);
           }
         }
 
@@ -42,24 +46,35 @@ export async function libreConvert(app: FastifyInstance) {
           return reply.status(400).send({ error: "No file uploaded!" });
         }
         if (!outputFileExt) {
-        return reply.status(400).send({ error: "No output format provided!" });
+          return reply
+            .status(400)
+            .send({ error: "No output format provided!" });
         }
         if (!outputFileExt.startsWith(".")) {
           outputFileExt = "." + outputFileExt;
         }
 
         const format = outputFileExt.substring(1);
-      const mimeType = mimeTypes[format] || 'application/octet-stream';
+        const mimeType = mimeTypes[format] || "application/octet-stream";
 
-      const convertedBuffer = await libreConvertAsync(fileBuffer, outputFileExt, undefined);
+        const convertedBuffer = await libreConvertAsync(
+          fileBuffer,
+          outputFileExt,
+          undefined,
+        );
 
         reply
           .header("Content-Type", mimeType)
-          .header("Content-Disposition", `attachment; filename="converted${outputFileExt}"`)
+          .header(
+            "Content-Disposition",
+            `attachment; filename="converted${outputFileExt}"`,
+          )
+          .status(200)
           .send(convertedBuffer);
       } catch (error) {
         console.error("Convert error:", error);
         reply.status(500).send({ error: "Error while converting!" });
       }
-  });
+    },
+  );
 }

frontend/src/app/doc-converter/page.tsx

@@ -3,14 +3,12 @@ import React, { useState } from "react";
 import Navbar from "../../components/Navbar";
 import Footer from "../../components/Footer";
 import Button from "../../components/Button";
-import Link from "next/link";
 import { ChevronDown, ChevronUp } from "lucide-react";
 import Dropdown from "@/components/Dropdown";
 import { FileFormatsTable, outputFileFormats } from "@/constants";
 
 export default function DocConverter() {
   const [file, setFile] = useState<File | null>(null);
-  const [downloadUrl, setDownloadUrl] = useState<string>("");
   const [loading, setLoading] = useState(false);
   const [tableOpen, setTableOpen] = useState(false);
   const [filteredOptions, setFilteredOptions] = useState<string[]>([]);
@@ -19,6 +17,8 @@ export default function DocConverter() {
   );
 
   const handleFileChange = (event: React.ChangeEvent<HTMLInputElement>) => {
+    event.preventDefault();
+
     if (event.target.files && event.target.files.length > 0) {
       const selectedFile = event.target.files[0];
       const fileExtension = selectedFile.name.split(".").pop()?.toLowerCase();
@@ -28,14 +28,13 @@ export default function DocConverter() {
       );
 
       if (!isSupported) {
-        console.error("Not supported file uploaded!");
         alert("File format not supported!");
         event.target.value = "";
         return;
       }
 
       setFile(selectedFile);
-      setDownloadUrl("");
+      setSelectedOutputFormat("");
 
       const matchedFormat = outputFileFormats.find((format) =>
         format.input.toLowerCase().includes(fileExtension || ""),
@@ -66,17 +65,26 @@ export default function DocConverter() {
       );
 
       if (!response.ok) {
-        return new Error(`Error: ${response.statusText}`);
+        console.error(`Error: ${response.statusText}`);
       }
 
       const blob = await response.blob();
-      console.log("Blob:", blob);
       const url = window.URL.createObjectURL(blob);
-      console.log("Download URL:", url);
+      const filename = file.name.split(".")[0];
-      setDownloadUrl(url);
+
+      const a = document.createElement("a");
+      a.href = url;
+      a.download = `${filename}${selectedOutputFormat}`;
+      document.body.appendChild(a);
+      a.click();
+      document.body.removeChild(a);
+
+      setTimeout(() => {
+        URL.revokeObjectURL(url);
+      }, 5000);
     } catch (error) {
       console.error("Error while converting:", error);
-      alert("Error while converting");
+      alert("Error while converting!");
     } finally {
       setLoading(false);
     }
@@ -109,11 +117,6 @@ export default function DocConverter() {
           />
         </div>
         <div className={"flex flex-row items-center gap-4 mt-4 mb-16"}>
-          {downloadUrl ? (
-            <Link id="downloadPDF" href={downloadUrl}>
-              <Button content="download" />
-            </Link>
-          ) : (
           <Button
             content={
               loading ? (
@@ -124,7 +127,6 @@ export default function DocConverter() {
             }
             onClick={convertDoc}
           />
-          )}
         </div>
         <div className="overflow-hidden text-xl rounded-lg border border-white mb-16 transition-all duration-300 ease-in-out hover:border-blue-400">
           <div