231e8464d9
Implemented and tested comprehensive file upload security pipeline with automatic quarantine system. Added ClamAV fallback for development environments and resolved cross-filesystem quarantine issues. All tests passed including EICAR malware detection. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
110 lines
2.9 KiB
JavaScript
110 lines
2.9 KiB
JavaScript
/**
|
|
* Test Routes
|
|
* Development and testing endpoints
|
|
*/
|
|
|
|
const express = require('express');
|
|
const router = express.Router();
|
|
const { createSecureUpload, ALLOWED_MIME_TYPES } = require('../middleware/file-security.middleware');
|
|
const { asyncHandler } = require('../middleware/error.middleware');
|
|
const logger = require('../utils/logger.util');
|
|
|
|
/**
|
|
* Test file upload endpoint
|
|
* POST /api/test/upload
|
|
*
|
|
* Tests the complete file security pipeline:
|
|
* - Multer upload
|
|
* - MIME type validation
|
|
* - Magic number validation
|
|
* - ClamAV malware scanning
|
|
* - Quarantine system
|
|
*/
|
|
router.post('/upload',
|
|
...createSecureUpload({
|
|
fileType: 'document',
|
|
maxFileSize: 10 * 1024 * 1024, // 10MB
|
|
allowedMimeTypes: ALLOWED_MIME_TYPES.document,
|
|
fieldName: 'file'
|
|
}),
|
|
asyncHandler(async (req, res) => {
|
|
if (!req.file) {
|
|
return res.status(400).json({
|
|
error: 'Bad Request',
|
|
message: 'No file uploaded'
|
|
});
|
|
}
|
|
|
|
logger.info(`Test file upload successful: ${req.file.originalname}`);
|
|
|
|
res.json({
|
|
success: true,
|
|
message: 'File uploaded and validated successfully',
|
|
file: {
|
|
originalName: req.file.originalname,
|
|
filename: req.file.filename,
|
|
mimetype: req.file.mimetype,
|
|
size: req.file.size,
|
|
path: req.file.path
|
|
},
|
|
security: {
|
|
mimeValidated: true,
|
|
malwareScan: 'passed',
|
|
quarantined: false
|
|
}
|
|
});
|
|
})
|
|
);
|
|
|
|
/**
|
|
* Get upload statistics
|
|
* GET /api/test/upload-stats
|
|
*/
|
|
router.get('/upload-stats',
|
|
asyncHandler(async (req, res) => {
|
|
const fs = require('fs').promises;
|
|
const path = require('path');
|
|
|
|
try {
|
|
const uploadDir = process.env.UPLOAD_DIR || '/tmp/tractatus-uploads';
|
|
const quarantineDir = process.env.QUARANTINE_DIR || '/var/quarantine/tractatus';
|
|
|
|
const uploadFiles = await fs.readdir(uploadDir).catch(() => []);
|
|
const quarantineFiles = await fs.readdir(quarantineDir).catch(() => []);
|
|
|
|
// Get quarantine details
|
|
const quarantineDetails = [];
|
|
for (const file of quarantineFiles) {
|
|
if (file.endsWith('.json')) {
|
|
const metadataPath = path.join(quarantineDir, file);
|
|
const metadata = JSON.parse(await fs.readFile(metadataPath, 'utf8'));
|
|
quarantineDetails.push(metadata);
|
|
}
|
|
}
|
|
|
|
res.json({
|
|
success: true,
|
|
stats: {
|
|
uploads: {
|
|
directory: uploadDir,
|
|
count: uploadFiles.length,
|
|
files: uploadFiles
|
|
},
|
|
quarantine: {
|
|
directory: quarantineDir,
|
|
count: Math.floor(quarantineFiles.length / 2), // Each quarantined file has .json metadata
|
|
items: quarantineDetails
|
|
}
|
|
}
|
|
});
|
|
} catch (error) {
|
|
logger.error('Upload stats error:', error);
|
|
res.status(500).json({
|
|
error: 'Internal Server Error',
|
|
message: 'Failed to retrieve upload statistics'
|
|
});
|
|
}
|
|
})
|
|
);
|
|
|
|
module.exports = router;
|