fix(api): 🎨 Do wizardry on qs middleware to also work on multipart formData

2025-12-06 08:28:19 +01:00 · 2024-05-08 01:16:16 -10:00 · 2024-05-08 01:16:16 -10:00 · a9629b825b
parent 2acd281c76
commit a9629b825b
4 changed files with 71 additions and 24 deletions
--- a/bun.lockb
+++ b/bun.lockb
--- a/package.json
+++ b/package.json
@ -74,6 +74,7 @@
  },
  "devDependencies": {
    "@biomejs/biome": "^1.7.0",
+    "@types/cli-progress": "^3.11.5",
    "@types/cli-table": "^0.3.4",
    "@types/html-to-text": "^9.0.4",
    "@types/ioredis": "^5.0.0",
@ -81,12 +82,12 @@
    "@types/markdown-it-container": "^2.0.10",
    "@types/mime-types": "^2.1.4",
    "@types/pg": "^8.11.5",
+    "@types/qs": "^6.9.15",
    "bun-types": "latest",
    "drizzle-kit": "^0.20.14",
+    "oclif": "^4.10.4",
    "ts-prune": "^0.10.3",
-    "typescript": "latest",
-    "@types/cli-progress": "^3.11.5",
-    "oclif": "^4.10.4"
+    "typescript": "latest"
  },
  "peerDependencies": {
    "typescript": "^5.3.2"
--- a/server/api/api/v1/accounts/update_credentials/index.ts
+++ b/server/api/api/v1/accounts/update_credentials/index.ts
@ -1,4 +1,4 @@
-import { applyConfig, auth, handleZodError } from "@api";
+import { applyConfig, auth, handleZodError, qs } from "@api";
 import { zValidator } from "@hono/zod-validator";
 import { errorResponse, jsonResponse } from "@response";
 import { sanitizeHtml, sanitizedHtmlStrip } from "@sanitization";
@ -96,6 +96,7 @@ export default (app: Hono) =>
    app.on(
        meta.allowedMethods,
        meta.route,
+        qs(),
        zValidator("form", schemas.form, handleZodError),
        auth(meta.auth),
        async (context) => {
@ -116,8 +117,6 @@ export default (app: Hono) =>

            const self = user.getUser();

-            const sanitizedNote = await sanitizeHtml(note ?? "");
-
            const sanitizedDisplayName = await sanitizedHtmlStrip(
                display_name ?? "",
            );
@ -154,18 +153,14 @@ export default (app: Hono) =>

            if (note && self.source) {
                // Check if bio doesnt match filters
-                if (
-                    config.filters.bio.some((filter) =>
-                        sanitizedNote.match(filter),
-                    )
-                ) {
+                if (config.filters.bio.some((filter) => note.match(filter))) {
                    return errorResponse("Bio contains blocked words", 422);
                }

-                self.source.note = sanitizedNote;
+                self.source.note = note;
                self.note = await contentToHtml({
                    "text/markdown": {
-                        content: sanitizedNote,
+                        content: note,
                    },
                });
            }
@ -270,7 +265,7 @@ export default (app: Hono) =>

            // Parse emojis
            const displaynameEmojis = await parseEmojis(sanitizedDisplayName);
-            const noteEmojis = await parseEmojis(sanitizedNote);
+            const noteEmojis = await parseEmojis(self.note);

            self.emojis = [...displaynameEmojis, ...noteEmojis, ...fieldEmojis];

--- a/utils/api.ts
+++ b/utils/api.ts
@ -107,8 +107,58 @@ export const auth = (authData: APIRouteMetadata["auth"]) =>
        };
    });

+/**
+ * Middleware to magically unfuck forms
+ * Add it to random Hono routes and hope it works
+ * @returns
+ */
 export const qs = () => {
    return createMiddleware(async (context, next) => {
+        const contentType = context.req.header("content-type");
+
+        if (contentType?.includes("multipart/form-data")) {
+            // Get it as a query format to pass on to qs, then insert back files
+            const formData = await context.req.formData();
+            const urlparams = new URLSearchParams();
+            const files = new Map<string, File>();
+            for (const [key, value] of [...formData.entries()]) {
+                if (Array.isArray(value)) {
+                    for (const val of value) {
+                        urlparams.append(key, val);
+                    }
+                } else if (!(value instanceof File)) {
+                    urlparams.append(key, String(value));
+                } else {
+                    if (!files.has(key)) {
+                        files.set(key, value);
+                    }
+                }
+            }
+
+            const parsed = parse(urlparams.toString(), {
+                parseArrays: true,
+                interpretNumericEntities: true,
+            });
+
+            // @ts-ignore Very bad hack
+            context.req.parseBody = <T extends BodyData = BodyData>() =>
+                Promise.resolve({
+                    ...parsed,
+                    ...Object.fromEntries(files),
+                } as T);
+
+            context.req.formData = () =>
+                // @ts-ignore I'm so sorry for this
+                Promise.resolve({
+                    ...parsed,
+                    ...Object.fromEntries(files),
+                });
+            // @ts-ignore I'm so sorry for this
+            context.req.bodyCache.formData = {
+                ...parsed,
+                ...Object.fromEntries(files),
+            };
+        } else if (contentType?.includes("application/x-www-form-urlencoded")) {
            const parsed = parse(await context.req.text(), {
                parseArrays: true,
                interpretNumericEntities: true,
@ -120,6 +170,7 @@ export const qs = () => {
            context.req.formData = () => Promise.resolve(parsed);
            // @ts-ignore I'm so sorry for this
            context.req.bodyCache.formData = parsed;
+        }
        await next();
    });
 };