Merge pull request #185 from lenoctambule/master

Added file format check and option to require authentication to upload files

Author: pylixm

README.md

@@ -196,6 +196,7 @@ MDEDITOR_CONFIGS = {
                     "help", "info",
                     "||", "preview", "watch", "fullscreen"],  # custom edit box toolbar 
         'upload_image_formats': ["jpg", "jpeg", "gif", "png", "bmp", "webp"],  # image upload format type
+        'upload_require_auth' : False, # image upload authentication requirement
         'image_folder': 'editor',  # image save the folder name
         'theme': 'default',  # edit box theme, dark / default
         'preview_theme': 'default',  # Preview area theme, dark / default

README_CN.md

@@ -201,7 +201,8 @@ MDEDITOR_CONFIGS = {
                 "emoji", "html-entities", "pagebreak", "goto-line", "|",
                 "help", "info",
                 "||", "preview", "watch", "fullscreen"],  # 自定义编辑框工具栏
-    'upload_image_formats': ["jpg", "jpeg", "gif", "png", "bmp", "webp"],  # 图片上传格式类型
+    'upload_image_formats': ["jpg", "jpeg", "gif", "png", "bmp", "webp"],  # 图片上传格式类型,
+    'upload_require_auth' : False, # TODO: Translation needed here
     'image_folder': 'editor',  # 图片保存文件夹名称
     'theme': 'default',  # 编辑框主题 ，dark / default
     'preview_theme': 'default',  # 预览区域主题， dark / default

mdeditor/configs.py

@@ -17,6 +17,7 @@
     'upload_image_formats': ["jpg", "JPG", "jpeg", "JPEG", "gif", "GIF", "png",
                              "PNG", "bmp", "BMP", "webp", "WEBP"],
     'upload_image_url': '/mdeditor/uploads/',
+    'upload_require_auth' : False,
     'image_folder': 'editor',
     'theme': 'default',  # dark / default
     'preview_theme': 'default',  # dark / default

mdeditor/views.py

@@ -8,11 +8,11 @@
 from django.views.decorators.csrf import csrf_exempt
 from django.utils.decorators import method_decorator
 from .configs import MDConfig
+from PIL import Image
 
 # TODO 此处获取default配置，当用户设置了其他配置时，此处无效，需要进一步完善
 MDEDITOR_CONFIGS = MDConfig('default')
 
-
 class UploadView(generic.View):
     """ upload image file """
 
@@ -23,6 +23,15 @@ def dispatch(self, *args, **kwargs):
     def post(self, request, *args, **kwargs):
         upload_image = request.FILES.get("editormd-image-file", None)
         media_root = settings.MEDIA_ROOT
+        upload_require_auth = MDEDITOR_CONFIGS.get('upload_require_auth', False)
+
+        # Check if user is authenticated if it is required
+        if upload_require_auth and not request.user.is_authenticated :
+            return JsonResponse({
+                'success' : 0,
+                'message': "Authentication required.",
+                'url': ""
+            })
 
         # image none check
         if not upload_image:
@@ -44,6 +53,15 @@ def post(self, request, *args, **kwargs):
                 'url': ""
             })
 
+        try :
+            Image.open(upload_image)
+        except :
+            return JsonResponse({
+                'success': 0,
+                'message': "File format not recognized.",
+                'url': ""
+            })
+
         # image floder check
         file_path = os.path.join(media_root, MDEDITOR_CONFIGS['image_folder'])
         if not os.path.exists(file_path):

requirements.txt

@@ -2,3 +2,4 @@ asgiref==3.5.0
 Django==4.0.3
 mistune==2.0.3
 sqlparse==0.4.2
+Pillow==9.3.0