Edit post

Title

[冇錯係講緊呢隻。](/view/12)

我晒左少少時間寫左個[middleware](http://expressjs.com/zh-tw/guide/using-middleware.html)將佢拒之門外。

原理好簡單，檢查email入面既`.zip`附件有冇`.js`檔，有就reject。

var tryGetZipBufferFromBase64 = function (buffer) {
      try {
        var lines = buffer.toString().split('\n');
        if (lines[1].indexOf('Content-Transfer-Encoding') !== -1 && lines[1].indexOf('base64') !== -1) {
          return new Buffer(lines.slice(3).join(''), 'base64');
        }
      } catch (e) {
        console.log(e);
      }
      return buffer;
    };

var checkForThatVirus = function (req, res, next) {
      if (!req.files) return next();
      console.log('Checking for virus...');
      Async.map(req.files, function (zip, callback) {
        var buffer = tryGetZipBufferFromBase64(zip.buffer);
        var bufferStream = new stream.PassThrough();
        var hasError;
        var zipHasJS;
        bufferStream.end(buffer);
        bufferStream.pipe(unzip.Parse()).on('entry', function (entry) {
          var splitted = entry.path.split('.');
          entry.autodrain();
          zipHasJS |= splitted[splitted.length - 1].toLowerCase() === 'js';
        }).on('error', function (err) {
          hasError = !(!err);
        });
        // Fuck this shit
        setTimeout(function () {
          if (hasError) return callback(null, false);
          callback(null, zipHasJS);
        }, 1000);
      }, function (err, results) {
        if (err) throw err;
        var hasJS = false;
        results.forEach(function (result) {
          hasJS |= result;
        });
        if (!hasJS) return next();
        console.log('Mail dropped: at least a .js in one of .zip file');
        res.send('Mail dropped: at least a .js in one of .zip file');
      });
    };

Content

Password

Preview

Powered by Simple Blog