passthrough file extensions & package updates

2 files changed, 28 insertions, 11 deletions

diff --git a/back-end/src/Endpoints/ContentEndpoint.cs b/back-end/src/Endpoints/ContentEndpoint.cs
index e1e1344..d362eed 100644
--- a/back-end/src/Endpoints/ContentEndpoint.cs
+++ b/back-end/src/Endpoints/ContentEndpoint.cs
@@ -251,15 +251,22 @@ namespace Content.Publishing.Blog.Admin.Endpoints
                 return VfReturnType.VirtualSkip;
             }
 
+            //Get the first file
+            FileUpload file = entity.Files[0];
+
             //Check content length
-            if (webm.Assert(entity.Files[0].FileData.Length <= MaxContentLength, $"The content length is too long, max length is {MaxContentLength} bytes"))
+            if (webm.Assert(file.FileData.Length <= MaxContentLength, $"The content length is too long, max length is {MaxContentLength} bytes"))
             {
                 entity.CloseResponseJson(HttpStatusCode.BadRequest, webm);
                 return VfReturnType.VirtualSkip;
             }
 
-            //Get the first file
-            FileUpload file = entity.Files[0];
+            //the http layer should protect from this but just in case
+            if(webm.Assert(file.ContentType != ContentType.NonSupported, "The uploaded file is not a supported system content type"))
+            {
+                entity.CloseResponseJson(HttpStatusCode.BadRequest, webm);
+                return VfReturnType.VirtualSkip;
+            }
 
             //Get the channel
             IChannelContext? channel = await _blogContextManager.GetChannelAsync(channelId, entity.EventCancellation);
diff --git a/back-end/src/Model/ContentManager.cs b/back-end/src/Model/ContentManager.cs
index b5fc385..dc289fa 100644
--- a/back-end/src/Model/ContentManager.cs
+++ b/back-end/src/Model/ContentManager.cs
@@ -100,7 +100,7 @@ namespace Content.Publishing.Blog.Admin.Model
                 Length = length,
                 FileName = fileName,
                 //File path from ct
-                FilePath = GetFileNameFromType(fileId, ct)
+                FilePath = GetFileNameFromTypeOrExtension(fileId, ct, fileName)
             };
         }
 
@@ -194,7 +194,7 @@ namespace Content.Publishing.Blog.Admin.Model
                 FileName = $"Content for post {postId}",
                 Id = postId,
                 Length = 0,
-                FilePath = GetFileNameFromType(postId, ContentType.Html),
+                FilePath = GetFileNameFromTypeOrExtension(postId, ContentType.Html, null),
             };
 
             //Get the content index
@@ -287,14 +287,24 @@ namespace Content.Publishing.Blog.Admin.Model
             return $"{context.ContentDir}/{meta.FilePath}";
         }
 
-        private static string GetFileNameFromType(string fileId, ContentType type)
+        private static string GetFileNameFromTypeOrExtension(string fileId, ContentType type, string? fileName)
         {
-            //Create file path from its id and file extension
-            return type switch
+            if(Path.HasExtension(fileName))
             {
-                ContentType.Javascript => $"{fileId}.js",
-                _ => $"{fileId}.{type.ToString().ToLowerInvariant()}",
-            };
+                string extension = Path.GetExtension(fileName);
+                return $"{fileId}{extension}";              
+            }
+            else
+            {
+                //Create file path from its id and file extension
+                string extension = type switch
+                {
+                    ContentType.Javascript => ".js",
+                    _ => type.ToString().ToLowerInvariant(),
+                };
+
+                return $"{fileId}.{extension}";
+            }
         }
     }
 }