Skip to content

Commit

Permalink
refactor(deleteFirebaseFile): add user id validation for firebase fil…
Browse files Browse the repository at this point in the history 
…e deletion
  • Loading branch information
@danny-avila
danny-avila committed Jan 9, 2024
1 parent d457057 commit f783926
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions api/server/services/Files/Firebase/crud.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -161,6 +161,9 @@ function extractFirebaseFilePath(urlString) {
*/
const deleteFirebaseFile = async (req, file) => {
const fileName = extractFirebaseFilePath(file.filepath);
if (!fileName.includes(req.user.id)) {
throw new Error('Invalid file path');
}
await deleteFile('', fileName);
};

Expand Down

0 comments on commit f783926

Please sign in to comment.