Restrict upload to a file which upload completed already

Author: psi-4ward

lib/endpoints.js

@@ -29,6 +29,7 @@ const downloadPage = pug.compileFile(path.join(__dirname, '../public/pug/downloa
 const store = new Store(config.uploadDir);
 const Db = require('./db');
 const { createGzip } = require("zlib");
+const httpErrors = require("http-errors");
 const db = new Db(config.uploadDir, store);
 db.init();
 const app = express();
@@ -315,7 +316,7 @@ app.get(`${ config.baseUrl }files/:fid`, async (req, res, next) => {
 
 // Upload file
 app.use(`${ config.uploadAppPath }files`,
-  function(req, res, next) {
+  async function(req, res, next) {
     // Upload password protection
     if (config.uploadPass) {
       const bfTimeout = 500;
@@ -331,6 +332,22 @@ app.use(`${ config.uploadAppPath }files`,
 
     if (req.method === 'GET') return res.status(405).end();
 
+    // Restrict upload to a file which upload completed already
+    if(['POST', 'PATCH'].includes(req.method)) {
+      try {
+        const fid = req.url.substring(1);
+        const info = await store.info(fid);
+        if(!info.isPartial) {
+          return res.status(400).end('Upload already completed');
+        }
+      } catch(e) {
+        if(! e instanceof httpErrors.NotFound) {
+          console.error(e);
+          return;
+        }
+      }
+    }
+
     if (req.method === 'POST') {
       // validate meta-data
       // !! tusMeta.encode supports only strings !!
@@ -387,7 +404,6 @@ app.use(`${ config.uploadAppPath }files`,
     afterComplete: (req, upload, fid) => {
       db.add(upload.metadata.sid, upload.metadata.key, upload);
       debug(`Completed upload ${ fid }, size=${ upload.size } name=${ upload.metadata.name }`);
-
       eventBus.emit('fileUploaded', upload);
     },
   })