fix(upload): add file type/size validation, Content-Disposition header

- Add content type allowlist (images, PDF, text, video, audio, zip) - Enforce 10 MB upload limit via http.MaxBytesReader - Set Content-Disposition on S3 objects for proper download filenames - Remove unused CloudFrontSigner.Domain() method Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-31 14:55:27 +08:00 · 2026-03-31 14:55:27 +08:00 · edf4c00c08
commit edf4c00c08
parent 29a80e057e
4 changed files with 54 additions and 26 deletions
--- a/server/internal/storage/s3.go
+++ b/server/internal/storage/s3.go
@ -67,15 +67,15 @@ func NewS3StorageFromEnv() *S3Storage {
 	}
 }

-func (s *S3Storage) Upload(ctx context.Context, key string, data []byte, contentType string, metadata map[string]string) (string, error) {
+func (s *S3Storage) Upload(ctx context.Context, key string, data []byte, contentType string, filename string) (string, error) {
 	_, err := s.client.PutObject(ctx, &s3.PutObjectInput{
-		Bucket:       aws.String(s.bucket),
-		Key:          aws.String(key),
-		Body:         bytes.NewReader(data),
-		ContentType:  aws.String(contentType),
-		CacheControl: aws.String("max-age=432000,public"),
-		StorageClass: types.StorageClassIntelligentTiering,
-		Metadata:     metadata,
+		Bucket:             aws.String(s.bucket),
+		Key:                aws.String(key),
+		Body:               bytes.NewReader(data),
+		ContentType:        aws.String(contentType),
+		ContentDisposition: aws.String(fmt.Sprintf(`inline; filename="%s"`, filename)),
+		CacheControl:       aws.String("max-age=432000,public"),
+		StorageClass:       types.StorageClassIntelligentTiering,
 	})
 	if err != nil {
 		return "", fmt.Errorf("s3 PutObject: %w", err)