#32: No file-restrictions on client is now permitted

lib/directive.js

@@ -73,7 +73,7 @@ Slingshot._directives = {};
 Slingshot.createDirective = function (name, service, options) {
   if (_.has(Slingshot._directives, name))
     throw new Error("Directive '" + name + "' already exists");
-  
+
   var restrictions = Slingshot.getRestrictions(name);
   _.defaults(options, restrictions);
 
@@ -99,7 +99,7 @@ Slingshot.getDirective = function (name) {
 
 Slingshot.Directive = function (service, directive) {
   check(this, Slingshot.Directive);
-  
+
   //service does not have to be a plain-object, so checking fields individually
   check(service.directiveMatch, Object);
   check(service.upload, Function);
@@ -115,7 +115,7 @@ Slingshot.Directive = function (service, directive) {
     cacheControl: Match.Optional(String),
     contentDisposition: Match.Optional(Match.OneOf(String, null))
   }, service.directiveMatch));
-  
+
   /**
    * @method storageService
    * @returns {Object}
@@ -159,7 +159,7 @@ _.extend(Slingshot.Directive.prototype, {
 
     return instructions;
   },
-  
+
  /**
   *
   * @method requestAuthorization
@@ -178,10 +178,10 @@ _.extend(Slingshot.Directive.prototype, {
         restrictions = _.pick(this._directive,
           ['authorize', 'maxSize', 'allowedFileTypes']
         );
-        
-    return validators.authorize(context, file, meta, restrictions);
+
+    return validators.checkAll(context, file, meta, restrictions);
   }
-  
+
 });
 
 Meteor.methods({

lib/upload.js

@@ -59,21 +59,21 @@ Slingshot.Upload = function (directive, metaData) {
     uploaded: function () {
       return loaded.get();
     },
-    
+
    /**
     * @param {File} file
     * @returns {null|Error} Returns null on success, Error on failure.
     */
-    
+
     validate: function(file) {
       var context = {
         userId: Meteor.userId()
       };
       try {
         var validators = Slingshot.Validators,
             restrictions = Slingshot.getRestrictions(directive);
-            
-        validators.authorize(context, file, metaData, restrictions) && null;
+
+        validators.checkAll(context, file, metaData, restrictions) && null;
       } catch(error) {
         return error;
       }
@@ -119,11 +119,11 @@ Slingshot.Upload = function (directive, metaData) {
       if (!self.file) {
         callback(new Error("No file to request upload for"));
       }
-      
+
       var file = _.pick(self.file, "name", "size", "type");
 
       status.set("authorizing");
-      
+
       var error = this.validate(file);
       if (error) {
         status.set("failed");
@@ -270,7 +270,7 @@ Slingshot.Upload = function (directive, metaData) {
 
       return field && field.value;
     }
-    
+
   });
 };
 

lib/validators.js

@@ -1,8 +1,8 @@
 Slingshot.Validators = {
-  
+
  /**
   *
-  * @method authorize
+  * @method checkAll
   *
   * @throws Meteor.Error
   *
@@ -14,7 +14,7 @@ Slingshot.Validators = {
   * @returns {Boolean}
   */
 
-  authorize: function (context, file, meta, restrictions) {
+  checkAll: function (context, file, meta, restrictions) {
     return this.checkFileSize(file.size, restrictions.maxSize) &&
       this.checkFileType(file.type, restrictions.allowedFileTypes) &&
       (typeof restrictions.authorize !== 'function' ||
@@ -44,7 +44,7 @@ Slingshot.Validators = {
    * @throws Meteor.Error
    *
    * @param {String} type - Mime type
-   * @param {RegExp|Array|String} allowed - Allowed file type(s)
+   * @param {(RegExp|Array|String)} [allowed] - Allowed file type(s)
    * @returns {boolean}
    */
 
@@ -68,8 +68,8 @@ Slingshot.Validators = {
       return true;
     }
 
-    if (allowed !== type) {
-      throw new Meteor.Error("Upload denied", "Only file of type " + allowed +
+    if (allowed && allowed !== type) {
+      throw new Meteor.Error("Upload denied", "Only files of type " + allowed +
         " can be uploaded");
     }
 
@@ -93,4 +93,4 @@ function formatBytes(size) {
   }
 
   return (Math.round(size * 100) / 100) + " " + unit;
-}
+}

package.js

@@ -10,12 +10,14 @@ Package.on_use(function (api) {
 
   api.use(["underscore", "check"]);
   api.use(["tracker", "reactive-var"], "client");
-  
+
   api.add_files([
     "lib/restrictions.js",
     "lib/validators.js"
-  ], ["client", "server"]);
+  ]);
+
   api.add_files("lib/upload.js", "client");
+
   api.add_files([
     "lib/directive.js",
     "lib/storage-policy.js",

versions.json

@@ -34,6 +34,6 @@
     ]
   ],
   "pluginDependencies": [],
-  "toolVersion": "meteor-tool@1.0.36",
+  "toolVersion": "meteor-tool@1.0.35",
   "format": "1.0"
 }