From ffef4425f5f6d4c023ac5ae78e40e84cb24f4b5b Mon Sep 17 00:00:00 2001
From: David Mehren <git@herrmehren.de>
Date: Sat, 17 Oct 2020 20:50:20 +0200
Subject: [PATCH] MediaService: Only allow upload of common image formats and
 PDFs

Signed-off-by: David Mehren <git@herrmehren.de>
---
 src/media/media.service.ts | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/src/media/media.service.ts b/src/media/media.service.ts
index c9fc6ccd9..197a1e44c 100644
--- a/src/media/media.service.ts
+++ b/src/media/media.service.ts
@@ -26,8 +26,22 @@ export class MediaService {
   }
 
   private static isAllowedMimeType(mimeType: string): boolean {
-    //TODO: Which mimetypes are allowed?
-    return true;
+    const allowedTypes = [
+      'application/pdf',
+      'image/apng',
+      'image/bmp',
+      'image/gif',
+      'image/heif',
+      'image/heic',
+      'image/heif-sequence',
+      'image/heic-sequence',
+      'image/jpeg',
+      'image/png',
+      'image/svg+xml',
+      'image/tiff',
+      'image/webp',
+    ];
+    return allowedTypes.includes(mimeType);
   }
 
   public async saveFile(file: MulterFile, username: string, noteId: string) {