this repo has no description
feat: Add validation for image content type when fetching from source URL
+7
-1
+7
-1
bot/telegrambot/helpers/mediaHelper.js
+7
-1
bot/telegrambot/helpers/mediaHelper.js
···
192
192
const imageResponse = await axios({
193
193
method: 'GET',
194
194
url: mediaData.sourceUrl,
195
-
responseType: 'stream'
195
+
responseType: 'stream',
196
+
validateStatus: status => status >= 200 && status < 300 // Only accept 2xx
196
197
});
198
+
const contentType = imageResponse.headers['content-type'] || '';
199
+
if (!contentType.startsWith('image/')) {
200
+
console.error(`Source URL did not return an image. Content-Type: ${contentType}`);
201
+
return false;
202
+
}
197
203
await this.bot.sendPhoto(
198
204
config.channelId,
199
205
imageResponse.data,