Merge pull request #306 from webreinvent/2.x-feature/github-issue-#301

2.x feature -> 2.x develop  | Fixed GitHub issues

Author: themodernpk

Config/vaahcms.php

@@ -8,7 +8,7 @@
 $settings =  [
     'app_name' => 'VaahCMS',
     'app_slug' => 'vaahcms',
-    'version' => '2.3.1',
+    'version' => '2.3.2',
     'php_version_required' => '8.1',
     'get_config_version' => false,
     'website' => 'https://vaah.dev/cms',
@@ -30,7 +30,7 @@
     'per_page' => 20,
     'build_directory_name' => 'vaahcms',    //config('vaahcms.build_directory_name')
     'minified' => 0,
-    'api_route' => 'https://api.vaah.dev/cms/v2/',
+    'api_route' => 'https://api.vaah.dev/api/',
     'debug' => 1,
     'uploads' => [
         'allowed_extensions' => ["jpg", "jpeg", 'png', "gif", "csv", "docs", "pdf"]

Http/Controllers/Api/PublicController.php

@@ -123,4 +123,25 @@ public function publishAssets(Request $request,$slug)
     }
     //----------------------------------------------------------
 
+    //----------------------------------------------------------
+    public function healthCheck(Request $request)
+    {
+        try{
+            return 'OK';
+        } catch (\Exception $e) {
+            $response = [];
+            $response['success'] = false;
+
+            if(env('APP_DEBUG')){
+                $response['errors'][] = $e->getMessage();
+                $response['hint'][] = $e->getTraceAsString();
+            } else {
+                $response['errors'][] = trans("vaahcms-general.something_went_wrong");
+            }
+        }
+
+
+        return response()->json($response);
+
+    }
 }

Http/Controllers/Backend/MediaController.php

@@ -322,22 +322,24 @@ public function itemDownload(Request $request, $slug): BinaryFileResponse | Json
     //----------------------------------------------------------
     public function upload(Request $request): JsonResponse
     {
-        $allowed_file_upload_size = config('vaahcms.allowed_file_upload_size');
+        $allowed_file_upload_size = config('settings.global.upload_allowed_file_size',10)*1024;
+        $file_validation = 'max:'.$allowed_file_upload_size.'|mimes:jpg,bmp,png';
 
         $input_file_name = null;
+
         $rules = array(
             'folder_path' => 'required',
-            'file' => 'max:'.$allowed_file_upload_size,
         );
 
         if ($request->has('file_input_name')) {
-            $rules[$request->file_input_name] = 'required';
+            $rules[$request->file_input_name] = 'required|'.$file_validation;
             $input_file_name = $request->file_input_name;
         } else {
-            $rules['file'] = 'required';
+            $rules['file'] = 'required|'.$file_validation;
             $input_file_name = 'file';
         }
 
+
         $validator = \Validator::make( $request->all(), $rules);
 
         if ( $validator->fails()) {
@@ -354,6 +356,12 @@ public function upload(Request $request): JsonResponse
                 $request->folder_path = $request->folder_path."/".date('Y')."/".date('m');
             }
 
+            if (Str::contains($request->folder_path, ['..', '\\'])) {
+                $response['success'] = false;
+                $response['errors'][] = 'Invalid folder path "'.$request->folder_path.'"';
+                return response()->json($response);
+            }
+
             $data['extension'] = $request->file($input_file_name)->extension();
             $data['original_name'] = $request->file($input_file_name)->getClientOriginalName();
             $data['mime_type'] = $request->file($input_file_name)->getClientMimeType();

Resources/assets/backend/vaahtwo/build/Sidebar.js

@@ -31,6 +31,9 @@ function () {
         //------------------------------------------------
         Route::any( '/publish/assets/{slug}', 'PublicController@publishAssets' )
             ->name( 'vh.backend.publish.assets' );
+        //------------------------------------------------
+        Route::any( '/health', 'PublicController@healthCheck' )
+            ->name( 'vh.backend.health.check' );
 
     });
 

Resources/assets/backend/vaahtwo/build/main.js

@@ -79,10 +79,11 @@ const emit = defineEmits();
  * Methods
  */
 function uploadFile(e){
-    if(upload_refs.value.files[0]['size'] > props.maxFileSize){
-        vaah().toastErrors(['Invalid. File size should be smaller than 200kb']);
+    if(!upload_refs.value || !upload_refs.value.files || !upload_refs.value.files[0] || upload_refs.value.files[0]['size'] > props.maxFileSize){
+        vaah().toastErrors([`Invalid. File size should be smaller than 1000KB`]);
         return;
     }
+
     let uploaded_files = upload_refs.value.files;
 
     upload_refs.value.files = [];
@@ -97,8 +98,11 @@ function uploadFile(e){
                 'Content-Type': 'multipart/form-data'
             }
         }).then(res=>{
-            upload_refs.value.uploadedFiles[0] = file;
-            store.storeAvatar(res.data.data);
+            if(res.data.data){
+                upload_refs.value.uploadedFiles[0] = file;
+                store.storeAvatar(res.data.data);
+            }
+            vaah().processResponse(res);
         });
     })
 

Resources/assets/backend/vaahtwo/build/mainExtended.js

@@ -51,7 +51,7 @@ onMounted(async () => {
                         <div class="w-max">
                             <FileUploader v-if="root.assets.urls"
                                           placeholder="Upload Avatar"
-                                          :maxFileSize="10000000"
+                                          :max_file_size="1024000"
                                           :is_basic="true"
                                           :auto_upload="true"
                                           :uploadUrl="root.assets.urls.upload" >