build(deps): bump formidable from 2.1.2 to 3.5.0 in /src (#5796)

* build(deps): bump formidable from 2.1.2 to 3.5.0 in /src Bumps [formidable](https://github.com/node-formidable/formidable) from 2.1.2 to 3.5.0. - [Release notes](https://github.com/node-formidable/formidable/releases) - [Changelog](https://github.com/node-formidable/formidable/blob/master/CHANGELOG.md) - [Commits](https://github.com/node-formidable/formidable/commits/v3.5.0) --- updated-dependencies: - dependency-name: formidable dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * formidable migration --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: John McLear <john@mclear.co.uk>
2023-08-05 15:48:23 +02:00 · 2023-08-05 15:48:23 +02:00 · 4da66d19dc
parent 24720abdc8
commit 4da66d19dc
5 changed files with 64 additions and 38 deletions
--- a/src/node/handler/ImportHandler.js
+++ b/src/node/handler/ImportHandler.js
@ -89,24 +89,24 @@ const doImport = async (req, res, padId, authorId) => {
    maxFileSize: settings.importMaxFileSize,
  });

-  // locally wrapped Promise, since form.parse requires a callback
-  let srcFile = await new Promise((resolve, reject) => {
-    form.parse(req, (err, fields, files) => {
-      if (err != null) {
-        logger.warn(`Import failed due to form error: ${err.stack || err}`);
-        // I hate doing indexOf here but I can't see anything to use...
-        if (err && err.stack && err.stack.indexOf('maxFileSize') !== -1) {
-          return reject(new ImportError('maxFileSize'));
-        }
-        return reject(new ImportError('uploadFailed'));
-      }
-      if (!files.file) {
-        logger.warn('Import failed because form had no file');
-        return reject(new ImportError('uploadFailed'));
-      }
-      resolve(files.file.filepath);
-    });
-  });
+  let srcFile;
+  let files;
+  let fields;
+  try {
+    [fields, files] = await form.parse(req);
+  } catch (err) {
+    logger.warn(`Import failed due to form error: ${err.stack || err}`);
+    if (err.code === Formidable.formidableErrors.biggerThanMaxFileSize) {
+      throw new ImportError('maxFileSize');
+    }
+    throw new ImportError('uploadFailed');
+  }
+  if (!files.file) {
+    logger.warn('Import failed because form had no file');
+    throw new ImportError('uploadFailed');
+  } else {
+    srcFile = files.file[0].filepath;
+  }

  // ensure this is a file ending we know, else we change the file ending to .txt
  // this allows us to accept source code files like .c or .java
--- a/src/node/hooks/express/apicalls.js
+++ b/src/node/hooks/express/apicalls.js
@ -8,20 +8,19 @@ const util = require('util');

 exports.expressPreSession = async (hookName, {app}) => {
  // The Etherpad client side sends information about how a disconnect happened
-  app.post('/ep/pad/connection-diagnostic-info', (req, res) => {
-    new Formidable().parse(req, (err, fields, files) => {
-      clientLogger.info(`DIAGNOSTIC-INFO: ${fields.diagnosticInfo}`);
-      res.end('OK');
-    });
+  app.post('/ep/pad/connection-diagnostic-info', async (req, res) => {
+    const [fields, files] = await (new Formidable({})).parse(req);
+    clientLogger.info(`DIAGNOSTIC-INFO: ${fields.diagnosticInfo}`);
+    res.end('OK');
  });

-  const parseJserrorForm = async (req) => await new Promise((resolve, reject) => {
+  const parseJserrorForm = async (req) => {
    const form = new Formidable({
      maxFileSize: 1, // Files are not expected. Not sure if 0 means unlimited, so 1 is used.
    });
-    form.on('error', (err) => reject(err));
-    form.parse(req, (err, fields) => err != null ? reject(err) : resolve(fields.errorInfo));
-  });
+    const [fields, files] = await form.parse(req);
+    return fields.errorInfo;
+  };

  // The Etherpad client side sends information about client side javscript errors
  app.post('/jserror', (req, res, next) => {
--- a/src/node/hooks/express/openapi.js
+++ b/src/node/hooks/express/openapi.js
@ -15,8 +15,7 @@
 */

 const OpenAPIBackend = require('openapi-backend').default;
-const formidable = require('formidable');
-const {promisify} = require('util');
+const IncomingForm = require('formidable').IncomingForm;
 const cloneDeep = require('lodash.clonedeep');
 const createHTTPError = require('http-errors');

@ -596,9 +595,13 @@ exports.expressPreSession = async (hookName, {app}) => {
          // read form data if method was POST
          let formData = {};
          if (c.request.method === 'post') {
-            const form = new formidable.IncomingForm();
-            const parseForm = promisify(form.parse).bind(form);
-            formData = await parseForm(req);
+            const form = new IncomingForm();
+            formData = (await form.parse(req))[0];
+            for (const k of Object.keys(formData)) {
+              if (formData[k] instanceof Array) {
+                formData[k] = formData[k][0];
+              }
+            }
          }

          const fields = Object.assign({}, header, params, query, formData);
--- a/src/package-lock.json
+++ b/src/package-lock.json
@ -3312,6 +3312,20 @@
            "qs": "^6.10.3",
            "readable-stream": "^3.6.0",
            "semver": "^7.3.7"
+          },
+          "dependencies": {
+            "formidable": {
+              "version": "2.1.2",
+              "resolved": "https://registry.npmjs.org/formidable/-/formidable-2.1.2.tgz",
+              "integrity": "sha512-CM3GuJ57US06mlpQ47YcunuUZ9jpm8Vx+P2CGt2j7HpgkKZO/DJYQ0Bobim8G6PFQmK5lOqOOdUXboU+h73A4g==",
+              "dev": true,
+              "requires": {
+                "dezalgo": "^1.0.4",
+                "hexoid": "^1.0.0",
+                "once": "^1.4.0",
+                "qs": "^6.11.0"
+              }
+            }
          }
        }
      }
@ -3644,14 +3658,13 @@
      }
    },
    "formidable": {
-      "version": "2.1.2",
-      "resolved": "https://registry.npmjs.org/formidable/-/formidable-2.1.2.tgz",
-      "integrity": "sha512-CM3GuJ57US06mlpQ47YcunuUZ9jpm8Vx+P2CGt2j7HpgkKZO/DJYQ0Bobim8G6PFQmK5lOqOOdUXboU+h73A4g==",
+      "version": "3.5.0",
+      "resolved": "https://registry.npmjs.org/formidable/-/formidable-3.5.0.tgz",
+      "integrity": "sha512-WwsMWvPmY+Kv37C3+KP3A+2Ym1aZoac4nz4ZEe5z0UPBoCg0O/wHay3eeYkZr4KJIbCzpSUeno+STMhde+KCfw==",
      "requires": {
        "dezalgo": "^1.0.4",
        "hexoid": "^1.0.0",
-        "once": "^1.4.0",
-        "qs": "^6.11.0"
+        "once": "^1.4.0"
      }
    },
    "forwarded": {
@ -10598,6 +10611,17 @@
            "ms": "2.1.2"
          }
        },
+        "formidable": {
+          "version": "2.1.2",
+          "resolved": "https://registry.npmjs.org/formidable/-/formidable-2.1.2.tgz",
+          "integrity": "sha512-CM3GuJ57US06mlpQ47YcunuUZ9jpm8Vx+P2CGt2j7HpgkKZO/DJYQ0Bobim8G6PFQmK5lOqOOdUXboU+h73A4g==",
+          "requires": {
+            "dezalgo": "^1.0.4",
+            "hexoid": "^1.0.0",
+            "once": "^1.4.0",
+            "qs": "^6.11.0"
+          }
+        },
        "mime": {
          "version": "2.6.0",
          "resolved": "https://registry.npmjs.org/mime/-/mime-2.6.0.tgz",
--- a/src/package.json
+++ b/src/package.json
@ -43,7 +43,7 @@
    "express-session": "npm:@etherpad/express-session@^1.18.2",
    "fast-deep-equal": "^3.1.3",
    "find-root": "1.1.0",
-    "formidable": "^2.1.2",
+    "formidable": "^3.5.0",
    "http-errors": "^2.0.0",
    "js-cookie": "^3.0.5",
    "jsdom": "^20.0.0",