let5see/clawdbot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: use file-type for mime sniffing

Browse Source
This commit is contained in:
Peter Steinberger
2025-12-20 19:13:50 +01:00
parent 1356498ee1
commit 36c85a617a
14 changed files with 5291 additions and 91 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
package.json
View File

@@ -55,6 +55,7 @@
"detect-libc": "^2.1.2",
"dotenv": "^17.2.3",
"express": "^5.2.1",
"file-type": "^21.1.1",
"grammy": "^1.38.4",
"json5": "^2.2.3",
"playwright-core": "1.57.0",

5123
pnpm-lock.yaml generated Normal file
View File

File diff suppressed because it is too large Load Diff

16
src/agents/pi-tools.ts
View File

@@ -20,7 +20,9 @@ type TextContentBlock = Extract<ToolContentBlock, { type: "text" }>;
// all base64 image blocks above this limit while preserving aspect ratio.
const MAX_IMAGE_DIMENSION_PX = 2000;
function sniffMimeFromBase64(base64: string): string | undefined {
async function sniffMimeFromBase64(
base64: string,
): Promise<string | undefined> {
const trimmed = base64.trim();
if (!trimmed) return undefined;
@@ -30,7 +32,7 @@ function sniffMimeFromBase64(base64: string): string | undefined {
try {
const head = Buffer.from(trimmed.slice(0, sliceLen), "base64");
return detectMime({ buffer: head });
return await detectMime({ buffer: head });
} catch {
return undefined;
}
@@ -44,10 +46,10 @@ function rewriteReadImageHeader(text: string, mimeType: string): string {
return text;
}
function normalizeReadImageResult(
async function normalizeReadImageResult(
result: AgentToolResult<unknown>,
filePath: string,
): AgentToolResult<unknown> {
): Promise<AgentToolResult<unknown>> {
const content = Array.isArray(result.content) ? result.content : [];
const image = content.find(
@@ -64,7 +66,7 @@ function normalizeReadImageResult(
throw new Error(`read: image payload is empty (${filePath})`);
}
const sniffed = sniffMimeFromBase64(image.data);
const sniffed = await sniffMimeFromBase64(image.data);
if (!sniffed) return result;
if (!sniffed.startsWith("image/")) {
@@ -233,7 +235,7 @@ async function resizeImageBase64IfNeeded(params: {
});
}
const sniffed = detectMime({ buffer: out.slice(0, 256) });
const sniffed = await detectMime({ buffer: out.slice(0, 256) });
const nextMime = sniffed?.startsWith("image/") ? sniffed : params.mimeType;
return { base64: out.toString("base64"), mimeType: nextMime, resized: true };
@@ -310,7 +312,7 @@ function createClawdisReadTool(base: AnyAgentTool): AnyAgentTool {
: undefined;
const filePath =
typeof record?.path === "string" ? String(record.path) : "<unknown>";
const normalized = normalizeReadImageResult(result, filePath);
const normalized = await normalizeReadImageResult(result, filePath);
return sanitizeToolResultImages(normalized, `read:${filePath}`);
},
};

2
src/canvas-host/a2ui.ts
View File

@@ -189,7 +189,7 @@ export async function handleA2uiHttpRequest(
const mime =
lower.endsWith(".html") || lower.endsWith(".htm")
? "text/html"
: (detectMime({ filePath }) ?? "application/octet-stream");
: ((await detectMime({ filePath })) ?? "application/octet-stream");
res.setHeader("Cache-Control", "no-store");
if (mime === "text/html") {

2
src/canvas-host/server.ts
View File

@@ -332,7 +332,7 @@ export async function createCanvasHostHandler(
const mime =
lower.endsWith(".html") || lower.endsWith(".htm")
? "text/html"
: (detectMime({ filePath }) ?? "application/octet-stream");
: ((await detectMime({ filePath })) ?? "application/octet-stream");
res.setHeader("Cache-Control", "no-store");
if (mime === "text/html") {

119
src/media/mime.ts
View File

@@ -1,5 +1,6 @@
import path from "node:path";
import { fileTypeFromBuffer } from "file-type";
import { type MediaKind, mediaKindFromMime } from "./constants.js";
// Map common mimes to preferred file extensions.
@@ -12,7 +13,23 @@ const EXT_BY_MIME: Record<string, string> = {
"audio/mpeg": ".mp3",
"video/mp4": ".mp4",
"application/pdf": ".pdf",
"application/json": ".json",
"application/zip": ".zip",
"application/gzip": ".gz",
"application/x-tar": ".tar",
"application/x-7z-compressed": ".7z",
"application/vnd.rar": ".rar",
"application/msword": ".doc",
"application/vnd.ms-excel": ".xls",
"application/vnd.ms-powerpoint": ".ppt",
"application/vnd.openxmlformats-officedocument.wordprocessingml.document":
".docx",
"application/vnd.openxmlformats-officedocument.spreadsheetml.sheet": ".xlsx",
"application/vnd.openxmlformats-officedocument.presentationml.presentation":
".pptx",
"text/csv": ".csv",
"text/plain": ".txt",
"text/markdown": ".md",
};
const MIME_BY_EXT: Record<string, string> = Object.fromEntries(
@@ -25,71 +42,14 @@ function normalizeHeaderMime(mime?: string | null): string | undefined {
return cleaned || undefined;
}
function sniffMime(buffer?: Buffer): string | undefined {
if (!buffer || buffer.length < 4) return undefined;
// JPEG: FF D8 FF
if (buffer[0] === 0xff && buffer[1] === 0xd8 && buffer[2] === 0xff) {
return "image/jpeg";
async function sniffMime(buffer?: Buffer): Promise<string | undefined> {
if (!buffer) return undefined;
try {
const type = await fileTypeFromBuffer(buffer);
return type?.mime ?? undefined;
} catch {
return undefined;
}
// PNG: 89 50 4E 47 0D 0A 1A 0A
if (
buffer.length >= 8 &&
buffer[0] === 0x89 &&
buffer[1] === 0x50 &&
buffer[2] === 0x4e &&
buffer[3] === 0x47 &&
buffer[4] === 0x0d &&
buffer[5] === 0x0a &&
buffer[6] === 0x1a &&
buffer[7] === 0x0a
) {
return "image/png";
}
// GIF: GIF87a / GIF89a
if (buffer.length >= 6) {
const sig = buffer.subarray(0, 6).toString("ascii");
if (sig === "GIF87a" || sig === "GIF89a") return "image/gif";
}
// WebP: RIFF....WEBP
if (
buffer.length >= 12 &&
buffer.subarray(0, 4).toString("ascii") === "RIFF" &&
buffer.subarray(8, 12).toString("ascii") === "WEBP"
) {
return "image/webp";
}
// PDF: %PDF-
if (buffer.subarray(0, 5).toString("ascii") === "%PDF-") {
return "application/pdf";
}
// Ogg / Opus: OggS
if (buffer.subarray(0, 4).toString("ascii") === "OggS") {
return "audio/ogg";
}
// MP3: ID3 tag or frame sync FF E0+.
if (buffer.subarray(0, 3).toString("ascii") === "ID3") {
return "audio/mpeg";
}
if (buffer[0] === 0xff && (buffer[1] & 0xe0) === 0xe0) {
return "audio/mpeg";
}
// MP4: "ftyp" at offset 4.
if (
buffer.length >= 12 &&
buffer.subarray(4, 8).toString("ascii") === "ftyp"
) {
return "video/mp4";
}
return undefined;
}
function extFromPath(filePath?: string): string | undefined {
@@ -110,15 +70,34 @@ export function detectMime(opts: {
buffer?: Buffer;
headerMime?: string | null;
filePath?: string;
}): string | undefined {
const sniffed = sniffMime(opts.buffer);
if (sniffed) return sniffed;
}): Promise<string | undefined> {
return detectMimeImpl(opts);
}
function isGenericMime(mime?: string): boolean {
if (!mime) return true;
const m = mime.toLowerCase();
return m === "application/octet-stream" || m === "application/zip";
}
async function detectMimeImpl(opts: {
buffer?: Buffer;
headerMime?: string | null;
filePath?: string;
}): Promise<string | undefined> {
const ext = extFromPath(opts.filePath);
const extMime = ext ? MIME_BY_EXT[ext] : undefined;
const headerMime = normalizeHeaderMime(opts.headerMime);
if (headerMime) return headerMime;
const sniffed = await sniffMime(opts.buffer);
const ext = extFromPath(opts.filePath);
if (ext && MIME_BY_EXT[ext]) return MIME_BY_EXT[ext];
// Prefer sniffed types, but don't let generic container types override a more
// specific extension mapping (e.g. XLSX vs ZIP).
if (sniffed && (!isGenericMime(sniffed) || !extMime)) return sniffed;
if (extMime) return extMime;
if (headerMime && !isGenericMime(headerMime)) return headerMime;
if (sniffed) return sniffed;
if (headerMime) return headerMime;
return undefined;
}

2
src/media/server.ts
View File

@@ -38,7 +38,7 @@ export function attachMediaRoutes(
return;
}
const data = await fs.readFile(realPath);
const mime = detectMime({ buffer: data, filePath: realPath });
const mime = await detectMime({ buffer: data, filePath: realPath });
if (mime) res.type(mime);
res.send(data);
// best-effort single-use cleanup after response ends

58
src/media/store.redirect.test.ts
View File

@@ -2,7 +2,16 @@ import fs from "node:fs/promises";
import path from "node:path";
import { PassThrough } from "node:stream";
import { afterAll, beforeAll, describe, expect, it, vi } from "vitest";
import JSZip from "jszip";
import {
afterAll,
beforeAll,
beforeEach,
describe,
expect,
it,
vi,
} from "vitest";
const realOs = await vi.importActual<typeof import("node:os")>("node:os");
const HOME = path.join(realOs.tmpdir(), "clawdis-home-redirect");
@@ -25,6 +34,10 @@ describe("media store redirects", () => {
await fs.rm(HOME, { recursive: true, force: true });
});
beforeEach(() => {
mockRequest.mockReset();
});
afterAll(async () => {
await fs.rm(HOME, { recursive: true, force: true });
vi.clearAllMocks();
@@ -71,4 +84,47 @@ describe("media store redirects", () => {
expect(path.extname(saved.path)).toBe(".txt");
expect(await fs.readFile(saved.path, "utf8")).toBe("redirected");
});
it("sniffs xlsx from zip content when headers and url extension are missing", async () => {
mockRequest.mockImplementationOnce((_url, _opts, cb) => {
const res = new PassThrough();
const req = {
on: (event: string, handler: (...args: unknown[]) => void) => {
if (event === "error") res.on("error", handler);
return req;
},
end: () => undefined,
destroy: () => res.destroy(),
} as const;
res.statusCode = 200;
res.headers = {};
setImmediate(() => {
cb(res as unknown as Parameters<typeof cb>[0]);
const zip = new JSZip();
zip.file(
"[Content_Types].xml",
'<Types><Override PartName="/xl/workbook.xml" ContentType="application/vnd.openxmlformats-officedocument.spreadsheetml.sheet.main+xml"/></Types>',
);
zip.file("xl/workbook.xml", "<workbook/>");
void zip
.generateAsync({ type: "nodebuffer" })
.then((buf) => {
res.write(buf);
res.end();
})
.catch((err) => {
res.destroy(err);
});
});
return req;
});
const saved = await saveMediaSource("https://example.com/download");
expect(saved.contentType).toBe(
"application/vnd.openxmlformats-officedocument.spreadsheetml.sheet",
);
expect(path.extname(saved.path)).toBe(".xlsx");
});
});

31
src/media/store.test.ts
View File

@@ -1,5 +1,6 @@
import fs from "node:fs/promises";
import path from "node:path";
import JSZip from "jszip";
import sharp from "sharp";
import { afterAll, beforeAll, describe, expect, it, vi } from "vitest";
@@ -70,6 +71,18 @@ describe("media store", () => {
await expect(fs.stat(saved.path)).rejects.toThrow();
});
it("sets correct mime for xlsx by extension", async () => {
const xlsxPath = path.join(HOME, "sheet.xlsx");
await fs.mkdir(HOME, { recursive: true });
await fs.writeFile(xlsxPath, "not really an xlsx");
const saved = await store.saveMediaSource(xlsxPath);
expect(saved.contentType).toBe(
"application/vnd.openxmlformats-officedocument.spreadsheetml.sheet",
);
expect(path.extname(saved.path)).toBe(".xlsx");
});
it("renames media based on detected mime even when extension is wrong", async () => {
const pngBytes = await sharp({
create: { width: 2, height: 2, channels: 3, background: "#00ff00" },
@@ -86,4 +99,22 @@ describe("media store", () => {
const buf = await fs.readFile(saved.path);
expect(buf.equals(pngBytes)).toBe(true);
});
it("sniffs xlsx mime for zip buffers and renames extension", async () => {
const zip = new JSZip();
zip.file(
"[Content_Types].xml",
'<Types><Override PartName="/xl/workbook.xml" ContentType="application/vnd.openxmlformats-officedocument.spreadsheetml.sheet.main+xml"/></Types>',
);
zip.file("xl/workbook.xml", "<workbook/>");
const fakeXlsx = await zip.generateAsync({ type: "nodebuffer" });
const bogusExt = path.join(HOME, "sheet.bin");
await fs.writeFile(bogusExt, fakeXlsx);
const saved = await store.saveMediaSource(bogusExt);
expect(saved.contentType).toBe(
"application/vnd.openxmlformats-officedocument.spreadsheetml.sheet",
);
expect(path.extname(saved.path)).toBe(".xlsx");
});
});

6
src/media/store.ts
View File

@@ -126,7 +126,7 @@ export async function saveMediaSource(
tempDest,
headers,
);
const mime = detectMime({
const mime = await detectMime({
buffer: sniffBuffer,
headerMime,
filePath: source,
@@ -147,7 +147,7 @@ export async function saveMediaSource(
throw new Error("Media exceeds 5MB limit");
}
const buffer = await fs.readFile(source);
const mime = detectMime({ buffer, filePath: source });
const mime = await detectMime({ buffer, filePath: source });
const ext = extensionForMime(mime) ?? path.extname(source);
const id = ext ? `${baseId}${ext}` : baseId;
const dest = path.join(dir, id);
@@ -169,7 +169,7 @@ export async function saveMediaBuffer(
const dir = path.join(MEDIA_DIR, subdir);
await fs.mkdir(dir, { recursive: true });
const baseId = crypto.randomUUID();
const mime = detectMime({ buffer, headerMime: contentType });
const mime = await detectMime({ buffer, headerMime: contentType });
const ext = extensionForMime(mime);
const id = ext ? `${baseId}${ext}` : baseId;
const dest = path.join(dir, id);

2
src/telegram/bot.ts
View File

@@ -319,7 +319,7 @@ async function resolveMedia(
);
}
const data = Buffer.from(await res.arrayBuffer());
const mime = detectMime({
const mime = await detectMime({
buffer: data,
headerMime: res.headers.get("content-type"),
filePath: file.file_path,

2
src/telegram/download.ts
View File

@@ -37,7 +37,7 @@ export async function downloadTelegramFile(
throw new Error(`Failed to download telegram file: HTTP ${res.status}`);
}
const array = Buffer.from(await res.arrayBuffer());
const mime = detectMime({
const mime = await detectMime({
buffer: array,
headerMime: res.headers.get("content-type"),
filePath: info.file_path,

2
src/web/auto-reply.ts
View File

@@ -624,7 +624,7 @@ async function deliverWebReply(params: {
"media:video",
);
} else {
const fileName = mediaUrl.split("/").pop() ?? "file";
const fileName = media.fileName ?? mediaUrl.split("/").pop() ?? "file";
const mimetype = media.contentType ?? "application/octet-stream";
await sendWithRetry(
() =>

16
src/web/media.ts
View File

@@ -8,7 +8,7 @@ import {
mediaKindFromMime,
} from "../media/constants.js";
import { resizeToJpeg } from "../media/image-ops.js";
import { detectMime } from "../media/mime.js";
import { detectMime, extensionForMime } from "../media/mime.js";
export async function loadWebMedia(
mediaUrl: string,
@@ -59,11 +59,15 @@ export async function loadWebMedia(
throw new Error(`Failed to fetch media: HTTP ${res.status}`);
}
const array = Buffer.from(await res.arrayBuffer());
const contentType = detectMime({
const contentType = await detectMime({
buffer: array,
headerMime: res.headers.get("content-type"),
filePath: mediaUrl,
});
if (fileName && !path.extname(fileName) && contentType) {
const ext = extensionForMime(contentType);
if (ext) fileName = `${fileName}${ext}`;
}
const kind = mediaKindFromMime(contentType);
const cap = Math.min(
maxBytes ?? maxBytesForKind(kind),
@@ -89,9 +93,13 @@ export async function loadWebMedia(
// Local path
const data = await fs.readFile(mediaUrl);
const mime = detectMime({ buffer: data, filePath: mediaUrl });
const mime = await detectMime({ buffer: data, filePath: mediaUrl });
const kind = mediaKindFromMime(mime);
const fileName = path.basename(mediaUrl) || undefined;
let fileName = path.basename(mediaUrl) || undefined;
if (fileName && !path.extname(fileName) && mime) {
const ext = extensionForMime(mime);
if (ext) fileName = `${fileName}${ext}`;
}
const cap = Math.min(
maxBytes ?? maxBytesForKind(kind),
maxBytesForKind(kind),