adding mime types validations on controller

Signed-off-by: man13 <man13@inf.ufpr.br>

app/controllers/chunks_controller.rb

@@ -7,19 +7,26 @@ class ChunksController < ApplicationController
   def show
     chunk = resumable_chunk chunk_number
 
-    if File.exists?(chunk)
-      post_file_and_create_thumbnail @learning_object, resumable_filename if last_chunk?
-      #Let resumable.js know this chunk already exists
-      render :nothing => true, :status => 200
+    unless valid_mime_type?
+      render :nothing => true, :status => 415
     else
-      #Let resumable.js know this chunk doesnt exists and needs to be uploaded
-      render :nothing => true, :status => 404
+      if File.exists?(chunk)
+        post_file_and_create_thumbnail @learning_object, resumable_filename if last_chunk?
+        #Let resumable.js know this chunk already exists
+        render :nothing => true, :status => 200
+      else
+        #Let resumable.js know this chunk doesnt exists and needs to be uploaded
+        render :nothing => true, :status => 404
+      end
     end
-
   end
-
   #POST /chunk
   def create
+
+    unless valid_mime_type?
+      return render :nothing => true, :status => 415
+    end
+
     #chunk path based on the parameters
     chunk = resumable_chunk chunk_number
 
@@ -101,6 +108,13 @@ class ChunksController < ApplicationController
     @learning_object = LearningObject.find chunks_params[:learning_object_id]
   end
 
+  def resumable_file_extension
+    File.extname(chunks_params[:resumableFilename]).tr('.','')
+  end
+
+  def valid_mime_type?
+    @learning_object.object_type.mime_types.map(&:extension).include? resumable_file_extension
+  end
   # Never trust parameters from the scary internet, only allow the white list through.
   def chunks_params
     params.permit(:file, :learning_object_id, :resumableIdentifier, :resumableFilename, :resumableChunkNumber, :resumableTotalChunks, :resumableChunkSize)