no whitelist for catbus and fatcat

app.rb

@@ -1026,8 +1026,8 @@ post '/site_files/upload' do
     if current_site.file_size_too_large? file[:tempfile].size
       file_upload_response "#{params[:dir]}/#{file[:filename]} is too large, upload cancelled."
     end
-    if !Site.valid_file_type? file
+    if !current_site.okay_to_upload? file
-      file_upload_response "#{params[:dir]}/#{file[:filename]}: file type (or content in file) is not allowed on Neocities, upload cancelled."
+      file_upload_response "#{params[:dir]}/#{file[:filename]}: file type (or content in file) is not allowed on this site, upload cancelled. You can upgrade your account to remove the file type restrictions."
     end
   end
 
@@ -1243,8 +1243,8 @@ post '/api/upload' do
   end
 
   files.each do |file|
-    if !Site.valid_file_type?(file)
+    if !current_site.okay_to_upload?(file)
-      api_error 400, 'invalid_file_type', "#{file[:filename]} is not a valid file type (or contains not allowed content), files have not been uploaded"
+      api_error 400, 'invalid_file_type', "#{file[:filename]} is not a valid file type (or contains not allowed content) for this site, files have not been uploaded"
     end
 
     if File.directory? file[:filename]

models/site.rb

@@ -459,6 +459,11 @@ class Site < Sequel::Model
     !username.empty? && username.match(/^[a-zA-Z0-9_\-]+$/i)
   end
 
+  def okay_to_upload?(uploaded_file)
+    return true if [:catbus, :fatcat].include?(plan_type.to_sym)
+    self.class.valid_file_type?(uploaded_file)
+  end
+
   def self.valid_file_type?(uploaded_file)
     mime_type = Magic.guess_file_mime_type uploaded_file[:tempfile].path
 

tests/api_tests.rb

@@ -3,9 +3,13 @@ require 'rack/test'
 
 include Rack::Test::Methods
 
-def create_site
+def app
+  Sinatra::Application
+end
+
+def create_site(opts={})
   site_attr = Fabricate.attributes_for :site
-  @site = Site.create site_attr
+  @site = Site.create site_attr.merge(opts)
   @user = site_attr[:username]
   @pass = site_attr[:password]
 end
@@ -219,10 +223,30 @@ describe 'api upload' do
     site_file_exists?('test.jpg').must_equal true
     site_file_exists?('test2.jpg').must_equal true
   end
+
+  it 'fails with unwhitelisted file' do
+    create_site
+    basic_authorize @user, @pass
+    post '/api/upload', 'flowercrime.wav' => Rack::Test::UploadedFile.new('./tests/files/flowercrime.wav', 'audio/x-wav')
+    res[:result].must_equal 'error'
+    res[:error_type].must_equal 'invalid_file_type'
+    site_file_exists?('flowercrime.wav').must_equal false
+  end
+
+  it 'succeeds for unwhitelisted file on supported plans' do
+    no_file_restriction_plans = Site::PLAN_FEATURES.select {|p,v| v[:no_file_restrictions] == true}
+    no_file_restriction_plans.each do |plan_type,hash|
+      create_site plan_type: plan_type
+      basic_authorize @user, @pass
+      post '/api/upload', 'flowercrime.wav' => Rack::Test::UploadedFile.new('./tests/files/flowercrime.wav', 'audio/x-wav')
+      res[:result].must_equal 'success'
+      site_file_exists?('flowercrime.wav').must_equal true
+    end
+  end
 end
 
 def site_file_exists?(file)
-  File.exist?(@site.files_path('test.jpg'))
+  File.exist?(@site.files_path(file))
 end
 
 def res

tests/site_file_tests.rb

@@ -65,6 +65,23 @@ describe 'site_files' do
       @site.site_changed.must_equal false
     end
 
+    it 'fails with unsupported file' do
+      upload 'files[]' => Rack::Test::UploadedFile.new('./tests/files/flowercrime.wav', 'audio/x-wav')
+      last_response.body.must_match /not allowed on this site/i
+      File.exists?(@site.files_path('flowercrime.wav')).must_equal false
+      @site.site_changed.must_equal false
+    end
+
+    it 'succeeds for usually unsupported file on supported plans' do
+      no_file_restriction_plans = Site::PLAN_FEATURES.select {|p,v| v[:no_file_restrictions] == true}
+      no_file_restriction_plans.each do |plan_type,hash|
+        @site = Fabricate :site, plan_type: plan_type
+        upload 'files[]' => Rack::Test::UploadedFile.new('./tests/files/flowercrime.wav', 'audio/x-wav')
+        last_response.body.must_match /successfully uploaded/i
+        File.exists?(@site.files_path('flowercrime.wav')).must_equal true
+      end
+    end
+
     it 'overwrites existing file with new file' do
       upload 'files[]' => Rack::Test::UploadedFile.new('./tests/files/test.jpg', 'image/jpeg')
       last_response.body.must_match /successfully uploaded/i