From 657ca65edcc4a176174f955755e6f38bc9828c84 Mon Sep 17 00:00:00 2001
From: Cho Young-Hwi <cyh76507707@gmail.com>
Date: Mon, 11 May 2026 11:08:16 +0900
Subject: [PATCH] [#180] Restrict cover upload MIME types to WebP and JPEG

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 app/routes/publish.ts | 7 ++++---
 package.json          | 2 +-
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/app/routes/publish.ts b/app/routes/publish.ts
index d1719e8..e5ead85 100644
--- a/app/routes/publish.ts
+++ b/app/routes/publish.ts
@@ -217,9 +217,10 @@ publish.post("/upload-cover", async (c) => {
       return c.json({ error: "Image exceeds 500KB limit" }, 400);
     }
 
-    // Validate file type
-    if (!file.type.startsWith("image/")) {
-      return c.json({ error: "File must be an image (WebP or JPEG recommended)" }, 400);
+    // Validate file type — only WebP and JPEG accepted by the plotlink server
+    const allowedTypes = ["image/webp", "image/jpeg"];
+    if (!allowedTypes.includes(file.type)) {
+      return c.json({ error: "Only WebP and JPEG images are accepted" }, 400);
     }
 
     const cid = await uploadCoverImage(wallet.name, address as `0x${string}`, file);
diff --git a/package.json b/package.json
index ec1ef33..ff437fa 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "plotlink-ows",
-  "version": "1.0.26",
+  "version": "1.0.27",
   "bin": {
     "plotlink-ows": "./bin/plotlink-ows.js"
   },