Fix(docat): Mime Type not checked properly

I added python-magic to check the actual bytes of the upload. I also had
to adapt the tests because of that.

Is also necessary for compatabilty with the new docatl upload-icon
feature.

fixes: #289

Author: reglim

docat/docat/app.py

@@ -14,6 +14,7 @@
 from pathlib import Path
 from typing import Optional
 
+import magic
 from fastapi import Depends, FastAPI, File, Header, Response, UploadFile, status
 from fastapi.staticfiles import StaticFiles
 from pydantic import BaseModel
@@ -129,7 +130,10 @@ def upload_icon(
         response.status_code = status.HTTP_404_NOT_FOUND
         return ApiResponse(message=f"Project {project} not found")
 
-    if not file.content_type.startswith("image/"):
+    mime_type_checker = magic.Magic(mime=True)
+    mime_type = mime_type_checker.from_buffer(file.file.read())
+
+    if not mime_type.startswith("image/"):
         response.status_code = status.HTTP_400_BAD_REQUEST
         return ApiResponse(message="Icon must be an image")
 

docat/poetry.lock

@@ -11,6 +11,7 @@ tinydb = "^4.7.0"
 fastapi = "^0.85.0"
 python-multipart = "^0.0.5"
 uvicorn = "^0.18.3"
+python-magic = "^0.4.27"
 
 [tool.poetry.dev-dependencies]
 flake8 = "^5.0.4"