1 files changed, 6 insertions, 18 deletions

diff --git a/routers/api/v1/repo/release_attachment.go b/routers/api/v1/repo/release_attachment.go
index 0834667657..d1533e2b5a 100644
--- a/routers/api/v1/repo/release_attachment.go
+++ b/routers/api/v1/repo/release_attachment.go
@@ -15,6 +15,7 @@ import (
 	api "code.gitea.io/gitea/modules/structs"
 	"code.gitea.io/gitea/modules/upload"
 	"code.gitea.io/gitea/modules/web"
+	"code.gitea.io/gitea/services/attachment"
 )
 
 // GetReleaseAttachment gets a single attachment of the release
@@ -176,31 +177,18 @@ func CreateReleaseAttachment(ctx *context.APIContext) {
 	}
 	defer file.Close()
 
-	buf := make([]byte, 1024)
-	n, _ := file.Read(buf)
-	if n > 0 {
-		buf = buf[:n]
-	}
-
-	// Check if the filetype is allowed by the settings
-	err = upload.Verify(buf, header.Filename, setting.Repository.Release.AllowedTypes)
-	if err != nil {
-		ctx.Error(http.StatusBadRequest, "DetectContentType", err)
-		return
-	}
-
 	var filename = header.Filename
 	if query := ctx.FormString("name"); query != "" {
 		filename = query
 	}
 
 	// Create a new attachment and save the file
-	attach, err := models.NewAttachment(&models.Attachment{
-		UploaderID: ctx.User.ID,
-		Name:       filename,
-		ReleaseID:  release.ID,
-	}, buf, file)
+	attach, err := attachment.UploadAttachment(file, ctx.User.ID, release.RepoID, releaseID, filename, setting.Repository.Release.AllowedTypes)
 	if err != nil {
+		if upload.IsErrFileTypeForbidden(err) {
+			ctx.Error(http.StatusBadRequest, "DetectContentType", err)
+			return
+		}
 		ctx.Error(http.StatusInternalServerError, "NewAttachment", err)
 		return
 	}