Remove hardcoded upload size limit

This commit is contained in:
silverpill 2023-03-14 15:17:56 +00:00
parent c87c5da17c
commit c7fd3ddc83
10 changed files with 15 additions and 16 deletions

View file

@ -14,6 +14,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
### Changed
- Save latest ethereum block number to database instead of file.
- Removed hardcoded upload size limit.
### Deprecated

View file

@ -36,7 +36,7 @@ server {
add_header Content-Security-Policy "default-src 'none'; connect-src 'self'; img-src 'self' data:; media-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'nonce-oauth-authorization'; frame-ancestors 'none'; base-uri 'self'; form-action 'self'";
add_header X-Content-Type-Options "nosniff";
client_max_body_size 10M;
client_max_body_size 40M;
location / {
# Frontend

View file

@ -32,7 +32,7 @@ server {
add_header Strict-Transport-Security "max-age=63072000" always;
client_max_body_size 10M;
client_max_body_size 40M;
location / {
proxy_pass http://127.0.0.1:8383;

View file

@ -23,7 +23,7 @@ use crate::models::{
},
};
const ACTOR_IMAGE_MAX_SIZE: usize = 5 * 1000 * 1000; // 5 MB
pub const ACTOR_IMAGE_MAX_SIZE: usize = 5 * 1000 * 1000; // 5 MB
async fn fetch_actor_images(
instance: &Instance,

View file

@ -36,7 +36,6 @@ use mitra::mastodon_api::settings::views::settings_api_scope;
use mitra::mastodon_api::statuses::views::status_api_scope;
use mitra::mastodon_api::subscriptions::views::subscription_api_scope;
use mitra::mastodon_api::timelines::views::timeline_api_scope;
use mitra::mastodon_api::UPLOAD_MAX_SIZE;
use mitra::nodeinfo::views as nodeinfo;
use mitra::webfinger::views as webfinger;
use mitra::web_client::views as web_client;
@ -114,6 +113,7 @@ async fn main() -> std::io::Result<()> {
.expose_any_header()
},
};
let payload_size_limit = 2 * config.limits.media.file_size_limit;
let mut app = App::new()
.wrap(cors_config)
.wrap(ActixLogger::new("%r : %s : %{r}a"))
@ -137,9 +137,9 @@ async fn main() -> std::io::Result<()> {
})
.wrap(create_auth_error_handler())
.wrap(create_default_headers_middleware())
.app_data(web::PayloadConfig::default().limit(UPLOAD_MAX_SIZE * 2))
.app_data(web::PayloadConfig::default().limit(payload_size_limit))
.app_data(web::JsonConfig::default()
.limit(UPLOAD_MAX_SIZE * 2)
.limit(payload_size_limit)
.error_handler(json_error_handler)
)
.app_data(web::Data::new(config.clone()))

View file

@ -6,6 +6,7 @@ use uuid::Uuid;
use mitra_utils::markdown::markdown_basic_to_html;
use crate::activitypub::actors::helpers::ACTOR_IMAGE_MAX_SIZE;
use crate::errors::ValidationError;
use crate::identity::did::Did;
use crate::mastodon_api::{
@ -303,6 +304,7 @@ fn process_b64_image_field_value(
&b64_data,
form_media_type,
output_dir,
ACTOR_IMAGE_MAX_SIZE,
Some("image/"),
)?;
let image = ProfileImage::new(

View file

@ -10,10 +10,7 @@ use mitra_config::{
use mitra_utils::markdown::markdown_to_html;
use crate::ethereum::contracts::ContractSet;
use crate::mastodon_api::{
MASTODON_API_VERSION,
uploads::UPLOAD_MAX_SIZE,
};
use crate::mastodon_api::MASTODON_API_VERSION;
use crate::media::SUPPORTED_MEDIA_TYPES;
use crate::models::posts::validators::ATTACHMENTS_MAX_NUM;
@ -163,7 +160,7 @@ impl InstanceInfo {
media_attachments: InstanceMediaLimits {
supported_mime_types: SUPPORTED_MEDIA_TYPES.iter()
.map(|media_type| media_type.to_string()).collect(),
image_size_limit: UPLOAD_MAX_SIZE,
image_size_limit: config.limits.media.file_size_limit,
},
},
login_message: config.login_message.clone(),

View file

@ -26,6 +26,7 @@ async fn create_attachment_view(
&attachment_data.file,
attachment_data.media_type.clone(),
&config.media_dir(),
config.limits.media.file_size_limit,
None,
)?;
let db_attachment = create_attachment(

View file

@ -18,4 +18,3 @@ mod pagination;
mod uploads;
const MASTODON_API_VERSION: &str = "4.0.0";
pub use uploads::UPLOAD_MAX_SIZE;

View file

@ -5,8 +5,6 @@ use mitra_utils::files::sniff_media_type;
use crate::media::{save_file, SUPPORTED_MEDIA_TYPES};
use super::errors::MastodonError;
pub const UPLOAD_MAX_SIZE: usize = 1024 * 1024 * 5;
#[derive(thiserror::Error, Debug)]
pub enum UploadError {
#[error(transparent)]
@ -37,11 +35,12 @@ pub fn save_b64_file(
b64data: &str,
maybe_media_type: Option<String>,
output_dir: &Path,
maybe_expected_prefix: Option<&str>, // deprecated
file_size_limit: usize,
maybe_expected_prefix: Option<&str>,
) -> Result<(String, usize, String), UploadError> {
let file_data = base64::decode(b64data)?;
let file_size = file_data.len();
if file_size > UPLOAD_MAX_SIZE {
if file_size > file_size_limit {
return Err(UploadError::TooLarge);
};
// Sniff media type if not provided