Remove hardcoded upload size limit

2023-03-14 15:17:56 +00:00 · 2023-03-14 15:17:56 +00:00 · c7fd3ddc83
commit c7fd3ddc83
parent c87c5da17c
10 changed files with 15 additions and 16 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -14,6 +14,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 ### Changed

 - Save latest ethereum block number to database instead of file.
+- Removed hardcoded upload size limit.

 ### Deprecated

--- a/contrib/mitra-alt-fe.nginx
+++ b/contrib/mitra-alt-fe.nginx
@ -36,7 +36,7 @@ server {
    add_header Content-Security-Policy "default-src 'none'; connect-src 'self'; img-src 'self' data:; media-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'nonce-oauth-authorization'; frame-ancestors 'none'; base-uri 'self'; form-action 'self'";
    add_header X-Content-Type-Options "nosniff";

-    client_max_body_size 10M;
+    client_max_body_size 40M;

    location / {
        # Frontend
--- a/contrib/mitra.nginx
+++ b/contrib/mitra.nginx
@ -32,7 +32,7 @@ server {

    add_header Strict-Transport-Security "max-age=63072000" always;

-    client_max_body_size 10M;
+    client_max_body_size 40M;

    location / {
        proxy_pass http://127.0.0.1:8383;
--- a/src/activitypub/actors/helpers.rs
+++ b/src/activitypub/actors/helpers.rs
@ -23,7 +23,7 @@ use crate::models::{
    },
 };

-const ACTOR_IMAGE_MAX_SIZE: usize = 5 * 1000 * 1000; // 5 MB
+pub const ACTOR_IMAGE_MAX_SIZE: usize = 5 * 1000 * 1000; // 5 MB

 async fn fetch_actor_images(
    instance: &Instance,
--- a/src/main.rs
+++ b/src/main.rs
@ -36,7 +36,6 @@ use mitra::mastodon_api::settings::views::settings_api_scope;
 use mitra::mastodon_api::statuses::views::status_api_scope;
 use mitra::mastodon_api::subscriptions::views::subscription_api_scope;
 use mitra::mastodon_api::timelines::views::timeline_api_scope;
-use mitra::mastodon_api::UPLOAD_MAX_SIZE;
 use mitra::nodeinfo::views as nodeinfo;
 use mitra::webfinger::views as webfinger;
 use mitra::web_client::views as web_client;
@ -114,6 +113,7 @@ async fn main() -> std::io::Result<()> {
                    .expose_any_header()
            },
        };
+        let payload_size_limit = 2 * config.limits.media.file_size_limit;
        let mut app = App::new()
            .wrap(cors_config)
            .wrap(ActixLogger::new("%r : %s : %{r}a"))
@ -137,9 +137,9 @@ async fn main() -> std::io::Result<()> {
            })
            .wrap(create_auth_error_handler())
            .wrap(create_default_headers_middleware())
-            .app_data(web::PayloadConfig::default().limit(UPLOAD_MAX_SIZE * 2))
+            .app_data(web::PayloadConfig::default().limit(payload_size_limit))
            .app_data(web::JsonConfig::default()
-                .limit(UPLOAD_MAX_SIZE * 2)
+                .limit(payload_size_limit)
                .error_handler(json_error_handler)
            )
            .app_data(web::Data::new(config.clone()))
--- a/src/mastodon_api/accounts/types.rs
+++ b/src/mastodon_api/accounts/types.rs
@ -6,6 +6,7 @@ use uuid::Uuid;

 use mitra_utils::markdown::markdown_basic_to_html;

+use crate::activitypub::actors::helpers::ACTOR_IMAGE_MAX_SIZE;
 use crate::errors::ValidationError;
 use crate::identity::did::Did;
 use crate::mastodon_api::{
@ -303,6 +304,7 @@ fn process_b64_image_field_value(
                    &b64_data,
                    form_media_type,
                    output_dir,
+                    ACTOR_IMAGE_MAX_SIZE,
                    Some("image/"),
                )?;
                let image = ProfileImage::new(
--- a/src/mastodon_api/instance/types.rs
+++ b/src/mastodon_api/instance/types.rs
@ -10,10 +10,7 @@ use mitra_config::{
 use mitra_utils::markdown::markdown_to_html;

 use crate::ethereum::contracts::ContractSet;
-use crate::mastodon_api::{
-    MASTODON_API_VERSION,
-    uploads::UPLOAD_MAX_SIZE,
-};
+use crate::mastodon_api::MASTODON_API_VERSION;
 use crate::media::SUPPORTED_MEDIA_TYPES;
 use crate::models::posts::validators::ATTACHMENTS_MAX_NUM;

@ -163,7 +160,7 @@ impl InstanceInfo {
                media_attachments: InstanceMediaLimits {
                    supported_mime_types: SUPPORTED_MEDIA_TYPES.iter()
                        .map(|media_type| media_type.to_string()).collect(),
-                    image_size_limit: UPLOAD_MAX_SIZE,
+                    image_size_limit: config.limits.media.file_size_limit,
                },
            },
            login_message: config.login_message.clone(),
--- a/src/mastodon_api/media/views.rs
+++ b/src/mastodon_api/media/views.rs
@ -26,6 +26,7 @@ async fn create_attachment_view(
        &attachment_data.file,
        attachment_data.media_type.clone(),
        &config.media_dir(),
+        config.limits.media.file_size_limit,
        None,
    )?;
    let db_attachment = create_attachment(
--- a/src/mastodon_api/mod.rs
+++ b/src/mastodon_api/mod.rs
@ -18,4 +18,3 @@ mod pagination;
 mod uploads;

 const MASTODON_API_VERSION: &str = "4.0.0";
-pub use uploads::UPLOAD_MAX_SIZE;
--- a/src/mastodon_api/uploads.rs
+++ b/src/mastodon_api/uploads.rs
@ -5,8 +5,6 @@ use mitra_utils::files::sniff_media_type;
 use crate::media::{save_file, SUPPORTED_MEDIA_TYPES};
 use super::errors::MastodonError;

-pub const UPLOAD_MAX_SIZE: usize = 1024 * 1024 * 5;
-
 #[derive(thiserror::Error, Debug)]
 pub enum UploadError {
    #[error(transparent)]
@ -37,11 +35,12 @@ pub fn save_b64_file(
    b64data: &str,
    maybe_media_type: Option<String>,
    output_dir: &Path,
-    maybe_expected_prefix: Option<&str>, // deprecated
+    file_size_limit: usize,
+    maybe_expected_prefix: Option<&str>,
 ) -> Result<(String, usize, String), UploadError> {
    let file_data = base64::decode(b64data)?;
    let file_size = file_data.len();
-    if file_size > UPLOAD_MAX_SIZE {
+    if file_size > file_size_limit {
        return Err(UploadError::TooLarge);
    };
    // Sniff media type if not provided