Set limit on number of media files that can be attached to post

2023-01-06 16:52:28 +00:00 · 2023-01-06 16:52:28 +00:00 · fe395480eb
parent 3b85214daa
commit fe395480eb
4 changed files with 14 additions and 5 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -16,6 +16,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).

 - Updated installation instructions, default mitra config and recommended nginx config.
 - Limited the number of requests made during the processing of a thread.
+- Limited the number of media files that can be attached to a post.

 ### Removed

--- a/src/activitypub/handlers/create.rs
+++ b/src/activitypub/handlers/create.rs
@ -29,7 +29,11 @@ use crate::models::posts::{
    mentions::mention_to_address,
    queries::create_post,
    types::{Post, PostCreateData, Visibility},
-    validators::{content_allowed_classes, CONTENT_MAX_SIZE},
+    validators::{
+        content_allowed_classes,
+        ATTACHMENTS_MAX_NUM,
+        CONTENT_MAX_SIZE,
+    },
 };
 use crate::models::profiles::queries::get_profile_by_acct;
 use crate::models::profiles::types::DbActorProfile;
@ -48,8 +52,6 @@ fn get_note_author_id(object: &Object) -> Result<String, ValidationError> {
    Ok(author_id)
 }

-const ATTACHMENTS_MAX_NUM: usize = 15;
-
 fn parse_object_url(value: &JsonValue) -> Result<String, ConversionError> {
    let object_url = match value {
        JsonValue::String(string) => string.to_owned(),
--- a/src/mastodon_api/statuses/views.rs
+++ b/src/mastodon_api/statuses/views.rs
@ -31,7 +31,7 @@ use crate::models::posts::queries::{
    delete_post,
 };
 use crate::models::posts::types::{PostCreateData, Visibility};
-use crate::models::posts::validators::clean_content;
+use crate::models::posts::validators::{clean_content, ATTACHMENTS_MAX_NUM};
 use crate::models::reactions::queries::{
    create_reaction,
    delete_reaction,
@ -139,6 +139,11 @@ async fn create_status(
    } else {
        None
    };
+    // Validate attachments
+    let attachments = status_data.media_ids.unwrap_or(vec![]);
+    if attachments.len() > ATTACHMENTS_MAX_NUM {
+        return Err(ValidationError("too many attachments").into());
+    };

    // Create post
    let post_data = PostCreateData {
@ -146,7 +151,7 @@ async fn create_status(
        in_reply_to_id: status_data.in_reply_to_id,
        repost_of_id: None,
        visibility: visibility,
-        attachments: status_data.media_ids.unwrap_or(vec![]),
+        attachments: attachments,
        mentions: mentions,
        tags: tags,
        links: links,
--- a/src/models/posts/validators.rs
+++ b/src/models/posts/validators.rs
@ -1,6 +1,7 @@
 use crate::errors::ValidationError;
 use crate::utils::html::clean_html_strict;

+pub const ATTACHMENTS_MAX_NUM: usize = 15;
 pub const CONTENT_MAX_SIZE: usize = 100000;
 const CONTENT_ALLOWED_TAGS: [&str; 8] = [
    "a",