From f4d808a284edfb4ce41c143e12ab187e9ff7efdd Mon Sep 17 00:00:00 2001 From: ferologics Date: Tue, 13 Apr 2021 19:43:22 +0200 Subject: [PATCH] Make sure that the file size does not exceed max content size --- mediaapi/routing/upload.go | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/mediaapi/routing/upload.go b/mediaapi/routing/upload.go index 55ce051b6..dd79a52a6 100644 --- a/mediaapi/routing/upload.go +++ b/mediaapi/routing/upload.go @@ -158,6 +158,12 @@ func (r *uploadRequest) doUpload( } } + // If Content-Length header is not set, check if temp file size exceeds max file size configuration + if r.MediaMetadata.FileSizeBytes < 1 && bytesWritten > types.FileSizeBytes(*cfg.MaxFileSizeBytes) { + fileutils.RemoveDir(tmpDir, r.Logger) // delete temp file + return requestEntityTooLargeJSONResponse(*cfg.MaxFileSizeBytes) + } + // Look up the media by the file hash. If we already have the file but under a // different media ID then we won't upload the file again - instead we'll just // add a new metadata entry that refers to the same file. @@ -219,13 +225,17 @@ func (r *uploadRequest) doUpload( ) } +func requestEntityTooLargeJSONResponse(maxFileSizeBytes config.FileSizeBytes) *util.JSONResponse { + return &util.JSONResponse{ + Code: http.StatusRequestEntityTooLarge, + JSON: jsonerror.Unknown(fmt.Sprintf("HTTP Content-Length is greater than the maximum allowed upload size (%v).", maxFileSizeBytes)), + } +} + // Validate validates the uploadRequest fields func (r *uploadRequest) Validate(maxFileSizeBytes config.FileSizeBytes) *util.JSONResponse { if maxFileSizeBytes > 0 && r.MediaMetadata.FileSizeBytes > types.FileSizeBytes(maxFileSizeBytes) { - return &util.JSONResponse{ - Code: http.StatusRequestEntityTooLarge, - JSON: jsonerror.Unknown(fmt.Sprintf("HTTP Content-Length is greater than the maximum allowed upload size (%v).", maxFileSizeBytes)), - } + return requestEntityTooLargeJSONResponse(maxFileSizeBytes) } // TODO: Check if the Content-Type is a valid type? if r.MediaMetadata.ContentType == "" {