Configurable maximum upload file size. Fixes #35

This commit is contained in:
andreimarcu 2015-10-08 01:38:50 -04:00
parent 040ffa89f7
commit 639d519712
8 changed files with 20 additions and 4 deletions

View File

@ -22,6 +22,7 @@ Command-line options
- ```-siteurl "http://mylinx.example.org/"``` -- the site url (for generating links) - ```-siteurl "http://mylinx.example.org/"``` -- the site url (for generating links)
- ```-filespath files/"``` -- Path to store uploads (default is files/) - ```-filespath files/"``` -- Path to store uploads (default is files/)
- ```-metapath meta/``` -- Path to store information about uploads (default is meta/) - ```-metapath meta/``` -- Path to store information about uploads (default is meta/)
- ```-maxsize 4294967296``` "maximum upload file size in bytes (default 4GB)"
- ```-certfile path/to/your.crt``` -- Path to the ssl certificate (required if you want to use the https server) - ```-certfile path/to/your.crt``` -- Path to the ssl certificate (required if you want to use the https server)
- ```-keyfile path/to/your.key``` -- Path to the ssl key (required if you want to use the https server) - ```-keyfile path/to/your.key``` -- Path to the ssl key (required if you want to use the https server)
- ```-contentsecuritypolicy "..."``` -- Content-Security-Policy header for pages (default is "default-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; referrer none;") - ```-contentsecuritypolicy "..."``` -- Content-Security-Policy header for pages (default is "default-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; referrer none;")

View File

@ -19,6 +19,7 @@ func TestContentSecurityPolicy(t *testing.T) {
Config.siteURL = "http://linx.example.org/" Config.siteURL = "http://linx.example.org/"
Config.filesDir = path.Join(os.TempDir(), generateBarename()) Config.filesDir = path.Join(os.TempDir(), generateBarename())
Config.metaDir = Config.filesDir + "_meta" Config.metaDir = Config.filesDir + "_meta"
Config.maxSize = 1024 * 1024 * 1024
Config.noLogs = true Config.noLogs = true
Config.siteName = "linx" Config.siteName = "linx"
Config.contentSecurityPolicy = "default-src 'none'; style-src 'self';" Config.contentSecurityPolicy = "default-src 'none'; style-src 'self';"

View File

@ -20,7 +20,9 @@ const (
) )
func indexHandler(c web.C, w http.ResponseWriter, r *http.Request) { func indexHandler(c web.C, w http.ResponseWriter, r *http.Request) {
err := Templates["index.html"].ExecuteWriter(pongo2.Context{}, w) err := Templates["index.html"].ExecuteWriter(pongo2.Context{
"maxsize": Config.maxSize,
}, w)
if err != nil { if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError) http.Error(w, err.Error(), http.StatusInternalServerError)
} }

View File

@ -29,6 +29,7 @@ var Config struct {
contentSecurityPolicy string contentSecurityPolicy string
fileContentSecurityPolicy string fileContentSecurityPolicy string
xFrameOptions string xFrameOptions string
maxSize int64
noLogs bool noLogs bool
allowHotlink bool allowHotlink bool
fastcgi bool fastcgi bool
@ -129,6 +130,8 @@ func main() {
"name of the site") "name of the site")
flag.StringVar(&Config.siteURL, "siteurl", "http://"+Config.bind+"/", flag.StringVar(&Config.siteURL, "siteurl", "http://"+Config.bind+"/",
"site base url (including trailing slash)") "site base url (including trailing slash)")
flag.Int64Var(&Config.maxSize, "maxsize", 4*1024*1024*1024,
"maximum upload file size in bytes (default 4GB)")
flag.StringVar(&Config.certFile, "certfile", "", flag.StringVar(&Config.certFile, "certfile", "",
"path to ssl certificate (for https)") "path to ssl certificate (for https)")
flag.StringVar(&Config.keyFile, "keyfile", "", flag.StringVar(&Config.keyFile, "keyfile", "",

View File

@ -33,6 +33,7 @@ func TestSetup(t *testing.T) {
Config.siteURL = "http://linx.example.org/" Config.siteURL = "http://linx.example.org/"
Config.filesDir = path.Join(os.TempDir(), generateBarename()) Config.filesDir = path.Join(os.TempDir(), generateBarename())
Config.metaDir = Config.filesDir + "_meta" Config.metaDir = Config.filesDir + "_meta"
Config.maxSize = 1024 * 1024 * 1024
Config.noLogs = true Config.noLogs = true
Config.siteName = "linx" Config.siteName = "linx"
setup() setup()

View File

@ -85,12 +85,17 @@ Dropzone.options.dropzone = {
file.fileLabel.innerHTML = file.name + ": Canceled "; file.fileLabel.innerHTML = file.name + ": Canceled ";
} }
else { else {
if (resp.error) {
file.fileLabel.innerHTML = file.name + ": " + resp.error; file.fileLabel.innerHTML = file.name + ": " + resp.error;
} }
else {
file.fileLabel.innerHTML = file.name + ": " + resp;
}
}
file.fileLabel.className = "error"; file.fileLabel.className = "error";
}, },
maxFilesize: 4096, maxFilesize: Math.round(parseInt(document.getElementById("dropzone").getAttribute("data-maxsize"), 10) / 1024 / 1024),
previewsContainer: "#uploads", previewsContainer: "#uploads",
parallelUploads: 5, parallelUploads: 5,
headers: {"Accept": "application/json"}, headers: {"Accept": "application/json"},

View File

@ -6,7 +6,7 @@
{% block content %} {% block content %}
<div id="fileupload"> <div id="fileupload">
<form action="/upload" class="dropzone" id="dropzone" method="POST" enctype="multipart/form-data"> <form action="/upload" class="dropzone" id="dropzone" method="POST" enctype="multipart/form-data" data-maxsize="{{ maxsize }}">
<div class="fallback"> <div class="fallback">
<input id="fileinput" name="file" type="file" /><br /> <input id="fileinput" name="file" type="file" /><br />
<input id="submitbtn" type="submit" value="Upload"> <input id="submitbtn" type="submit" value="Upload">

View File

@ -259,6 +259,9 @@ func processUpload(upReq UploadRequest) (upload Upload, err error) {
} else if err != nil { } else if err != nil {
os.Remove(path.Join(Config.filesDir, upload.Filename)) os.Remove(path.Join(Config.filesDir, upload.Filename))
return return
} else if bytes > Config.maxSize {
os.Remove(path.Join(Config.filesDir, upload.Filename))
return upload, errors.New("File too large")
} }
upload.Metadata, err = generateMetadata(upload.Filename, expiry, upReq.deletionKey) upload.Metadata, err = generateMetadata(upload.Filename, expiry, upReq.deletionKey)