Merge branch 'feature/upload-limits' into 'develop'

configurable media upload limits Closes #118 See merge request pleroma/pleroma!401
author: kaniini <nenolod@gmail.com> 2018-10-29 20:14:10 +0000
committer: kaniini <nenolod@gmail.com> 2018-10-29 20:14:10 +0000
commit: a880e0a5278110031ad14bfd5c24e8054e878d9d (patch)
tree: 52bb9c18fa65aaebf29442237967f39191a09f15 /lib
parent: 7ac701ccd211d0a1b04243e4c0591adb9f1996fc (diff)
parent: 676c97b8c7c79c6f96fce1366fc79c73a251ec4f (diff)
download: pleroma-a880e0a5278110031ad14bfd5c24e8054e878d9d.tar.gz
5 files changed, 100 insertions, 56 deletions
diff --git a/lib/pleroma/upload.ex b/lib/pleroma/upload.ex
index f188a5f32..2293ff54e 100644
--- a/lib/pleroma/upload.ex
+++ b/lib/pleroma/upload.ex
@@ -4,61 +4,76 @@ defmodule Pleroma.Upload do
   @storage_backend Application.get_env(:pleroma, Pleroma.Upload)
                    |> Keyword.fetch!(:uploader)
 
-  def store(%Plug.Upload{} = file, should_dedupe) do
+  def check_file_size(path, nil), do: true
+
+  def check_file_size(path, size_limit) do
+    {:ok, %{size: size}} = File.stat(path)
+    size <= size_limit
+  end
+
+  def store(file, should_dedupe, size_limit \\ nil)
+
+  def store(%Plug.Upload{} = file, should_dedupe, size_limit) do
     content_type = get_content_type(file.path)
 
-    uuid = get_uuid(file, should_dedupe)
-    name = get_name(file, uuid, content_type, should_dedupe)
-
-    strip_exif_data(content_type, file.path)
-
-    {:ok, url_path} =
-      @storage_backend.put_file(name, uuid, file.path, content_type, should_dedupe)
-
-    %{
-      "type" => "Document",
-      "url" => [
-        %{
-          "type" => "Link",
-          "mediaType" => content_type,
-          "href" => url_path
-        }
-      ],
-      "name" => name
-    }
+    with uuid <- get_uuid(file, should_dedupe),
+         name <- get_name(file, uuid, content_type, should_dedupe),
+         true <- check_file_size(file.path, size_limit) do
+      strip_exif_data(content_type, file.path)
+
+      {:ok, url_path} =
+        @storage_backend.put_file(name, uuid, file.path, content_type, should_dedupe)
+
+      %{
+        "type" => "Document",
+        "url" => [
+          %{
+            "type" => "Link",
+            "mediaType" => content_type,
+            "href" => url_path
+          }
+        ],
+        "name" => name
+      }
+    else
+      _e -> nil
+    end
   end
 
-  def store(%{"img" => "data:image/" <> image_data}, should_dedupe) do
+  def store(%{"img" => "data:image/" <> image_data}, should_dedupe, size_limit) do
     parsed = Regex.named_captures(~r/(?<filetype>jpeg|png|gif);base64,(?<data>.*)/, image_data)
     data = Base.decode64!(parsed["data"], ignore: :whitespace)
 
-    tmp_path = tempfile_for_image(data)
-
-    uuid = UUID.generate()
-
-    content_type = get_content_type(tmp_path)
-    strip_exif_data(content_type, tmp_path)
-
-    name =
-      create_name(
-        String.downcase(Base.encode16(:crypto.hash(:sha256, data))),
-        parsed["filetype"],
-        content_type
-      )
-
-    {:ok, url_path} = @storage_backend.put_file(name, uuid, tmp_path, content_type, should_dedupe)
-
-    %{
-      "type" => "Image",
-      "url" => [
-        %{
-          "type" => "Link",
-          "mediaType" => content_type,
-          "href" => url_path
-        }
-      ],
-      "name" => name
-    }
+    with tmp_path <- tempfile_for_image(data),
+         uuid <- UUID.generate(),
+         true <- check_file_size(tmp_path, size_limit) do
+      content_type = get_content_type(tmp_path)
+      strip_exif_data(content_type, tmp_path)
+
+      name =
+        create_name(
+          String.downcase(Base.encode16(:crypto.hash(:sha256, data))),
+          parsed["filetype"],
+          content_type
+        )
+
+      {:ok, url_path} =
+        @storage_backend.put_file(name, uuid, tmp_path, content_type, should_dedupe)
+
+      %{
+        "type" => "Image",
+        "url" => [
+          %{
+            "type" => "Link",
+            "mediaType" => content_type,
+            "href" => url_path
+          }
+        ],
+        "name" => name
+      }
+    else
+      _e -> nil
+    end
   end
 
   @doc """
diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex
index 4b8b6eb52..537b99f31 100644
--- a/lib/pleroma/web/activity_pub/activity_pub.ex
+++ b/lib/pleroma/web/activity_pub/activity_pub.ex
@@ -575,9 +575,12 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do
     |> Enum.reverse()
   end
 
-  def upload(file) do
-    data = Upload.store(file, Application.get_env(:pleroma, :instance)[:dedupe_media])
-    Repo.insert(%Object{data: data})
+  def upload(file, size_limit \\ nil) do
+    with data <-
+           Upload.store(file, Application.get_env(:pleroma, :instance)[:dedupe_media], size_limit),
+         false <- is_nil(data) do
+      Repo.insert(%Object{data: data})
+    end
   end
 
   def user_data_from_user_object(data) do
diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex
index bc7558cb8..e03027be7 100644
--- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex
+++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex
@@ -35,6 +35,14 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
   def update_credentials(%{assigns: %{user: user}} = conn, params) do
     original_user = user
 
+    avatar_upload_limit =
+      Application.get_env(:pleroma, :instance)
+      |> Keyword.fetch(:avatar_upload_limit)
+
+    banner_upload_limit =
+      Application.get_env(:pleroma, :instance)
+      |> Keyword.fetch(:banner_upload_limit)
+
     params =
       if bio = params["note"] do
         Map.put(params, "bio", bio)
@@ -52,7 +60,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
     user =
       if avatar = params["avatar"] do
         with %Plug.Upload{} <- avatar,
-             {:ok, object} <- ActivityPub.upload(avatar),
+             {:ok, object} <- ActivityPub.upload(avatar, avatar_upload_limit),
              change = Ecto.Changeset.change(user, %{avatar: object.data}),
              {:ok, user} = User.update_and_set_cache(change) do
           user
@@ -66,7 +74,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
     user =
       if banner = params["header"] do
         with %Plug.Upload{} <- banner,
-             {:ok, object} <- ActivityPub.upload(banner),
+             {:ok, object} <- ActivityPub.upload(banner, banner_upload_limit),
              new_info <- Map.put(user.info, "banner", object.data),
              change <- User.info_changeset(user, %{info: new_info}),
              {:ok, user} <- User.update_and_set_cache(change) do
diff --git a/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex b/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex
index 59b0ce3e1..5446179cb 100644
--- a/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex
+++ b/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex
@@ -113,6 +113,12 @@ defmodule Pleroma.Web.Nodeinfo.NodeinfoController do
         staffAccounts: staff_accounts,
         federation: federation_response,
         postFormats: Keyword.get(instance, :allowed_post_formats),
+        uploadLimits: %{
+          general: Keyword.get(instance, :upload_limit),
+          avatar: Keyword.get(instance, :avatar_upload_limit),
+          banner: Keyword.get(instance, :banner_upload_limit),
+          background: Keyword.get(instance, :background_upload_limit)
+        },
         features: features
       }
     }
diff --git a/lib/pleroma/web/twitter_api/twitter_api_controller.ex b/lib/pleroma/web/twitter_api/twitter_api_controller.ex
index 4fc32b50c..7153a2bd6 100644
--- a/lib/pleroma/web/twitter_api/twitter_api_controller.ex
+++ b/lib/pleroma/web/twitter_api/twitter_api_controller.ex
@@ -263,7 +263,11 @@ defmodule Pleroma.Web.TwitterAPI.Controller do
   end
 
   def update_avatar(%{assigns: %{user: user}} = conn, params) do
-    {:ok, object} = ActivityPub.upload(params)
+    upload_limit =
+      Application.get_env(:pleroma, :instance)
+      |> Keyword.fetch(:avatar_upload_limit)
+
+    {:ok, object} = ActivityPub.upload(params, upload_limit)
     change = Changeset.change(user, %{avatar: object.data})
     {:ok, user} = User.update_and_set_cache(change)
     CommonAPI.update(user)
@@ -272,7 +276,11 @@ defmodule Pleroma.Web.TwitterAPI.Controller do
   end
 
   def update_banner(%{assigns: %{user: user}} = conn, params) do
-    with {:ok, object} <- ActivityPub.upload(%{"img" => params["banner"]}),
+    upload_limit =
+      Application.get_env(:pleroma, :instance)
+      |> Keyword.fetch(:banner_upload_limit)
+
+    with {:ok, object} <- ActivityPub.upload(%{"img" => params["banner"]}, upload_limit),
          new_info <- Map.put(user.info, "banner", object.data),
          change <- User.info_changeset(user, %{info: new_info}),
          {:ok, user} <- User.update_and_set_cache(change) do
@@ -286,7 +294,11 @@ defmodule Pleroma.Web.TwitterAPI.Controller do
   end
 
   def update_background(%{assigns: %{user: user}} = conn, params) do
-    with {:ok, object} <- ActivityPub.upload(params),
+    upload_limit =
+      Application.get_env(:pleroma, :instance)
+      |> Keyword.fetch(:background_upload_limit)
+
+    with {:ok, object} <- ActivityPub.upload(params, upload_limit),
          new_info <- Map.put(user.info, "background", object.data),
          change <- User.info_changeset(user, %{info: new_info}),
          {:ok, _user} <- User.update_and_set_cache(change) do
author	kaniini <nenolod@gmail.com>	2018-10-29 20:14:10 +0000
committer	kaniini <nenolod@gmail.com>	2018-10-29 20:14:10 +0000
commit	a880e0a5278110031ad14bfd5c24e8054e878d9d (patch)
tree	52bb9c18fa65aaebf29442237967f39191a09f15 /lib
parent	7ac701ccd211d0a1b04243e4c0591adb9f1996fc (diff)
parent	676c97b8c7c79c6f96fce1366fc79c73a251ec4f (diff)
download	pleroma-a880e0a5278110031ad14bfd5c24e8054e878d9d.tar.gz