prosody
7c8b02c5a335

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Changeset

11314:7c8b02c5a335

mod_http_file_share: Add file size limit (default 10M)
author Kim Alvefur <zash@zash.se>
date Tue, 26 Jan 2021 14:53:24 +0100
parents 11313:e53894d26092
children 11315:c52fcea39c8e
files plugins/mod_http_file_share.lua spec/scansion/http_upload.scs spec/scansion/prosody.cfg.lua
diffstat 3 files changed, 30 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/plugins/mod_http_file_share.lua	Tue Jan 26 14:52:37 2021 +0100
+++ b/plugins/mod_http_file_share.lua	Tue Jan 26 14:53:24 2021 +0100
@@ -14,6 +14,7 @@
 local dm = require "core.storagemanager".olddm;
 local jwt = require "util.jwt";
 local errors = require "util.error";
+local dataform = require "util.dataforms".new;
 
 local namespace = "urn:xmpp:http:upload:0";
 
@@ -27,6 +28,7 @@
 
 local secret = module:get_option_string(module.name.."_secret", require"util.id".long());
 local external_base_url = module:get_option_string(module.name .. "_base_url");
+local file_size_limit = module:get_option_number(module.name .. "_size_limit", 10 * 1024 * 1024); -- 10 MB
 
 local access = module:get_option_set(module.name .. "_access", {});
 
@@ -34,9 +36,16 @@
 	module:depends("http");
 end
 
+module:add_extension(dataform {
+	{ name = "FORM_TYPE", type = "hidden", value = namespace },
+	{ name = "max-file-size", type = "text-single" },
+}:form({ ["max-file-size"] = tostring(file_size_limit) }, "result"));
+
 local upload_errors = errors.init(module.name, namespace, {
 	access = { "auth"; "forbidden" };
 	filename = { "modify"; "bad-request", "Invalid filename" };
+	filesize = { "modify"; "not-acceptable"; "File too large";
+		st.stanza("file-too-large", {xmlns = namespace}):tag("max-size"):text(tostring(file_size_limit)); };
 });
 
 function may_upload(uploader, filename, filesize, filetype) -- > boolean, error
@@ -50,6 +59,10 @@
 		return false, upload_errors.new("filename");
 	end
 
+	if filesize > file_size_limit then
+		return false, upload_errors.new("filesize");
+	end
+
 	return true;
 end
 
--- a/spec/scansion/http_upload.scs	Tue Jan 26 14:52:37 2021 +0100
+++ b/spec/scansion/http_upload.scs	Tue Jan 26 14:53:24 2021 +0100
@@ -22,6 +22,22 @@
 	</iq>
 
 Romeo sends:
+	<iq to='upload.localhost' type='get' id='46ca64f3-518e-42bd-8e2f-4ab2f6d2224f' xml:lang='en'>
+		<request content-type='text/plain' filename='toolarge.dat' xmlns='urn:xmpp:http:upload:0' size='10000000000'/>
+	</iq>
+
+Romeo receives:
+	<iq id='46ca64f3-518e-42bd-8e2f-4ab2f6d2224f' from='upload.localhost' type='error'>
+		<error type='modify'>
+			<not-acceptable xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/>
+			<text xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'>File too large</text>
+			<file-too-large xmlns='urn:xmpp:http:upload:0'>
+				<max-file-size>10000000</max-file-size>
+			</file-too-large>
+		</error>
+	</iq>
+
+Romeo sends:
 	<iq to='upload.localhost' type='get' id='ac56d83f-a627-4732-8399-60492d1210b6' xml:lang='en'>
 		<request content-type='text/plain' filename='invalid/filename.dat' xmlns='urn:xmpp:http:upload:0' size='1000'/>
 	</iq>
--- a/spec/scansion/prosody.cfg.lua	Tue Jan 26 14:52:37 2021 +0100
+++ b/spec/scansion/prosody.cfg.lua	Tue Jan 26 14:53:24 2021 +0100
@@ -133,3 +133,4 @@
 	storage = "memory"
 
 Component "upload.localhost" "http_file_share"
+http_file_share_size_limit = 10000000