- commit
- cfe2c2b
- parent
- c8eb96f
- author
- Eric Bower
- date
- 2025-02-02 21:17:14 -0500 EST
fix: prose and pastes limit filesize uploads
5 files changed,
+51,
-24
+17,
-10
1@@ -184,18 +184,25 @@ func postHandler(w http.ResponseWriter, r *http.Request) {
2 if err == nil {
3 logger = logger.With("filename", post.Filename)
4 logger.Info("paste found")
5- parsedText, err := ParseText(post.Filename, post.Text)
6- if err != nil {
7- logger.Error("could not parse text", "err", err)
8- }
9 expiresAt := "never"
10- if post.ExpiresAt != nil {
11- expiresAt = post.ExpiresAt.Format(time.DateOnly)
12- }
13-
14 unlisted := false
15- if post.Hidden {
16- unlisted = true
17+ parsedText := ""
18+ // we dont want to syntax highlight huge files
19+ if post.FileSize > 1*utils.MB {
20+ logger.Warn("paste too large to parse and apply syntax highlighting")
21+ parsedText = post.Text
22+ } else {
23+ parsedText, err = ParseText(post.Filename, post.Text)
24+ if err != nil {
25+ logger.Error("could not parse text", "err", err)
26+ }
27+ if post.ExpiresAt != nil {
28+ expiresAt = post.ExpiresAt.Format(time.DateOnly)
29+ }
30+
31+ if post.Hidden {
32+ unlisted = true
33+ }
34 }
35
36 data = PostPageData{
+12,
-11
1@@ -17,16 +17,17 @@ func NewConfigSite() *shared.ConfigSite {
2 minioPass := utils.GetEnv("MINIO_ROOT_PASSWORD", "")
3
4 return &shared.ConfigSite{
5- Debug: debug == "1",
6- Domain: domain,
7- Port: port,
8- Protocol: protocol,
9- DbURL: dbURL,
10- StorageDir: storageDir,
11- MinioURL: minioURL,
12- MinioUser: minioUser,
13- MinioPass: minioPass,
14- Space: "pastes",
15- Logger: shared.CreateLogger("pastes"),
16+ Debug: debug == "1",
17+ Domain: domain,
18+ Port: port,
19+ Protocol: protocol,
20+ DbURL: dbURL,
21+ StorageDir: storageDir,
22+ MinioURL: minioURL,
23+ MinioUser: minioUser,
24+ MinioPass: minioPass,
25+ Space: "pastes",
26+ Logger: shared.CreateLogger("pastes"),
27+ MaxAssetSize: int64(3 * utils.MB),
28 }
29 }
+10,
-1
1@@ -24,12 +24,21 @@ type FileHooks struct {
2 func (p *FileHooks) FileValidate(s ssh.Session, data *filehandlers.PostMetaData) (bool, error) {
3 if !utils.IsTextFile(string(data.Text)) {
4 err := fmt.Errorf(
5- "WARNING: (%s) invalid file must be plain text (utf-8), skipping",
6+ "ERROR: (%s) invalid file must be plain text (utf-8), skipping",
7 data.Filename,
8 )
9 return false, err
10 }
11
12+ maxFileSize := int(p.Cfg.MaxAssetSize)
13+ if data.FileSize > maxFileSize {
14+ return false, fmt.Errorf(
15+ "ERROR: file (%s) has exceeded maximum file size (%d bytes)",
16+ data.Filename,
17+ maxFileSize,
18+ )
19+ }
20+
21 return true, nil
22 }
23
+2,
-0
1@@ -5,6 +5,8 @@ import (
2 "github.com/picosh/utils"
3 )
4
5+var MAX_FILE_SIZE = 3 * utils.MB
6+
7 func NewConfigSite() *shared.ConfigSite {
8 debug := utils.GetEnv("PROSE_DEBUG", "0")
9 domain := utils.GetEnv("PROSE_DOMAIN", "prose.sh")
+10,
-2
1@@ -23,7 +23,7 @@ type MarkdownHooks struct {
2 func (p *MarkdownHooks) FileValidate(s ssh.Session, data *filehandlers.PostMetaData) (bool, error) {
3 if !utils.IsTextFile(data.Text) {
4 err := fmt.Errorf(
5- "WARNING: (%s) invalid file must be plain text (utf-8), skipping",
6+ "ERROR: (%s) invalid file must be plain text (utf-8), skipping",
7 data.Filename,
8 )
9 return false, err
10@@ -39,13 +39,21 @@ func (p *MarkdownHooks) FileValidate(s ssh.Session, data *filehandlers.PostMetaD
11 if !utils.IsExtAllowed(data.Filename, p.Cfg.AllowedExt) {
12 extStr := strings.Join(p.Cfg.AllowedExt, ",")
13 err := fmt.Errorf(
14- "WARNING: (%s) invalid file, format must be (%s), skipping",
15+ "ERROR: (%s) invalid file, format must be (%s), skipping",
16 data.Filename,
17 extStr,
18 )
19 return false, err
20 }
21
22+ if data.FileSize > MAX_FILE_SIZE {
23+ return false, fmt.Errorf(
24+ "ERROR: file (%s) has exceeded maximum file size (%d bytes)",
25+ data.Filename,
26+ MAX_FILE_SIZE,
27+ )
28+ }
29+
30 return true, nil
31 }
32