Check upload size

2024-05-14 12:04:53 +01:00 · 2024-05-14 12:04:53 +01:00 · 30e4e8ed1c
commit 30e4e8ed1c
parent fc9263dc81
3 changed files with 24 additions and 10 deletions
--- a/src/auth/nip98.rs
+++ b/src/auth/nip98.rs
@ -1,17 +1,18 @@
 use std::ops::Sub;
 use std::time::Duration;

-use base64::prelude::BASE64_STANDARD;
 use base64::Engine;
+use base64::prelude::BASE64_STANDARD;
 use log::info;
 use nostr::{Event, JsonUtil, Kind, Timestamp};
-use rocket::http::uri::{Absolute, Uri};
-use rocket::http::Status;
-use rocket::request::{FromRequest, Outcome};
 use rocket::{async_trait, Request};
+use rocket::http::Status;
+use rocket::http::uri::{Absolute, Uri};
+use rocket::request::{FromRequest, Outcome};

 pub struct Nip98Auth {
    pub content_type: Option<String>,
+    pub content_length: Option<usize>,
    pub event: Event,
 }

@ -95,6 +96,13 @@ impl<'r> FromRequest<'r> for Nip98Auth {
                            None
                        }
                    }),
+                    content_length: request.headers().iter().find_map(|h| {
+                        if h.name == "content-length" {
+                            Some(h.value.parse().unwrap())
+                        } else {
+                            None
+                        }
+                    }),
                })
            } else {
                Outcome::Error((Status::new(403), "Auth scheme must be Nostr"))
--- a/src/routes/blossom.rs
+++ b/src/routes/blossom.rs
@ -92,16 +92,19 @@ async fn upload(
        Tag::Name(s) => Some(s.clone()),
        _ => None,
    });
-    let size = auth.event.tags.iter().find_map(|t| {
+    let size = match auth.event.tags.iter().find_map(|t| {
        let values = t.as_vec();
        if values.len() == 2 && values[0] == "size" {
            Some(values[1].parse::<usize>().unwrap())
        } else {
            None
        }
-    });
-    if size.is_none() {
-        return BlossomResponse::error("Invalid request, no size tag");
+    }) {
+        Some(s) => s,
+        None => return BlossomResponse::error("Invalid request, no size tag")
+    };
+    if size > settings.max_upload_bytes {
+        return BlossomResponse::error("File too large");
    }
    let mime_type = auth
        .content_type
--- a/src/routes/nip96.rs
+++ b/src/routes/nip96.rs
@ -1,9 +1,7 @@
-use std::borrow::Cow;
 use std::collections::HashMap;
 use std::fs;

 use chrono::Utc;
-use libc::remove;
 use log::error;
 use rocket::{FromForm, Responder, Route, routes, State};
 use rocket::form::Form;
@ -156,6 +154,11 @@ async fn upload(
    settings: &State<Settings>,
    form: Form<Nip96Form<'_>>,
 ) -> Nip96Response {
+    if let Some(size) = auth.content_length {
+        if size > settings.max_upload_bytes {
+            return Nip96Response::error("File too large");
+        }
+    }
    let file = match form.file.open().await {
        Ok(f) => f,
        Err(e) => return Nip96Response::error(&format!("Could not open file: {}", e)),