Kieran/route96
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Check upload size

Browse Source
This commit is contained in:
kieran 2024-05-14 12:04:53 +01:00
parent fc9263dc81
commit 30e4e8ed1c
No known key found for this signature in database
GPG Key ID: DE71CEB3925BE941
3 changed files with 24 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
src/auth/nip98.rs
View File

@ -1,17 +1,18 @@
use std::ops::Sub; use std::ops::Sub;
use std::time::Duration; use std::time::Duration;
use base64::prelude::BASE64_STANDARD;
use base64::Engine; use base64::Engine;
use base64::prelude::BASE64_STANDARD;
use log::info; use log::info;
use nostr::{Event, JsonUtil, Kind, Timestamp}; use nostr::{Event, JsonUtil, Kind, Timestamp};
use rocket::http::uri::{Absolute, Uri};
use rocket::http::Status;
use rocket::request::{FromRequest, Outcome};
use rocket::{async_trait, Request}; use rocket::{async_trait, Request};
use rocket::http::Status;
use rocket::http::uri::{Absolute, Uri};
use rocket::request::{FromRequest, Outcome};
pub struct Nip98Auth { pub struct Nip98Auth {
pub content_type: Option<String>, pub content_type: Option<String>,
pub content_length: Option<usize>,
pub event: Event, pub event: Event,
} }
@ -95,6 +96,13 @@ impl<'r> FromRequest<'r> for Nip98Auth {
None None
} }
}), }),
content_length: request.headers().iter().find_map(|h| {
if h.name == "content-length" {
Some(h.value.parse().unwrap())
} else {
None
}
}),
}) })
} else { } else {
Outcome::Error((Status::new(403), "Auth scheme must be Nostr")) Outcome::Error((Status::new(403), "Auth scheme must be Nostr"))

11
src/routes/blossom.rs
View File

@ -92,16 +92,19 @@ async fn upload(
Tag::Name(s) => Some(s.clone()), Tag::Name(s) => Some(s.clone()),
_ => None, _ => None,
}); });
let size = auth.event.tags.iter().find_map(|t| { let size = match auth.event.tags.iter().find_map(|t| {
let values = t.as_vec(); let values = t.as_vec();
if values.len() == 2 && values[0] == "size" { if values.len() == 2 && values[0] == "size" {
Some(values[1].parse::<usize>().unwrap()) Some(values[1].parse::<usize>().unwrap())
} else { } else {
None None
} }
}); }) {
if size.is_none() { Some(s) => s,
return BlossomResponse::error("Invalid request, no size tag"); None => return BlossomResponse::error("Invalid request, no size tag")
};
if size > settings.max_upload_bytes {
return BlossomResponse::error("File too large");
} }
let mime_type = auth let mime_type = auth
.content_type .content_type

7
src/routes/nip96.rs
View File

@ -1,9 +1,7 @@
use std::borrow::Cow;
use std::collections::HashMap; use std::collections::HashMap;
use std::fs; use std::fs;
use chrono::Utc; use chrono::Utc;
use libc::remove;
use log::error; use log::error;
use rocket::{FromForm, Responder, Route, routes, State}; use rocket::{FromForm, Responder, Route, routes, State};
use rocket::form::Form; use rocket::form::Form;
@ -156,6 +154,11 @@ async fn upload(
settings: &State<Settings>, settings: &State<Settings>,
form: Form<Nip96Form<'_>>, form: Form<Nip96Form<'_>>,
) -> Nip96Response { ) -> Nip96Response {
if let Some(size) = auth.content_length {
if size > settings.max_upload_bytes {
return Nip96Response::error("File too large");
}
}
let file = match form.file.open().await { let file = match form.file.open().await {
Ok(f) => f, Ok(f) => f,
Err(e) => return Nip96Response::error(&format!("Could not open file: {}", e)), Err(e) => return Nip96Response::error(&format!("Could not open file: {}", e)),