Merge remote-tracking branch 'origin/staging' into develop

2025-05-17 18:36:11 +02:00 · 2022-08-10 14:10:57 +02:00 · 2022-08-10 14:10:57 +02:00 · 99ed610dde
commit 99ed610dde
parent 5b5fe8ebbc 6df2089a60
24 changed files with 66 additions and 60 deletions
--- a/backend/src/app/config.clj
+++ b/backend/src/app/config.clj
@ -83,11 +83,11 @@
   ;; a server prop key where initial project is stored.
   :initial-project-skey "initial-project"})

-(s/def ::flags ::us/vec-of-valid-keywords)

-;; DEPRECATED PROPERTIES
+(s/def ::media-max-file-size ::us/integer)
+
+(s/def ::flags ::us/vec-of-valid-keywords)
 (s/def ::telemetry-enabled ::us/boolean)
-;; END DEPRECATED

 (s/def ::audit-log-archive-uri ::us/string)
 (s/def ::audit-log-gc-max-age ::dt/duration)
@ -143,8 +143,6 @@
 (s/def ::http-server-max-multipart-body-size ::us/integer)
 (s/def ::http-server-io-threads ::us/integer)
 (s/def ::http-server-worker-threads ::us/integer)
-(s/def ::http-session-updater-batch-max-age ::dt/duration)
-(s/def ::http-session-updater-batch-max-size ::us/integer)
 (s/def ::initial-project-skey ::us/string)
 (s/def ::ldap-attrs-email ::us/string)
 (s/def ::ldap-attrs-fullname ::us/string)
@ -251,8 +249,6 @@
                   ::http-server-max-multipart-body-size
                   ::http-server-io-threads
                   ::http-server-worker-threads
-                   ::http-session-updater-batch-max-age
-                   ::http-session-updater-batch-max-size
                   ::initial-project-skey
                   ::ldap-attrs-email
                   ::ldap-attrs-fullname
@ -268,6 +264,7 @@
                   ::local-assets-uri
                   ::loggers-loki-uri
                   ::loggers-zmq-uri
+                   ::media-max-file-size
                   ::profile-bounce-max-age
                   ::profile-bounce-threshold
                   ::profile-complaint-max-age
--- a/backend/src/app/rpc/mutations/media.clj
+++ b/backend/src/app/rpc/mutations/media.clj
@ -22,9 +22,12 @@
   [app.util.services :as sv]
   [app.util.time :as dt]
   [clojure.spec.alpha :as s]
+   [cuerdas.core :as str]
   [promesa.core :as p]
   [promesa.exec :as px]))

+(def default-max-file-size (* 1024 1024 10)) ; 10 MiB
+
 (def thumbnail-options
  {:width 100
   :height 100
@ -51,10 +54,20 @@

 (sv/defmethod ::upload-file-media-object
  {::rlimit/permits (cf/get :rlimit-image)}
-  [{:keys [pool] :as cfg} {:keys [profile-id file-id] :as params}]
+  [{:keys [pool] :as cfg} {:keys [profile-id file-id content] :as params}]
  (let [file (select-file pool file-id)
        cfg  (update cfg :storage media/configure-assets-storage)]
+
    (teams/check-edition-permissions! pool profile-id (:team-id file))
+    (media/validate-media-type! content)
+
+    (when (> (:size content) (cf/get :media-max-file-size default-max-file-size))
+      (ex/raise :type :restriction
+                :code :media-max-file-size-reached
+                :hint (str/ffmt "the uploaded file size % is greater than the maximum %"
+                                (:size content)
+                                default-max-file-size)))
+
    (create-file-media-object cfg params)))

 (defn- big-enough-for-thumbnail?
@ -94,8 +107,6 @@

 (defn create-file-media-object
  [{:keys [storage pool executors] :as cfg} {:keys [id file-id is-local name content] :as params}]
-  (media/validate-media-type! content)
-
  (letfn [;; Function responsible to retrieve the file information, as
          ;; it is synchronous operation it should be wrapped into
          ;; with-dispatch macro.
@ -177,30 +188,30 @@
    (teams/check-edition-permissions! pool profile-id (:team-id file))
    (create-file-media-object-from-url cfg params)))

-(def max-download-file-size
-  (* 1024 1024 100)) ; 100MiB
-
 (defn- create-file-media-object-from-url
  [{:keys [http-client] :as cfg} {:keys [url name] :as params}]
  (letfn [(parse-and-validate-size [headers]
-            (let [size   (some-> (get headers "content-length") d/parse-integer)
-                  mtype  (get headers "content-type")
-                  format (cm/mtype->format mtype)]
+            (let [size     (some-> (get headers "content-length") d/parse-integer)
+                  mtype    (get headers "content-type")
+                  format   (cm/mtype->format mtype)
+                  max-size (cf/get :media-max-file-size default-max-file-size)]

              (when-not size
                (ex/raise :type :validation
                          :code :unknown-size
-                          :hint "Seems like the url points to resource with unknown size"))
+                          :hint "seems like the url points to resource with unknown size"))

-              (when (> size max-download-file-size)
+              (when (> size max-size)
                (ex/raise :type :validation
                          :code :file-too-large
-                          :hint "Seems like the url points to resource with size greater than 100MiB"))
+                          :hint (str/ffmt "the file size % is greater than the maximum %"
+                                          size
+                                          default-max-file-size)))

              (when (nil? format)
                (ex/raise :type :validation
                          :code :media-type-not-allowed
-                          :hint "Seems like the url points to an invalid media object"))
+                          :hint "seems like the url points to an invalid media object"))

              {:size size
               :mtype mtype