diff options
author | Kim Alvefur <zash@zash.se> | 2021-01-26 14:53:24 +0100 |
---|---|---|
committer | Kim Alvefur <zash@zash.se> | 2021-01-26 14:53:24 +0100 |
commit | a98f3a3e64d3ae74cb666310ad465c6066025fcb (patch) | |
tree | 8b1ca72b7b981f8bdbaad7dda80e72948edb7c0f /plugins | |
parent | ea3b09dea83fd372f471dd01b87ef36566773a84 (diff) | |
download | prosody-a98f3a3e64d3ae74cb666310ad465c6066025fcb.tar.gz prosody-a98f3a3e64d3ae74cb666310ad465c6066025fcb.zip |
mod_http_file_share: Add file size limit (default 10M)
Diffstat (limited to 'plugins')
-rw-r--r-- | plugins/mod_http_file_share.lua | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/plugins/mod_http_file_share.lua b/plugins/mod_http_file_share.lua index 89dda500..d7ac904a 100644 --- a/plugins/mod_http_file_share.lua +++ b/plugins/mod_http_file_share.lua @@ -14,6 +14,7 @@ local url = require "socket.url"; local dm = require "core.storagemanager".olddm; local jwt = require "util.jwt"; local errors = require "util.error"; +local dataform = require "util.dataforms".new; local namespace = "urn:xmpp:http:upload:0"; @@ -27,6 +28,7 @@ local uploads = module:open_store("uploads", "archive"); local secret = module:get_option_string(module.name.."_secret", require"util.id".long()); local external_base_url = module:get_option_string(module.name .. "_base_url"); +local file_size_limit = module:get_option_number(module.name .. "_size_limit", 10 * 1024 * 1024); -- 10 MB local access = module:get_option_set(module.name .. "_access", {}); @@ -34,9 +36,16 @@ if not external_base_url then module:depends("http"); end +module:add_extension(dataform { + { name = "FORM_TYPE", type = "hidden", value = namespace }, + { name = "max-file-size", type = "text-single" }, +}:form({ ["max-file-size"] = tostring(file_size_limit) }, "result")); + local upload_errors = errors.init(module.name, namespace, { access = { "auth"; "forbidden" }; filename = { "modify"; "bad-request", "Invalid filename" }; + filesize = { "modify"; "not-acceptable"; "File too large"; + st.stanza("file-too-large", {xmlns = namespace}):tag("max-size"):text(tostring(file_size_limit)); }; }); function may_upload(uploader, filename, filesize, filetype) -- > boolean, error @@ -50,6 +59,10 @@ function may_upload(uploader, filename, filesize, filetype) -- > boolean, error return false, upload_errors.new("filename"); end + if filesize > file_size_limit then + return false, upload_errors.new("filesize"); + end + return true; end |