aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--plugins/mod_http_file_share.lua13
-rw-r--r--spec/scansion/http_upload.scs16
-rw-r--r--spec/scansion/prosody.cfg.lua1
3 files changed, 30 insertions, 0 deletions
diff --git a/plugins/mod_http_file_share.lua b/plugins/mod_http_file_share.lua
index 89dda500..d7ac904a 100644
--- a/plugins/mod_http_file_share.lua
+++ b/plugins/mod_http_file_share.lua
@@ -14,6 +14,7 @@ local url = require "socket.url";
local dm = require "core.storagemanager".olddm;
local jwt = require "util.jwt";
local errors = require "util.error";
+local dataform = require "util.dataforms".new;
local namespace = "urn:xmpp:http:upload:0";
@@ -27,6 +28,7 @@ local uploads = module:open_store("uploads", "archive");
local secret = module:get_option_string(module.name.."_secret", require"util.id".long());
local external_base_url = module:get_option_string(module.name .. "_base_url");
+local file_size_limit = module:get_option_number(module.name .. "_size_limit", 10 * 1024 * 1024); -- 10 MB
local access = module:get_option_set(module.name .. "_access", {});
@@ -34,9 +36,16 @@ if not external_base_url then
module:depends("http");
end
+module:add_extension(dataform {
+ { name = "FORM_TYPE", type = "hidden", value = namespace },
+ { name = "max-file-size", type = "text-single" },
+}:form({ ["max-file-size"] = tostring(file_size_limit) }, "result"));
+
local upload_errors = errors.init(module.name, namespace, {
access = { "auth"; "forbidden" };
filename = { "modify"; "bad-request", "Invalid filename" };
+ filesize = { "modify"; "not-acceptable"; "File too large";
+ st.stanza("file-too-large", {xmlns = namespace}):tag("max-size"):text(tostring(file_size_limit)); };
});
function may_upload(uploader, filename, filesize, filetype) -- > boolean, error
@@ -50,6 +59,10 @@ function may_upload(uploader, filename, filesize, filetype) -- > boolean, error
return false, upload_errors.new("filename");
end
+ if filesize > file_size_limit then
+ return false, upload_errors.new("filesize");
+ end
+
return true;
end
diff --git a/spec/scansion/http_upload.scs b/spec/scansion/http_upload.scs
index ed4f1bca..72552946 100644
--- a/spec/scansion/http_upload.scs
+++ b/spec/scansion/http_upload.scs
@@ -22,6 +22,22 @@ Romeo receives:
</iq>
Romeo sends:
+ <iq to='upload.localhost' type='get' id='46ca64f3-518e-42bd-8e2f-4ab2f6d2224f' xml:lang='en'>
+ <request content-type='text/plain' filename='toolarge.dat' xmlns='urn:xmpp:http:upload:0' size='10000000000'/>
+ </iq>
+
+Romeo receives:
+ <iq id='46ca64f3-518e-42bd-8e2f-4ab2f6d2224f' from='upload.localhost' type='error'>
+ <error type='modify'>
+ <not-acceptable xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/>
+ <text xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'>File too large</text>
+ <file-too-large xmlns='urn:xmpp:http:upload:0'>
+ <max-file-size>10000000</max-file-size>
+ </file-too-large>
+ </error>
+ </iq>
+
+Romeo sends:
<iq to='upload.localhost' type='get' id='ac56d83f-a627-4732-8399-60492d1210b6' xml:lang='en'>
<request content-type='text/plain' filename='invalid/filename.dat' xmlns='urn:xmpp:http:upload:0' size='1000'/>
</iq>
diff --git a/spec/scansion/prosody.cfg.lua b/spec/scansion/prosody.cfg.lua
index ca28b6ba..d0964c05 100644
--- a/spec/scansion/prosody.cfg.lua
+++ b/spec/scansion/prosody.cfg.lua
@@ -133,3 +133,4 @@ Component "pubsub.localhost" "pubsub"
storage = "memory"
Component "upload.localhost" "http_file_share"
+http_file_share_size_limit = 10000000