updated server-side 5mb enforcement

This commit is contained in:
bill bittner 2017-07-05 23:45:25 -07:00
parent 33347556fc
commit ec72307d16

View file

@ -69,19 +69,17 @@ module.exports = app => {
logger.verbose(`POST request on ${originalUrl} from ${ip}`); logger.verbose(`POST request on ${originalUrl} from ${ip}`);
// validate that a file was provided // validate that a file was provided
const file = files.speech || files.null; const file = files.speech || files.null;
logger.debug(file);
if (!file) { if (!file) {
postToStats('publish', originalUrl, ip, 'Error: file'); postToStats('publish', originalUrl, ip, 'Error: file');
res.status(400).send('Error: No file was submitted or the key used was incorrect. Files posted through this route must use a key of "speech" or null'); res.status(400).send('Error: No file was submitted or the key used was incorrect. Files posted through this route must use a key of "speech" or null');
return; return;
} }
// check if the size is provided (note: some clients may send incorrect content length or leave off content length) // check if the size is 5 mb or less
logger.debug(headers); if (file.size > 5000000) {
if (headers['content-length']) {
if (headers['content-length'] > 5000000) {
res.status(400).send('Error: only files of 5 megabytes or less are allowed'); res.status(400).send('Error: only files of 5 megabytes or less are allowed');
return; return;
} }
}
// validate name // validate name
const name = body.name || file.name.substring(0, file.name.indexOf('.')); const name = body.name || file.name.substring(0, file.name.indexOf('.'));
const invalidCharacters = /[^A-Za-z0-9,-]/.exec(name); const invalidCharacters = /[^A-Za-z0-9,-]/.exec(name);