diff mod_http_upload/mod_http_upload.lua @ 1851:03c5639882a7

mod_http_upload: Add support for a file size limit
author Kim Alvefur <zash@zash.se>
date Mon, 14 Sep 2015 12:49:54 +0200
parents e3a0ebe671cc
children 8ef500508c59
line wrap: on
line diff
--- a/mod_http_upload/mod_http_upload.lua	Mon Sep 14 12:45:00 2015 +0200
+++ b/mod_http_upload/mod_http_upload.lua	Mon Sep 14 12:49:54 2015 +0200
@@ -16,6 +16,9 @@
 return a .. package.config:sub(1,1) .. b;
 end
 
+-- config
+local file_size_limit = module:get_option_number(module.name .. "_file_size_limit", 10 * 1024 * 1024); -- 10 MB
+
 -- depends
 module:depends("http");
 module:depends("disco");
@@ -46,6 +49,16 @@
 		origin.send(st.error_reply(stanza, "modify", "bad-request", "Invalid filename"));
 		return true;
 	end
+	local filesize = tonumber(request:get_child_text("size"));
+	if not filesize then
+		origin.send(st.error_reply(stanza, "modify", "bad-request", "Missing or invalid file size"));
+		return true;
+	elseif filesize > file_size_limit then
+		origin.send(st.error_reply(stanza, "modify", "not-acceptable", "File too large",
+			st.stanza("file-too-large", {xmlns=xmlns_http_upload})
+				:tag("max-size"):text(tostring(file_size_limit))));
+		return true;
+	end
 	local reply = st.reply(stanza);
 	reply:tag("slot", { xmlns = xmlns_http_upload });
 	local random = uuid();
@@ -66,6 +79,10 @@
 	if not random then
 		return 400;
 	end
+	if #event.request.body > file_size_limit then
+		module:log("error", "Uploaded file too large %d bytes", #event.request.body);
+		return 400;
+	end
 	local dirname = join_path(storage_path, random);
 	if not lfs.mkdir(dirname) then
 		module:log("error", "Could not create directory %s for upload", dirname);