fix: prose and pastes limit filesize uploads

pastes/api.go

@@ -184,18 +184,25 @@ func postHandler(w http.ResponseWriter, r *http.Request) {
 	if err == nil {
 		logger = logger.With("filename", post.Filename)
 		logger.Info("paste found")
-		parsedText, err := ParseText(post.Filename, post.Text)
-		if err != nil {
-			logger.Error("could not parse text", "err", err)
-		}
 		expiresAt := "never"
-		if post.ExpiresAt != nil {
-			expiresAt = post.ExpiresAt.Format(time.DateOnly)
-		}
-
 		unlisted := false
-		if post.Hidden {
-			unlisted = true
+		parsedText := ""
+		// we dont want to syntax highlight huge files
+		if post.FileSize > 1*utils.MB {
+			logger.Warn("paste too large to parse and apply syntax highlighting")
+			parsedText = post.Text
+		} else {
+			parsedText, err = ParseText(post.Filename, post.Text)
+			if err != nil {
+				logger.Error("could not parse text", "err", err)
+			}
+			if post.ExpiresAt != nil {
+				expiresAt = post.ExpiresAt.Format(time.DateOnly)
+			}
+
+			if post.Hidden {
+				unlisted = true
+			}
 		}
 
 		data = PostPageData{

pastes/config.go

@@ -17,16 +17,17 @@ func NewConfigSite() *shared.ConfigSite {
 	minioPass := utils.GetEnv("MINIO_ROOT_PASSWORD", "")
 
 	return &shared.ConfigSite{
-		Debug:      debug == "1",
-		Domain:     domain,
-		Port:       port,
-		Protocol:   protocol,
-		DbURL:      dbURL,
-		StorageDir: storageDir,
-		MinioURL:   minioURL,
-		MinioUser:  minioUser,
-		MinioPass:  minioPass,
-		Space:      "pastes",
-		Logger:     shared.CreateLogger("pastes"),
+		Debug:        debug == "1",
+		Domain:       domain,
+		Port:         port,
+		Protocol:     protocol,
+		DbURL:        dbURL,
+		StorageDir:   storageDir,
+		MinioURL:     minioURL,
+		MinioUser:    minioUser,
+		MinioPass:    minioPass,
+		Space:        "pastes",
+		Logger:       shared.CreateLogger("pastes"),
+		MaxAssetSize: int64(3 * utils.MB),
 	}
 }

pastes/scp_hooks.go

@@ -24,12 +24,21 @@ type FileHooks struct {
 func (p *FileHooks) FileValidate(s ssh.Session, data *filehandlers.PostMetaData) (bool, error) {
 	if !utils.IsTextFile(string(data.Text)) {
 		err := fmt.Errorf(
-			"WARNING: (%s) invalid file must be plain text (utf-8), skipping",
+			"ERROR: (%s) invalid file must be plain text (utf-8), skipping",
 			data.Filename,
 		)
 		return false, err
 	}
 
+	maxFileSize := int(p.Cfg.MaxAssetSize)
+	if data.FileSize > maxFileSize {
+		return false, fmt.Errorf(
+			"ERROR: file (%s) has exceeded maximum file size (%d bytes)",
+			data.Filename,
+			maxFileSize,
+		)
+	}
+
 	return true, nil
 }
 

prose/config.go

@@ -5,6 +5,8 @@ import (
 	"github.com/picosh/utils"
 )
 
+var MAX_FILE_SIZE = 3 * utils.MB
+
 func NewConfigSite() *shared.ConfigSite {
 	debug := utils.GetEnv("PROSE_DEBUG", "0")
 	domain := utils.GetEnv("PROSE_DOMAIN", "prose.sh")

prose/scp_hooks.go

@@ -23,7 +23,7 @@ type MarkdownHooks struct {
 func (p *MarkdownHooks) FileValidate(s ssh.Session, data *filehandlers.PostMetaData) (bool, error) {
 	if !utils.IsTextFile(data.Text) {
 		err := fmt.Errorf(
-			"WARNING: (%s) invalid file must be plain text (utf-8), skipping",
+			"ERROR: (%s) invalid file must be plain text (utf-8), skipping",
 			data.Filename,
 		)
 		return false, err
@@ -39,13 +39,21 @@ func (p *MarkdownHooks) FileValidate(s ssh.Session, data *filehandlers.PostMetaD
 	if !utils.IsExtAllowed(data.Filename, p.Cfg.AllowedExt) {
 		extStr := strings.Join(p.Cfg.AllowedExt, ",")
 		err := fmt.Errorf(
-			"WARNING: (%s) invalid file, format must be (%s), skipping",
+			"ERROR: (%s) invalid file, format must be (%s), skipping",
 			data.Filename,
 			extStr,
 		)
 		return false, err
 	}
 
+	if data.FileSize > MAX_FILE_SIZE {
+		return false, fmt.Errorf(
+			"ERROR: file (%s) has exceeded maximum file size (%d bytes)",
+			data.Filename,
+			MAX_FILE_SIZE,
+		)
+	}
+
 	return true, nil
 }