andrew
/
Gymboard
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added content-length protections.

This commit is contained in:
Andrew Lalis 2023-03-29 09:26:38 +02:00
parent 75680d1041
commit a001ef89e9
2 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
gymboard-cdn/src/main/java/nl/andrewlalis/gymboardcdn/service/UploadService.java
View File

@ -25,6 +25,8 @@ import java.time.format.DateTimeFormatter;
public class UploadService { public class UploadService {
private static final Logger log = LoggerFactory.getLogger(UploadService.class); private static final Logger log = LoggerFactory.getLogger(UploadService.class);
private static final long MAX_UPLOAD_SIZE_BYTES = (1024 * 1024 * 1024); // 1 Gb
private final StoredFileRepository storedFileRepository; private final StoredFileRepository storedFileRepository;
private final VideoProcessingTaskRepository videoTaskRepository; private final VideoProcessingTaskRepository videoTaskRepository;
private final FileService fileService; private final FileService fileService;
@ -46,6 +48,14 @@ public class UploadService {
*/ */
@Transactional @Transactional
public FileUploadResponse processableVideoUpload(HttpServletRequest request) { public FileUploadResponse processableVideoUpload(HttpServletRequest request) {
String contentLengthStr = request.getHeader("Content-Length");
if (contentLengthStr == null || !contentLengthStr.matches("\\d+")) {
throw new ResponseStatusException(HttpStatus.LENGTH_REQUIRED);
}
long contentLength = Long.parseUnsignedLong(contentLengthStr);
if (contentLength > MAX_UPLOAD_SIZE_BYTES) {
throw new ResponseStatusException(HttpStatus.PAYLOAD_TOO_LARGE);
}
Path tempFile; Path tempFile;
String filename = request.getHeader("X-Gymboard-Filename"); String filename = request.getHeader("X-Gymboard-Filename");
if (filename == null) filename = "unnamed.mp4"; if (filename == null) filename = "unnamed.mp4";

1
gymboard-cdn/src/test/java/nl/andrewlalis/gymboardcdn/service/UploadServiceTest.java
View File

@ -44,6 +44,7 @@ public class UploadServiceTest {
); );
HttpServletRequest mockRequest = mock(HttpServletRequest.class); HttpServletRequest mockRequest = mock(HttpServletRequest.class);
when(mockRequest.getHeader("X-Filename")).thenReturn("testing.mp4"); when(mockRequest.getHeader("X-Filename")).thenReturn("testing.mp4");
when(mockRequest.getHeader("Content-Length")).thenReturn("123");
ServletInputStream mockRequestInputStream = mock(ServletInputStream.class); ServletInputStream mockRequestInputStream = mock(ServletInputStream.class);
when(mockRequest.getInputStream()).thenReturn(mockRequestInputStream); when(mockRequest.getInputStream()).thenReturn(mockRequestInputStream);
var expectedResponse = new FileUploadResponse("abc"); var expectedResponse = new FileUploadResponse("abc");