From e21ff916b09258fb989a9eaa651d1b9d99266b22 Mon Sep 17 00:00:00 2001
From: MeiMei <30769358+mei23@users.noreply.github.com>
Date: Sat, 4 Sep 2021 20:33:14 +0900
Subject: ファイルサイズのハードリミット (#7760)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* maxFileSize

* CHANGELOG
---
 src/config/types.ts      |  2 ++
 src/misc/download-url.ts | 15 +++++++++++++++
 src/server/api/index.ts  |  7 ++++++-
 3 files changed, 23 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/config/types.ts b/src/config/types.ts
index 55beac6f55..e3ca6c1ab6 100644
--- a/src/config/types.ts
+++ b/src/config/types.ts
@@ -39,6 +39,8 @@ export type Source = {
 
 	allowedPrivateNetworks?: string[];
 
+	maxFileSize?: number;
+
 	accesslog?: string;
 
 	clusterLimit?: number;
diff --git a/src/misc/download-url.ts b/src/misc/download-url.ts
index 463fb555bb..8a8640a8cd 100644
--- a/src/misc/download-url.ts
+++ b/src/misc/download-url.ts
@@ -18,6 +18,7 @@ export async function downloadUrl(url: string, path: string) {
 
 	const timeout = 30 * 1000;
 	const operationTimeout = 60 * 1000;
+	const maxSize = config.maxFileSize || 262144000;
 
 	const req = got.stream(url, {
 		headers: {
@@ -44,6 +45,20 @@ export async function downloadUrl(url: string, path: string) {
 				req.destroy();
 			}
 		}
+
+		const contentLength = res.headers['content-length'];
+		if (contentLength != null) {
+			const size = Number(contentLength);
+			if (size > maxSize) {
+				logger.warn(`maxSize exceeded (${size} > ${maxSize}) on response`);
+				req.destroy();
+			}
+		}
+	}).on('downloadProgress', (progress: Got.Progress) => {
+		if (progress.transferred > maxSize) {
+			logger.warn(`maxSize exceeded (${progress.transferred} > ${maxSize}) on downloadProgress`);
+			req.destroy();
+		}
 	}).on('error', (e: any) => {
 		if (e.name === 'HTTPError') {
 			const statusCode = e.response?.statusCode;
diff --git a/src/server/api/index.ts b/src/server/api/index.ts
index 55083261ee..db35fdf9e0 100644
--- a/src/server/api/index.ts
+++ b/src/server/api/index.ts
@@ -16,6 +16,7 @@ import discord from './service/discord';
 import github from './service/github';
 import twitter from './service/twitter';
 import { Instances, AccessTokens, Users } from '@/models/index';
+import config from '@/config';
 
 // Init app
 const app = new Koa();
@@ -37,7 +38,11 @@ app.use(bodyParser({
 
 // Init multer instance
 const upload = multer({
-	storage: multer.diskStorage({})
+	storage: multer.diskStorage({}),
+	limits: {
+		fileSize: config.maxFileSize || 262144000,
+		files: 1,
+	}
 });
 
 // Init router
-- 
cgit v1.2.3-freya