From 486686f1f9e40a329726161587b6756baaf965de Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sybren=20A=2E=20St=C3=BCvel?= Date: Tue, 6 Sep 2016 10:33:28 +0200 Subject: [PATCH] File upload: Removed JS-side file size check. Instead, the size of the entire HTTP request body is checked against the maximum file size. This allows for slightly smaller files (in the order of 200-300 bytes), which shouldn't be noticeable given our 32 MiB limit for non-subscribers. This check is performed before accessing request.files[], and thus before the file even starts uploading. This also allows unlimited file uploads to subscribers and demo users. This was already possible using the API, so now the web interface is consistent. Limits can be set using config[_local].py. This closes T49264: Allow large uploads for admins --- pillar/api/file_storage/__init__.py | 8 ++++++++ src/scripts/file_upload.js | 20 +++++++++++++------- 2 files changed, 21 insertions(+), 7 deletions(-) diff --git a/pillar/api/file_storage/__init__.py b/pillar/api/file_storage/__init__.py index 432c1ce1..6705ebd3 100644 --- a/pillar/api/file_storage/__init__.py +++ b/pillar/api/file_storage/__init__.py @@ -639,6 +639,14 @@ def stream_to_storage(project_id): log.info('Streaming file to bucket for project=%s user_id=%s', project_id, authentication.current_user_id()) log.info('request.headers[Origin] = %r', request.headers.get('Origin')) + log.info('request.content_length = %r', request.content_length) + + # Try a check for the content length before we access request.files[]. This allows us + # to abort the upload early. The entire body content length is always a bit larger than + # the actual file size, so if we accept here, we're sure it'll be accepted in subsequent + # checks as well. + if request.content_length: + assert_file_size_allowed(request.content_length) uploaded_file = request.files['file'] diff --git a/src/scripts/file_upload.js b/src/scripts/file_upload.js index a56e3833..6dbd8012 100644 --- a/src/scripts/file_upload.js +++ b/src/scripts/file_upload.js @@ -70,10 +70,6 @@ function setup_file_uploader(index, upload_element) { if (data.originalFiles[0]['type'].length && !acceptFileTypes.test(data.originalFiles[0]['type'])) { uploadErrors.push('Not an accepted file type'); } - // Limit upload size to 1GB - if (data.originalFiles[0]['size'] && data.originalFiles[0]['size'] > 1262485504) { - uploadErrors.push('Filesize is too big'); - } if (uploadErrors.length > 0) { $(this).parent().parent().addClass('error'); $(this).after(uploadErrors.join("\n")); @@ -118,11 +114,21 @@ function setup_file_uploader(index, upload_element) { $('body').trigger('file-upload:finished'); }, - fail: function (jqXHR, textStatus, errorThrown) { + fail: function (jqXHR, fileupload) { if (console) { - console.log(textStatus, 'Upload error: ' + errorThrown); + console.log('Upload error:'); + console.log('jqXHR', jqXHR); + console.log('fileupload', fileupload); } - statusBarSet(textStatus, 'Upload error: ' + errorThrown, 'pi-attention', 8000); + + var uploadErrors = []; + for (var key in fileupload.messages) { + uploadErrors.push(fileupload.messages[key]); + } + + statusBarSet('error', + 'Upload error: ' + uploadErrors.join("; "), + 'pi-attention', 16000); set_progress_bar(100, 'progress-error');