Add (hardcoded) maximum uploaded file size

TODO.mkd

 # TODO:
 
  * Send mimetype on access.
- * Autodetct mimetype if field is empty.
+ * Autodetect mimetype if field is empty.
  * Good practices testing.
  * Check error handling (should be good).
- * Continuous-integration.
- * Package this for Debian.
+ * Fast continuous-integration.
  * Import script for previous pastes.
  * Add ETags for caching.
 

debian/changelog

-gnupaste (2.0.0-rc1) unstable; urgency=medium
+gnupaste (2.0.0+rc2) unstable; urgency=medium
+
+  * Add (hardcoded) maximum uploaded file size
+
+ -- Antoine Fontaine <antoine.fontaine@epfl.ch>  Sun, 20 Dec 2020 15:49:01 +0100
+
+
+gnupaste (2.0.0+rc1) unstable; urgency=medium
 
   * Initial release
 

debian/control

@@ -2,6 +2,8 @@ Source: gnupaste
 Maintainer: Antoine Fontaine <antoine.fontaine@epfl.ch>
 Section: haskell
 Build-Depends:
+Vcs-Browser: https://gitlab.gnugen.ch/gnugen/gnupaste
+Vcs-Git: https://gitlab.gnugen.ch/gnugen/gnupaste.git
 Standards-Version: 4.5.0
 Description: GNU Generation's new pastebin software
 

src/Paste/Handlers.hs

@@ -55,7 +55,13 @@ processUpload pool pasteDir reqAddr mXForward multipData =
     case head $ files multipData of
         Nothing     -> throwError err400 { errBody = "You must include a file in the multipart/formdata you upload!" }
         Just upload -> do
-    -- Get information to store.
+
+            size   <- liftIO $ getFileSize (fdPayload upload)
+            -- Ensure file isn't too big
+            when (size > 1*1024*1024) $
+                    throwError err413 { errBody = "Request size exceeded 1MiB." }
+
+            -- Get information to store.
             now    <- liftIO getCurrentTime
 
             -- Generate a hash for the file, unique wrt the DB.
@@ -68,17 +74,17 @@ processUpload pool pasteDir reqAddr mXForward multipData =
             -- Address from X-Forwarded-For header if it exists, otherwise from the requester.
             let address = fromMaybe (textifyAddress reqAddr) (mXForward)
 
-    -- copy file to "uploads" dir.
+            -- copy file to "uploads" dir.
             liftIO $ copyFile (fdPayload upload) (pasteDir ++ (T.unpack hash))
 
-    -- Store info in DB.
+            -- Store info in DB.
             liftIO $ insertPaste Paste { pasteHash  = hash
                                        , pasteMime  = mime
                                        , pasteDate  = now
                                        , pasteDueAt = expire
                                        , pasteIpAdd = address
                                        } pool
-    -- Send back 201 with the URL to the paste.
+            -- Send back 201 with the URL to the paste.
             return $ "https://paste.gnugen.ch/" <> hash
 
 -- | Transform a 'SockAddr' datastructure to human-readable text to store in