scinote-eln/scinote-web
1
1
Fork 0
mirror of https://github.com/scinote-eln/scinote-web.git synced 2024-12-26 17:51:13 +08:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #1966 from okriuchykhin/ok_SCI_3681

Browse source 
Enforce file size limits for direct uploads on S3 [SCI-3681]
This commit is contained in:
Alex Kriuchykhin 2019-08-07 10:49:05 +02:00 committed by GitHub
commit 328f8dd8a0
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 15 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
app/controllers/users/registrations_controller.rb
View file

@ -31,7 +31,7 @@ class Users::RegistrationsController < Devise::RegistrationsController
end
elsif params.include? :change_avatar
params.delete(:change_avatar)
if !params.include?(:avatar)
if !params.include?(:avatar) || (params[:avatar].length > Constants::AVATAR_MAX_SIZE_MB.megabytes * 2)
resource.errors.add(:avatar, :blank)
false
else

14
app/services/active_storage/service/custom_s3_service.rb
View file

@ -113,6 +113,8 @@ module ActiveStorage
end
def url_for_direct_upload(key, expires_in:, content_type:, content_length:, checksum:)
raise ActiveStorage::IntegrityError if content_length > Rails.configuration.x.file_max_size_mb.megabytes
instrument :url, key: key do |payload|
generated_url = object_for(key).presigned_url :put, expires_in: expires_in.to_i,
content_type: content_type, content_length: content_length, content_md5: checksum
@ -169,4 +171,16 @@ module ActiveStorage
end
end
end
module S3SignerModifier
def build_signer(cfg)
signer = super(cfg)
signer.unsigned_headers.delete('content-length')
signer
end
end
Aws::S3::Presigner.class_eval do
prepend S3SignerModifier
end
end