Enforce file size limits for direct uploads on S3 [SCI-3681]

This commit is contained in:
Oleksii Kriuchykhin 2019-07-30 13:31:22 +02:00
parent 887faeb344
commit 973fc775c0
2 changed files with 15 additions and 1 deletions

View file

@ -31,7 +31,7 @@ class Users::RegistrationsController < Devise::RegistrationsController
end end
elsif params.include? :change_avatar elsif params.include? :change_avatar
params.delete(:change_avatar) params.delete(:change_avatar)
if !params.include?(:avatar) if !params.include?(:avatar) || (params[:avatar].length > Constants::AVATAR_MAX_SIZE_MB.megabytes * 2)
resource.errors.add(:avatar, :blank) resource.errors.add(:avatar, :blank)
false false
else else

View file

@ -113,6 +113,8 @@ module ActiveStorage
end end
def url_for_direct_upload(key, expires_in:, content_type:, content_length:, checksum:) def url_for_direct_upload(key, expires_in:, content_type:, content_length:, checksum:)
raise ActiveStorage::IntegrityError if content_length > Rails.configuration.x.file_max_size_mb.megabytes
instrument :url, key: key do |payload| instrument :url, key: key do |payload|
generated_url = object_for(key).presigned_url :put, expires_in: expires_in.to_i, generated_url = object_for(key).presigned_url :put, expires_in: expires_in.to_i,
content_type: content_type, content_length: content_length, content_md5: checksum content_type: content_type, content_length: content_length, content_md5: checksum
@ -169,4 +171,16 @@ module ActiveStorage
end end
end end
end end
module S3SignerModifier
def build_signer(cfg)
signer = super(cfg)
signer.unsigned_headers.delete('content-length')
signer
end
end
Aws::S3::Presigner.class_eval do
prepend S3SignerModifier
end
end end