FIX: 3.3 100% - 3.4 with WEBUI

2025-07-18 04:29:48 +00:00
parent dc88f9f6fb
commit 6205661acc
6 changed files with 220 additions and 54 deletions
--- a/cmd/server/chunked_upload_handler.go
+++ b/cmd/server/chunked_upload_handler.go
@ -71,6 +71,23 @@ func handleChunkedUpload(w http.ResponseWriter, r *http.Request) {
 			return
 		}

+		// Validate file size against max_upload_size if configured
+		if conf.Server.MaxUploadSize != "" {
+			maxSizeBytes, err := parseSize(conf.Server.MaxUploadSize)
+			if err != nil {
+				log.Errorf("Invalid max_upload_size configuration: %v", err)
+				http.Error(w, "Server configuration error", http.StatusInternalServerError)
+				uploadErrorsTotal.Inc()
+				return
+			}
+			if totalSize > maxSizeBytes {
+				http.Error(w, fmt.Sprintf("File size %s exceeds maximum allowed size %s", 
+					formatBytes(totalSize), conf.Server.MaxUploadSize), http.StatusRequestEntityTooLarge)
+				uploadErrorsTotal.Inc()
+				return
+			}
+		}
+
 		// Authentication (reuse existing logic)
 		if conf.Security.EnableJWT {
 			_, err := validateJWTFromRequest(r, conf.Security.JWTSecret)
--- a/cmd/server/main.go
+++ b/cmd/server/main.go
@ -1407,6 +1407,23 @@ func handleUpload(w http.ResponseWriter, r *http.Request) {
 	}
 	defer file.Close()

+	// Validate file size against max_upload_size if configured
+	if conf.Server.MaxUploadSize != "" {
+		maxSizeBytes, err := parseSize(conf.Server.MaxUploadSize)
+		if err != nil {
+			log.Errorf("Invalid max_upload_size configuration: %v", err)
+			http.Error(w, "Server configuration error", http.StatusInternalServerError)
+			uploadErrorsTotal.Inc()
+			return
+		}
+		if header.Size > maxSizeBytes {
+			http.Error(w, fmt.Sprintf("File size %s exceeds maximum allowed size %s", 
+				formatBytes(header.Size), conf.Server.MaxUploadSize), http.StatusRequestEntityTooLarge)
+			uploadErrorsTotal.Inc()
+			return
+		}
+	}
+
 	// Validate file extension if configured
 	if len(conf.Uploads.AllowedExtensions) > 0 {
 		ext := strings.ToLower(filepath.Ext(header.Filename))
@ -1644,6 +1661,23 @@ func handleV3Upload(w http.ResponseWriter, r *http.Request) {
 		}
 	}

+	// Validate file size against max_upload_size if configured
+	if conf.Server.MaxUploadSize != "" {
+		maxSizeBytes, err := parseSize(conf.Server.MaxUploadSize)
+		if err != nil {
+			log.Errorf("Invalid max_upload_size configuration: %v", err)
+			http.Error(w, "Server configuration error", http.StatusInternalServerError)
+			uploadErrorsTotal.Inc()
+			return
+		}
+		if r.ContentLength > maxSizeBytes {
+			http.Error(w, fmt.Sprintf("File size %s exceeds maximum allowed size %s", 
+				formatBytes(r.ContentLength), conf.Server.MaxUploadSize), http.StatusRequestEntityTooLarge)
+			uploadErrorsTotal.Inc()
+			return
+		}
+	}
+
 	// Generate filename based on configuration
 	var filename string
 	switch conf.Server.FileNaming {
@ -1767,6 +1801,23 @@ func handleLegacyUpload(w http.ResponseWriter, r *http.Request) {
 		}
 	}

+	// Validate file size against max_upload_size if configured
+	if conf.Server.MaxUploadSize != "" {
+		maxSizeBytes, err := parseSize(conf.Server.MaxUploadSize)
+		if err != nil {
+			log.Errorf("Invalid max_upload_size configuration: %v", err)
+			http.Error(w, "Server configuration error", http.StatusInternalServerError)
+			uploadErrorsTotal.Inc()
+			return
+		}
+		if r.ContentLength > maxSizeBytes {
+			http.Error(w, fmt.Sprintf("File size %s exceeds maximum allowed size %s", 
+				formatBytes(r.ContentLength), conf.Server.MaxUploadSize), http.StatusRequestEntityTooLarge)
+			uploadErrorsTotal.Inc()
+			return
+		}
+	}
+
 	// Create full file path
 	storagePath := conf.Server.StoragePath
 	if conf.ISO.Enabled {