uuxo/hmac-file-server
1
1
Fork 0
Code Pull Requests Actions Packages Projects Releases 1 Wiki Activity

FIX: 3.3 100% - 3.4 with WEBUI

Browse Source
This commit is contained in:
Alexander Renz
2025-07-18 04:29:48 +00:00
parent dc88f9f6fb
commit 6205661acc
6 changed files with 220 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
cmd/server/main.go
View File

@ -1407,6 +1407,23 @@ func handleUpload(w http.ResponseWriter, r *http.Request) {
}
defer file.Close()
// Validate file size against max_upload_size if configured
if conf.Server.MaxUploadSize != "" {
maxSizeBytes, err := parseSize(conf.Server.MaxUploadSize)
if err != nil {
log.Errorf("Invalid max_upload_size configuration: %v", err)
http.Error(w, "Server configuration error", http.StatusInternalServerError)
uploadErrorsTotal.Inc()
return
}
if header.Size > maxSizeBytes {
http.Error(w, fmt.Sprintf("File size %s exceeds maximum allowed size %s",
formatBytes(header.Size), conf.Server.MaxUploadSize), http.StatusRequestEntityTooLarge)
uploadErrorsTotal.Inc()
return
}
}
// Validate file extension if configured
if len(conf.Uploads.AllowedExtensions) > 0 {
ext := strings.ToLower(filepath.Ext(header.Filename))
@ -1644,6 +1661,23 @@ func handleV3Upload(w http.ResponseWriter, r *http.Request) {
}
}
// Validate file size against max_upload_size if configured
if conf.Server.MaxUploadSize != "" {
maxSizeBytes, err := parseSize(conf.Server.MaxUploadSize)
if err != nil {
log.Errorf("Invalid max_upload_size configuration: %v", err)
http.Error(w, "Server configuration error", http.StatusInternalServerError)
uploadErrorsTotal.Inc()
return
}
if r.ContentLength > maxSizeBytes {
http.Error(w, fmt.Sprintf("File size %s exceeds maximum allowed size %s",
formatBytes(r.ContentLength), conf.Server.MaxUploadSize), http.StatusRequestEntityTooLarge)
uploadErrorsTotal.Inc()
return
}
}
// Generate filename based on configuration
var filename string
switch conf.Server.FileNaming {
@ -1767,6 +1801,23 @@ func handleLegacyUpload(w http.ResponseWriter, r *http.Request) {
}
}
// Validate file size against max_upload_size if configured
if conf.Server.MaxUploadSize != "" {
maxSizeBytes, err := parseSize(conf.Server.MaxUploadSize)
if err != nil {
log.Errorf("Invalid max_upload_size configuration: %v", err)
http.Error(w, "Server configuration error", http.StatusInternalServerError)
uploadErrorsTotal.Inc()
return
}
if r.ContentLength > maxSizeBytes {
http.Error(w, fmt.Sprintf("File size %s exceeds maximum allowed size %s",
formatBytes(r.ContentLength), conf.Server.MaxUploadSize), http.StatusRequestEntityTooLarge)
uploadErrorsTotal.Inc()
return
}
}
// Create full file path
storagePath := conf.Server.StoragePath
if conf.ISO.Enabled {