Fixes #7 config max upload size

router/input.js

@@ -85,6 +85,8 @@ module.exports = { register: app => {
 
         if (!content || !content.length)
             return app.routerUtils.jsonResponse(res, { err: "Empty input", id: null });
+        if (content.length > CONFIG.maxPastebinSize)
+            return app.routerUtils.jsonResponse(res, { err: "Input size is too large", id: null });
         if (entity && !entity.expired) {
             entity.renew();
             await app.databaseHelper.update({privId: privId}, entity);
@@ -117,6 +119,8 @@ module.exports = { register: app => {
             return app.routerUtils.jsonResponse(res, { err: "Invalid captcha input", id: null });
         if (!link || !link.length)
             return app.routerUtils.jsonResponse(res, { err: "Empty input", id: null });
+        if (link.length > CONFIG.maxUrlSize)
+            return app.routerUtils.jsonResponse(res, { err: "Input size is too large", id: null });
         entity = new PasteContent(privId, "short", Security.getRequestIp(req));
         entity.data = link;
         await app.databaseHelper.insertOne(entity);
@@ -138,6 +142,8 @@ module.exports = { register: app => {
             return app.routerUtils.jsonResponse(res, { err: "Invalid captcha input", id: null });
         if (!formData.content?.fileData || !formData.content.fileData.length)
             return app.routerUtils.jsonResponse(res, { err: "Empty input", id: null });
+        if (formData.content.fileData.length > CONFIG.maxFileUploadSize)
+            return app.routerUtils.jsonResponse(res, { err: "Input size is too large", id: null });
         const entity = new PasteContent(privId, "file", Security.getRequestIp(req));
         entity.data = JSON.stringify({ name: formData.content.fileName, type: formData.content.fileType });
         fs.writeFileSync(app.getData(privId), formData.content.fileData, {encoding: formData.content.fileType.indexOf('text') >= 0 ? 'utf8' : 'binary'});

src/config.js

@@ -7,6 +7,10 @@ function validNumber(input) {
     return !Number.isNaN(Number.parseInt(input));
 }
 
+function validNumberOrEmpty(input) {
+    return !(""+input).length || validNumber;
+}
+
 function validNotEmptyString(input) {
     return !!input && (""+input).length;
 }
@@ -37,12 +41,19 @@ let configEntries = {};
         database: { value: "", valid: validNotEmptyString },
         sitename: { value: "Archives", valid: validNotEmptyString },
         url: { value: "http://localhost/", valid: validNotEmptyString },
+        maxUploadSize: { value: 2048, valid: validNumber },
+        maxPastebinSize: { value: "", valid: validNumberOrEmpty },
+        maxFileUploadSize: { value: "", valid: validNumberOrEmpty },
+        maxUrlSize: { value: "", valid: validNumberOrEmpty },
         reCaptchaPublic: { value: "", valid: validNotEmptyString },
         reCaptchaSecret: { value: "", valid: validNotEmptyString }
     };
 
     configEntries = pickConfig(defaultConfig, configContent);
 
+    configEntries.maxPastebinSize = Math.min(configEntries.maxUploadSize, configEntries.maxPastebinSize || Infinity);
+    configEntries.maxFileUploadSize = Math.min(configEntries.maxUploadSize, configEntries.maxFileUploadSize || Infinity);
+    configEntries.maxUrlSize = Math.min(configEntries.maxUploadSize, configEntries.maxUrlSize || Infinity);
     console.log(configEntries);
     if (hasErrors)
         throw "Errors found while parsing configuration";