TEST size limit

This commit is contained in:
boyska 2018-01-06 00:53:24 +01:00
parent ed7e9a92dd
commit 6a87db688d
2 changed files with 80 additions and 5 deletions

24
http.go
View file

@ -154,23 +154,37 @@ func (mu *MegaUploader) upload(w http.ResponseWriter, r *http.Request) {
if share.SizeLimit.Bytes() > 0 { if share.SizeLimit.Bytes() > 0 {
sizelimit = share.SizeLimit.Bytes() sizelimit = share.SizeLimit.Bytes()
} }
err = r.ParseMultipartForm(int64(sizelimit)) mpreader, err := r.MultipartReader()
if err != nil { if err != nil {
fmt.Fprintln(os.Stderr, err) fmt.Fprintln(os.Stderr, err)
http.Error(w, "Bad request: error parsing form", http.StatusBadRequest) http.Error(w, "Bad request: error parsing form", http.StatusBadRequest)
return return
} }
file, header, err := r.FormFile("file") part, err := mpreader.NextPart()
if err != nil { if err != nil {
http.Error(w, "No file uploaded", http.StatusBadRequest) fmt.Fprintln(os.Stderr, err)
return http.Error(w, "Bad request: error reading part from multipart form", http.StatusBadRequest)
} }
fname, err := share.Upload(file, filepath.Base(header.Filename)) fname, err := share.Upload(part, filepath.Base(part.FileName()))
if err != nil { if err != nil {
fmt.Fprintln(os.Stderr, err) fmt.Fprintln(os.Stderr, err)
http.Error(w, "Error uploading", http.StatusInternalServerError) http.Error(w, "Error uploading", http.StatusInternalServerError)
return return
} }
finfo, err := os.Stat(fname)
if err != nil {
fmt.Fprintln(os.Stderr, err)
http.Error(w, "Error uploading", http.StatusInternalServerError)
return
}
if uint64(finfo.Size()) > sizelimit {
err = os.Remove(fname)
if err != nil {
fmt.Fprintln(os.Stderr, "could not delete file exceeding size limit", err)
}
http.Error(w, "File size limit exceeded", http.StatusBadRequest)
return
}
fname = filepath.Base(fname) fname = filepath.Base(fname)
u, err := mu.Conf.GetShareURL(sharename) u, err := mu.Conf.GetShareURL(sharename)
if err != nil { if err != nil {

View file

@ -320,6 +320,67 @@ shares:
} }
} }
func TestUploadTooBig(t *testing.T) {
size := 900*1024 + 1
defer filet.CleanUp(t)
d := filet.TmpDir(t, "")
conf := `
shares:
- name: foo
dir: DIR
sizelimit: 900K
authorized: ["*"]
description: foo
`
conf = strings.Replace(conf, "DIR", d, 1)
ts := getServer(conf)
cl := ts.Client()
bodyBuf := bytes.Buffer{}
bodyWriter := multipart.NewWriter(&bodyBuf)
fileWriter, err := bodyWriter.CreateFormFile("file", "foo.txt")
if err != nil {
t.Fatal("error creating form file", err)
return
}
// write 3MB made of 'a'
for i := 0; i < size; i++ {
_, err = fileWriter.Write([]byte(`a`))
if err != nil {
t.Fatal("error writing on form file", err)
return
}
}
contentType := bodyWriter.FormDataContentType()
bodyWriter.Close()
req := userRequest(ts.URL+"/api/upload/foo", "someone", t)
req.Method = "POST"
req.Header.Set("Content-Type", contentType)
req.ContentLength = int64(bodyBuf.Len())
req.Body = ioutil.NopCloser(&bodyBuf)
resp, err := cl.Do(req)
if err != nil {
t.Fatal("Error POSTing file", err)
return
}
defer resp.Body.Close()
_, err = ioutil.ReadAll(resp.Body)
if err != nil {
t.Fatal("Error reading server response", err)
return
}
if resp.StatusCode < 299 {
t.Error("Upload succeeded despite high size", resp.Status)
}
files, err := ioutil.ReadDir(d)
if err != nil {
t.Fatal("Error checking if upload dir is empty", err)
}
if len(files) != 0 {
t.Error("Upload dir not empty; should be refused!", len(files))
t.Log(files[0])
}
}
func TestSurfUpload(t *testing.T) { func TestSurfUpload(t *testing.T) {
if !*doHTTP { if !*doHTTP {
return return