From 0231cca30f74b47c0e1b32094c60c29dc4ad41bc Mon Sep 17 00:00:00 2001
From: Kyle Drake <kyle@kyledrake.net>
Date: Mon, 11 Feb 2019 01:28:33 -0800
Subject: [PATCH] Don't allow tarballs of enormous sites

---
 models/site.rb | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/models/site.rb b/models/site.rb
index b07eb8f1..5a91ed71 100644
--- a/models/site.rb
+++ b/models/site.rb
@@ -71,7 +71,8 @@ class Site < Sequel::Model
   THUMBNAIL_RESOLUTIONS  = ['210x158']
 
   MAX_FILE_SIZE = 10**8 # 100 MB
-  MAX_SITE_DOWNLOAD_SIZE = 2_000_000_000 # 2GB
+  MAX_SITE_DOWNLOAD_SIZE = 200_000_000 # 200MB
+  MAX_SITE_FILES_DOWNLOAD = 500
 
   CLAMAV_THREAT_MATCHES = [
     /^VBS/,
@@ -1246,7 +1247,7 @@ class Site < Sequel::Model
   end
 
   def too_big_to_download?
-    space_used > MAX_SITE_DOWNLOAD_SIZE
+    space_used > MAX_SITE_DOWNLOAD_SIZE || site_files_dataset.count > MAX_SITE_FILES_DOWNLOAD
   end
 
   # Note: Change Stat#prune! and the nginx map compiler if you change this business logic.