Restrict amount of files created per site

2025-04-25 01:32:36 +02:00 · 2015-06-08 20:49:30 -07:00 · 2015-06-08 20:49:30 -07:00 · 784ba44785
commit 784ba44785
parent 397f34a014
4 changed files with 25 additions and 2 deletions
--- a/app/api.rb
+++ b/app/api.rb
@ -23,6 +23,10 @@ post '/api/upload' do
    api_error 400, 'too_large', 'files are too large to fit in your space, try uploading smaller (or less) files'
  end

+  if current_site.too_many_files?(files.length)
+    api_error 400, 'too_many_files', "cannot exceed the maximum site files limit (#{current_site.plan_feature(:maximum_site_files)}), #{current_site.supporter? ? 'please contact support' : 'please upgrade to a supporter account'}"
+  end
+
  files.each do |file|
    if !current_site.okay_to_upload?(file)
      api_error 400, 'invalid_file_type', "#{file[:filename]} is not a valid file type (or contains not allowed content) for this site, files have not been uploaded"
--- a/app/site_files.rb
+++ b/app/site_files.rb
@ -124,6 +124,10 @@ post '/site_files/upload' do
    file_upload_response "File(s) do not fit in your available space, upload cancelled."
  end

+  if current_site.too_many_files? params[:files].length
+    file_upload_response "Too many files, cannot upload"
+  end
+
  results = current_site.store_files params[:files]
  file_upload_response
 end
--- a/tests/api_tests.rb
+++ b/tests/api_tests.rb
@ -160,6 +160,19 @@ describe 'api upload' do
    res[:error_type].must_equal 'missing_files'
  end

+  it 'fails with too many files' do
+    create_site
+    basic_authorize @user, @pass
+    @site.plan_feature(:maximum_site_files).times {
+      uuid = SecureRandom.uuid.gsub('-', '')+'.html'
+      @site.add_site_file path: uuid
+    }
+    post '/api/upload', {
+      '/lol.jpg' => Rack::Test::UploadedFile.new('./tests/files/test.jpg', 'image/jpeg')
+    }
+    res[:error_type].must_equal 'too_many_files'
+  end
+
  it 'resists directory traversal attack' do
    create_site
    basic_authorize @user, @pass
--- a/tests/site_tests.rb
+++ b/tests/site_tests.rb
@ -53,10 +53,12 @@ describe Site do
    end

    it 'should match plan_type' do
-      %w{supporter neko catbus fatcat}.each do |plan_type|
+      %w{supporter free}.each do |plan_type|
        site = Fabricate :site, plan_type: plan_type
        site.plan_type.must_equal plan_type
      end
+      site = Fabricate :site, plan_type: nil
+      site.plan_type.must_equal 'free'
    end
  end