forked from crunk/distribusi-verse
implemented 100MB size restriction on file upload
This commit is contained in:
parent
23d43fc3e1
commit
a32238e128
@ -19,6 +19,7 @@ def create_app():
|
|||||||
APP.secret_key = 'secret-key'
|
APP.secret_key = 'secret-key'
|
||||||
APP.config['SQLALCHEMY_DATABASE_URI'] = "sqlite:///data/login.db"
|
APP.config['SQLALCHEMY_DATABASE_URI'] = "sqlite:///data/login.db"
|
||||||
APP.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = True
|
APP.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = True
|
||||||
|
APP.config['MAX_CONTENT_LENGTH'] = 150 * 1024 * 1024
|
||||||
|
|
||||||
login_manager.session_protection = "strong"
|
login_manager.session_protection = "strong"
|
||||||
login_manager.login_view = "index"
|
login_manager.login_view = "index"
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
from flask_wtf import FlaskForm
|
from flask_wtf import FlaskForm
|
||||||
from flask_wtf.file import FileField, FileAllowed
|
from flask_wtf.file import FileField, FileAllowed
|
||||||
from wtforms import validators
|
from wtforms import validators
|
||||||
from wtforms.validators import Length
|
from wtforms.validators import Length, ValidationError
|
||||||
from wtforms import (
|
from wtforms import (
|
||||||
SubmitField,
|
SubmitField,
|
||||||
StringField,
|
StringField,
|
||||||
@ -11,13 +11,27 @@ from wtforms import (
|
|||||||
class UploadForm(FlaskForm):
|
class UploadForm(FlaskForm):
|
||||||
"""File upload class for a new site in distribusi-verse"""
|
"""File upload class for a new site in distribusi-verse"""
|
||||||
|
|
||||||
|
def FileSizeLimit(max_size_in_mb):
|
||||||
|
max_bytes = max_size_in_mb * 1024 * 1024
|
||||||
|
|
||||||
|
def file_length_check(form, field):
|
||||||
|
if len(field.data.read()) > max_bytes:
|
||||||
|
raise ValidationError(
|
||||||
|
"File size must be less than {}MB".format(max_size_in_mb)
|
||||||
|
)
|
||||||
|
|
||||||
|
return file_length_check
|
||||||
|
|
||||||
sitename = StringField(
|
sitename = StringField(
|
||||||
"Name of your website:",
|
"Name of your website:",
|
||||||
validators=[validators.InputRequired(), Length(2, 100)],
|
validators=[validators.InputRequired(), Length(2, 100)],
|
||||||
)
|
)
|
||||||
zipfile = FileField(
|
zipfile = FileField(
|
||||||
"Upload your zip file with content here:",
|
"Upload your zip file with content here:",
|
||||||
validators=[FileAllowed(["zip"], "Zip archives only!")],
|
validators=[
|
||||||
|
FileAllowed(["zip"], "Zip archives only!"),
|
||||||
|
FileSizeLimit(max_size_in_mb=100),
|
||||||
|
],
|
||||||
)
|
)
|
||||||
|
|
||||||
submit = SubmitField("Upload")
|
submit = SubmitField("Upload")
|
||||||
|
@ -45,6 +45,7 @@ from forms.themeform import ThemeForm
|
|||||||
from forms.editorform import EditorForm
|
from forms.editorform import EditorForm
|
||||||
|
|
||||||
from statuspengguna.helper import AreFilesUploaded
|
from statuspengguna.helper import AreFilesUploaded
|
||||||
|
|
||||||
# Tada!
|
# Tada!
|
||||||
from distribusi.cli import build_argparser
|
from distribusi.cli import build_argparser
|
||||||
from distribusi.distribusi import distribusify
|
from distribusi.distribusi import distribusify
|
||||||
@ -55,7 +56,7 @@ APP = create_app()
|
|||||||
@APP.before_request
|
@APP.before_request
|
||||||
def session_handler():
|
def session_handler():
|
||||||
session.permanent = True
|
session.permanent = True
|
||||||
APP.permanent_session_lifetime = timedelta(minutes=1)
|
APP.permanent_session_lifetime = timedelta(minutes=30)
|
||||||
|
|
||||||
|
|
||||||
@APP.route("/")
|
@APP.route("/")
|
||||||
@ -125,15 +126,19 @@ def register():
|
|||||||
flash("Invalid Entry", "warning")
|
flash("Invalid Entry", "warning")
|
||||||
except InterfaceError:
|
except InterfaceError:
|
||||||
db.session.rollback()
|
db.session.rollback()
|
||||||
registerform.email.errors.append("Error connecting to the database")
|
registerform.email.errors.append(
|
||||||
|
"Error connecting to the database"
|
||||||
|
)
|
||||||
flash("Error connecting to the database", "danger")
|
flash("Error connecting to the database", "danger")
|
||||||
except DatabaseError:
|
except DatabaseError:
|
||||||
db.session.rollback()
|
db.session.rollback()
|
||||||
registerform.email.errors.append("Error connecting to the database")
|
registerform.email.errors.append(
|
||||||
|
"Error connecting to the database"
|
||||||
|
)
|
||||||
flash("Error connecting to the database", "danger")
|
flash("Error connecting to the database", "danger")
|
||||||
except BuildError:
|
except BuildError:
|
||||||
db.session.rollback()
|
db.session.rollback()
|
||||||
egisterform.email.errors.append("Unknown error occured!")
|
registerform.email.errors.append("Unknown error occured!")
|
||||||
flash("An error occured !", "danger")
|
flash("An error occured !", "danger")
|
||||||
return render_template("register.html", registerform=registerform)
|
return render_template("register.html", registerform=registerform)
|
||||||
|
|
||||||
@ -244,7 +249,7 @@ def editor():
|
|||||||
if editorform.validate_on_submit():
|
if editorform.validate_on_submit():
|
||||||
userfolder = os.path.join("stash", user.distribusiname)
|
userfolder = os.path.join("stash", user.distribusiname)
|
||||||
cssfilename = "{}.css".format(editorform.cssname.data)
|
cssfilename = "{}.css".format(editorform.cssname.data)
|
||||||
with open(os.path.join(userfolder, cssfilename), 'w') as cssfile:
|
with open(os.path.join(userfolder, cssfilename), "w") as cssfile:
|
||||||
cssfile.write(editorform.css.data)
|
cssfile.write(editorform.css.data)
|
||||||
cssfile.close
|
cssfile.close
|
||||||
|
|
||||||
|
@ -92,6 +92,7 @@ input[type="submit"]:disabled:focus {
|
|||||||
background-color: #2D3039;
|
background-color: #2D3039;
|
||||||
color: #d28cff;
|
color: #d28cff;
|
||||||
}
|
}
|
||||||
|
|
||||||
.error {
|
.error {
|
||||||
color: #ff5a5a;
|
color: #ff5a5a;
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user