implemented 100MB size restriction on file upload

This commit is contained in:
crunk 2022-02-12 19:44:44 +01:00
parent 23d43fc3e1
commit a32238e128
4 changed files with 28 additions and 7 deletions

View File

@ -19,6 +19,7 @@ def create_app():
APP.secret_key = 'secret-key'
APP.config['SQLALCHEMY_DATABASE_URI'] = "sqlite:///data/login.db"
APP.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = True
APP.config['MAX_CONTENT_LENGTH'] = 150 * 1024 * 1024
login_manager.session_protection = "strong"
login_manager.login_view = "index"

View File

@ -1,7 +1,7 @@
from flask_wtf import FlaskForm
from flask_wtf.file import FileField, FileAllowed
from wtforms import validators
from wtforms.validators import Length
from wtforms.validators import Length, ValidationError
from wtforms import (
SubmitField,
StringField,
@ -11,13 +11,27 @@ from wtforms import (
class UploadForm(FlaskForm):
"""File upload class for a new site in distribusi-verse"""
def FileSizeLimit(max_size_in_mb):
max_bytes = max_size_in_mb * 1024 * 1024
def file_length_check(form, field):
if len(field.data.read()) > max_bytes:
raise ValidationError(
"File size must be less than {}MB".format(max_size_in_mb)
)
return file_length_check
sitename = StringField(
"Name of your website:",
validators=[validators.InputRequired(), Length(2, 100)],
)
zipfile = FileField(
"Upload your zip file with content here:",
validators=[FileAllowed(["zip"], "Zip archives only!")],
validators=[
FileAllowed(["zip"], "Zip archives only!"),
FileSizeLimit(max_size_in_mb=100),
],
)
submit = SubmitField("Upload")

View File

@ -45,6 +45,7 @@ from forms.themeform import ThemeForm
from forms.editorform import EditorForm
from statuspengguna.helper import AreFilesUploaded
# Tada!
from distribusi.cli import build_argparser
from distribusi.distribusi import distribusify
@ -55,7 +56,7 @@ APP = create_app()
@APP.before_request
def session_handler():
session.permanent = True
APP.permanent_session_lifetime = timedelta(minutes=1)
APP.permanent_session_lifetime = timedelta(minutes=30)
@APP.route("/")
@ -125,15 +126,19 @@ def register():
flash("Invalid Entry", "warning")
except InterfaceError:
db.session.rollback()
registerform.email.errors.append("Error connecting to the database")
registerform.email.errors.append(
"Error connecting to the database"
)
flash("Error connecting to the database", "danger")
except DatabaseError:
db.session.rollback()
registerform.email.errors.append("Error connecting to the database")
registerform.email.errors.append(
"Error connecting to the database"
)
flash("Error connecting to the database", "danger")
except BuildError:
db.session.rollback()
egisterform.email.errors.append("Unknown error occured!")
registerform.email.errors.append("Unknown error occured!")
flash("An error occured !", "danger")
return render_template("register.html", registerform=registerform)
@ -244,7 +249,7 @@ def editor():
if editorform.validate_on_submit():
userfolder = os.path.join("stash", user.distribusiname)
cssfilename = "{}.css".format(editorform.cssname.data)
with open(os.path.join(userfolder, cssfilename), 'w') as cssfile:
with open(os.path.join(userfolder, cssfilename), "w") as cssfile:
cssfile.write(editorform.css.data)
cssfile.close

View File

@ -92,6 +92,7 @@ input[type="submit"]:disabled:focus {
background-color: #2D3039;
color: #d28cff;
}
.error {
color: #ff5a5a;
}