Add environment variables to control custom emoji size limits

Fixes #1524
lolsob-rspec
Claire 2021-04-25 12:02:41 +02:00
parent 98c4ee5d31
commit bf44601a23
2 changed files with 12 additions and 2 deletions

View File

@ -269,3 +269,10 @@ MAX_POLL_OPTION_CHARS=100
# Maximum search results to display # Maximum search results to display
# Only relevant when elasticsearch is installed # Only relevant when elasticsearch is installed
# MAX_SEARCH_RESULTS=20 # MAX_SEARCH_RESULTS=20
# Maximum custom emoji file sizes
# If undefined or smaller than MAX_EMOJI_SIZE, the value
# of MAX_EMOJI_SIZE will be used for MAX_REMOTE_EMOJI_SIZE
# Units are in bytes
MAX_EMOJI_SIZE=51200
MAX_REMOTE_EMOJI_SIZE=204800

View File

@ -21,7 +21,8 @@
# #
class CustomEmoji < ApplicationRecord class CustomEmoji < ApplicationRecord
LIMIT = 50.kilobytes LOCAL_LIMIT = (ENV['MAX_EMOJI_SIZE'] || 50.kilobytes).to_i
LIMIT = [LOCAL_LIMIT, (ENV['MAX_REMOTE_EMOJI_SIZE'] || 200.kilobytes).to_i].max
SHORTCODE_RE_FRAGMENT = '[a-zA-Z0-9_]{2,}' SHORTCODE_RE_FRAGMENT = '[a-zA-Z0-9_]{2,}'
@ -38,7 +39,9 @@ class CustomEmoji < ApplicationRecord
before_validation :downcase_domain before_validation :downcase_domain
validates_attachment :image, content_type: { content_type: IMAGE_MIME_TYPES }, presence: true, size: { less_than: LIMIT } validates_attachment :image, content_type: { content_type: IMAGE_MIME_TYPES }, presence: true
validates_attachment_size :image, less_than: LIMIT, unless: :local?
validates_attachment_size :image, less_than: LOCAL_LIMIT, if: :local?
validates :shortcode, uniqueness: { scope: :domain }, format: { with: /\A#{SHORTCODE_RE_FRAGMENT}\z/ }, length: { minimum: 2 } validates :shortcode, uniqueness: { scope: :domain }, format: { with: /\A#{SHORTCODE_RE_FRAGMENT}\z/ }, length: { minimum: 2 }
scope :local, -> { where(domain: nil) } scope :local, -> { where(domain: nil) }