diff --git a/validate-signature/slim-app/src/osteam/App.php b/validate-signature/slim-app/src/osteam/App.php index ca83d2ce027a1d33913c5e570ca8ebb3c5a81a55..44b2b11939b33966a4e1b3cf7104abc0b454ae37 100644 --- a/validate-signature/slim-app/src/osteam/App.php +++ b/validate-signature/slim-app/src/osteam/App.php @@ -16,8 +16,9 @@ class App protected $ci = null; protected $logger = null; - protected $savePath; - protected $saveFileTTL; + protected $savePath = 'tmp'; + protected $saveFileTTL = 0; + protected $maxFileSize = 0; public function __construct(ContainerInterface $ci) { @@ -29,9 +30,10 @@ class App if (isset($settings['app'])) { $this->savePath = (isset($settings['app']['save_path']) ? $settings['app']['save_path'] : 'tmp'); $this->saveFileTTL = (isset($settings['app']['save_file_ttl']) ? $settings['app']['save_file_ttl'] : 0); + $this->maxFileSize = (isset($settings['app']['max_file_size']) ? $settings['app']['max_file_size'] : 0); } } - + /** * Χαιρετισμός - οδηγίες. * @@ -101,9 +103,15 @@ class App ]), 501); } - foreach ($files as $id => $file) { + // foreach ($files as $id => $file) { + // as requested, only handle one file + $file = array_pop($files); if ($file->getError() === UPLOAD_ERR_OK) { - // $contents = base64_encode($file->getStream()->getContents()); + if ($file->getSize() > $this->maxFileSize) { + return $res->withJson(array_merge($this->coreResponseData(false), [ + 'message' => 'Exceeded maximum file size limit' + ]), 400); + } $filename = $file->getClientFilename(); $store_filename = $this->savePath . DIRECTORY_SEPARATOR . uniqid() . '_' . $this->sanitizeFilename($filename); @@ -117,7 +125,7 @@ class App } $this->logger->info("validate binary upload::{$store_filename}"); } - } + // } $this->vaccuumSavePath(); @@ -144,12 +152,22 @@ class App // $parsedBody = $req->getParsedBody(); $filename = $req->getParsedBodyParam('filename', null); $content = $req->getParsedBodyParam('base64content', null); - if ($filename === null || $content === null) { + if ($filename === null && $content === null) { + return $res->withJson(array_merge($this->coreResponseData(false), [ + 'message' => 'invalid JSON format encoding' + ]), 400); + } elseif ($filename === null || $content === null) { return $res->withJson(array_merge($this->coreResponseData(false), [ 'message' => 'Filename and file content is mandatory' ]), 400); } - + + if (mb_strlen($content) > (ceil($this->maxFileSize * 4 / 3) + 3)) { // approx base64 length + return $res->withJson(array_merge($this->coreResponseData(false), [ + 'message' => 'Exceeded maximum file size limit' + ]), 400); + } + if (($filecontent = base64_decode($content)) === false) { return $res->withJson(array_merge($this->coreResponseData(false), [ 'message' => 'File content is not valid base64 encoded' @@ -172,6 +190,12 @@ class App ]), 501); } + if (filesize($store_filename) > $this->maxFileSize) { // double checking + return $res->withJson(array_merge($this->coreResponseData(false), [ + 'message' => 'Exceeded maximum file size limit' + ]), 400); + } + $this->logger->info("validate base64 upload::{$store_filename}"); // delete any leftover files diff --git a/validate-signature/slim-app/src/settings.php.dist b/validate-signature/slim-app/src/settings.php.dist index c66d53027f9b7bc2396ffdd835407199431e529f..1b61d7ffd5306bbc2d259ace7d16f8ac4ab34c51 100644 --- a/validate-signature/slim-app/src/settings.php.dist +++ b/validate-signature/slim-app/src/settings.php.dist @@ -19,6 +19,7 @@ return [ 'app' => [ 'save_path' => __DIR__ . '/../files', // upload file location 'save_file_ttl' => 0, // if 0 delete file after doing work; if Nr delete some time after Nr seconds + 'max_file_size' => 26214401, // maximum uploaded file size in bytes 'secure_endpoint_username' => 'username-for-this-wrapper', 'secure_endpoint_password' => 'password-for-this-wrapper' ]