Add file size validation in UploadFile handler to prevent excessive memory allocation

2025-11-05 15:44:21 +00:00 · 2025-07-12 15:06:01 +02:00
parent 9f01c64e5e
commit 005288b3d8
1 changed files with 15 additions and 3 deletions
--- a/server/internal/handlers/file_handlers.go
+++ b/server/internal/handlers/file_handlers.go
@@ -372,6 +372,19 @@ func (h *Handler) UploadFile() http.HandlerFunc {
 				return
 			}

+			// Validate file size to prevent excessive memory allocation
+			// TODO: Make this configurable
+			const maxFileSize = 100 * 1024 * 1024 // 100MB
+			if formFile.Size > maxFileSize {
+				log.Debug("file too large",
+					"fileName", formFile.Filename,
+					"fileSize", formFile.Size,
+					"maxSize", maxFileSize,
+				)
+				respondError(w, "File too large", http.StatusBadRequest)
+				return
+			}
+
 			// Open the uploaded file
 			file, err := formFile.Open()
 			if err != nil {
@@ -391,9 +404,8 @@ func (h *Handler) UploadFile() http.HandlerFunc {

 			filePath := decodedPath + "/" + formFile.Filename

-			content := make([]byte, formFile.Size)
-			_, err = file.Read(content)
-			if err != nil && err != io.EOF {
+			content, err := io.ReadAll(file)
+			if err != nil {
 				log.Error("failed to read uploaded file",
 					"filePath", filePath,
 					"error", err.Error(),