mastodon api: enforce upload limits for avatars and banners
This commit is contained in:
parent
e12489e2fe
commit
181f3bb56a
|
@ -35,6 +35,14 @@ def create_app(conn, params) do
|
||||||
def update_credentials(%{assigns: %{user: user}} = conn, params) do
|
def update_credentials(%{assigns: %{user: user}} = conn, params) do
|
||||||
original_user = user
|
original_user = user
|
||||||
|
|
||||||
|
avatar_upload_limit =
|
||||||
|
Application.get_env(:pleroma, :instance)
|
||||||
|
|> Keyword.fetch(:avatar_upload_limit)
|
||||||
|
|
||||||
|
banner_upload_limit =
|
||||||
|
Application.get_env(:pleroma, :instance)
|
||||||
|
|> Keyword.fetch(:banner_upload_limit)
|
||||||
|
|
||||||
params =
|
params =
|
||||||
if bio = params["note"] do
|
if bio = params["note"] do
|
||||||
Map.put(params, "bio", bio)
|
Map.put(params, "bio", bio)
|
||||||
|
@ -52,7 +60,7 @@ def update_credentials(%{assigns: %{user: user}} = conn, params) do
|
||||||
user =
|
user =
|
||||||
if avatar = params["avatar"] do
|
if avatar = params["avatar"] do
|
||||||
with %Plug.Upload{} <- avatar,
|
with %Plug.Upload{} <- avatar,
|
||||||
{:ok, object} <- ActivityPub.upload(avatar),
|
{:ok, object} <- ActivityPub.upload(avatar, avatar_upload_limit),
|
||||||
change = Ecto.Changeset.change(user, %{avatar: object.data}),
|
change = Ecto.Changeset.change(user, %{avatar: object.data}),
|
||||||
{:ok, user} = User.update_and_set_cache(change) do
|
{:ok, user} = User.update_and_set_cache(change) do
|
||||||
user
|
user
|
||||||
|
@ -66,7 +74,7 @@ def update_credentials(%{assigns: %{user: user}} = conn, params) do
|
||||||
user =
|
user =
|
||||||
if banner = params["header"] do
|
if banner = params["header"] do
|
||||||
with %Plug.Upload{} <- banner,
|
with %Plug.Upload{} <- banner,
|
||||||
{:ok, object} <- ActivityPub.upload(banner),
|
{:ok, object} <- ActivityPub.upload(banner, banner_upload_limit),
|
||||||
new_info <- Map.put(user.info, "banner", object.data),
|
new_info <- Map.put(user.info, "banner", object.data),
|
||||||
change <- User.info_changeset(user, %{info: new_info}),
|
change <- User.info_changeset(user, %{info: new_info}),
|
||||||
{:ok, user} <- User.update_and_set_cache(change) do
|
{:ok, user} <- User.update_and_set_cache(change) do
|
||||||
|
|
Loading…
Reference in New Issue