upagge/noteshare.space
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

apply upload limit

Browse Source
This commit is contained in:
Maxime Cannoodt 2022-07-10 14:19:58 +02:00
parent c14782310a
commit 9fcd8e5903
4 changed files with 17 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
server/package-lock.json generated
View File

@ -10,6 +10,7 @@
"license": "MIT", "license": "MIT",
"dependencies": { "dependencies": {
"@prisma/client": "^4.0.0", "@prisma/client": "^4.0.0",
"body-parser": "^1.20.0",
"dotenv": "^16.0.1", "dotenv": "^16.0.1",
"express": "^4.18.1", "express": "^4.18.1",
"express-rate-limit": "^6.4.0", "express-rate-limit": "^6.4.0",

5
server/package.json
View File

@ -7,8 +7,8 @@
"test": "run-s test:db:reset test:test", "test": "run-s test:db:reset test:test",
"coverage": "run-s test:db:reset test:coverage", "coverage": "run-s test:db:reset test:coverage",
"test-watch": "dotenv -e .env.test -- vitest unit --coverage", "test-watch": "dotenv -e .env.test -- vitest unit --coverage",
"test:test": "dotenv -e .env.test -- vitest run --no-threads", "test:test": "dotenv -e .env.test -- vitest run ",
"test:coverage": "dotenv -e .env.test -- vitest run --no-threads --coverage", "test:coverage": "dotenv -e .env.test -- vitest run --coverage",
"test:db:reset": "dotenv -e .env.test -- npx prisma migrate reset -f", "test:db:reset": "dotenv -e .env.test -- npx prisma migrate reset -f",
"build": "npx tsc", "build": "npx tsc",
"dev": "npx nodemon ./server.ts | npx pino-colada" "dev": "npx nodemon ./server.ts | npx pino-colada"
@ -17,6 +17,7 @@
"license": "MIT", "license": "MIT",
"dependencies": { "dependencies": {
"@prisma/client": "^4.0.0", "@prisma/client": "^4.0.0",
"body-parser": "^1.20.0",
"dotenv": "^16.0.1", "dotenv": "^16.0.1",
"express": "^4.18.1", "express": "^4.18.1",
"express-rate-limit": "^6.4.0", "express-rate-limit": "^6.4.0",

9
server/src/app.integration.test.ts
View File

@ -97,4 +97,13 @@ describe("POST /api/note", () => {
// at least one response should be 429 // at least one response should be 429
expect(responseCodes).toContain(429); expect(responseCodes).toContain(429);
}); });
it("Applies upload limit to endpoint of 400kb", async () => {
const largeNote = {
ciphertext: "a".repeat(400 * 1024),
hmac: "sample_hmac",
};
const res = await request(app).post("/api/note").send(largeNote);
expect(res.statusCode).toBe(413);
});
}); });

4
server/src/app.ts
View File

@ -7,6 +7,7 @@ import rateLimit from "express-rate-limit";
import pinoHttp from "pino-http"; import pinoHttp from "pino-http";
import logger from "./logger"; import logger from "./logger";
import prisma from "./client"; import prisma from "./client";
import bodyParser from "body-parser";
// Initialize middleware clients // Initialize middleware clients
const app: Express = express(); const app: Express = express();
@ -36,6 +37,9 @@ const postLimiter = rateLimit({
legacyHeaders: false, // Disable the `X-RateLimit-*` headers legacyHeaders: false, // Disable the `X-RateLimit-*` headers
}); });
// Apply 400kB upload limit on POST
app.use(bodyParser.json({ limit: "400k" }));
// Post new encrypted note // Post new encrypted note
app.post( app.post(
"/api/note/", "/api/note/",