Avatar upload restriction has been finalized! Update your Config.toml!!!

2025-12-06 13:01:12 +03:00 · 2024-09-21 16:25:35 +03:00 · 2024-09-21 16:25:35 +03:00 · 7196c719e2
commit 7196c719e2
parent 0103c31d69
5 changed files with 18 additions and 7 deletions
--- a/src/api/figura/info.rs
+++ b/src/api/figura/info.rs
@ -41,7 +41,7 @@ pub async fn limits(State(state): State<AppState>) -> Json<Value> {
            "upload": 1
        },
        "limits": {
-            "maxAvatarSize": state.max_avatar_size,
+            "maxAvatarSize": state.max_avatar_size * 1000,
            "maxAvatars": state.max_avatars,
            "allowedBadges": {
                "special": [0,0,0,0,0,0],
--- a/src/api/v1/mod.rs
+++ b/src/api/v1/mod.rs
@ -6,7 +6,7 @@ mod users;
 mod types;
 mod avatars;

-pub fn router() -> Router<AppState> {
+pub fn router(limit: usize) -> Router<AppState> {
    Router::new()
        .route("/verify", get(http2ws::verify))
        .route("/raw", post(http2ws::raw))
@ -16,6 +16,6 @@ pub fn router() -> Router<AppState> {
        .route("/user/create", post(users::create_user))
        .route("/user/:uuid/ban", post(users::ban))
        .route("/user/:uuid/unban", post(users::unban))
-        .route("/avatar/:uuid", put(avatars::upload_avatar).layer(DefaultBodyLimit::disable()))
+        .route("/avatar/:uuid", put(avatars::upload_avatar).layer(DefaultBodyLimit::max(limit)))
        .route("/avatar/:uuid", delete(avatars::delete_avatar))
 }
--- a/src/main.rs
+++ b/src/main.rs
@ -35,7 +35,12 @@ use state::Config;

 // Utils
 mod utils;
-use utils::{check_updates, download_assets, get_commit_sha, get_log_file, get_path_to_assets_hash, is_assets_outdated, remove_assets, update_advanced_users, update_bans_from_minecraft, write_sha_to_file, FiguraVersions};
+use utils::{
+    check_updates, download_assets, get_commit_sha,
+    get_limit_as_bytes, get_log_file, get_path_to_assets_hash,
+    is_assets_outdated, remove_assets, update_advanced_users,
+    update_bans_from_minecraft, write_sha_to_file, FiguraVersions
+};

 #[derive(Debug, Clone)]
 pub struct AppState {
@ -120,6 +125,7 @@ async fn main() -> Result<()> {
    // Config
    let config = Arc::new(RwLock::new(Config::parse(CONFIG_VAR.clone().into())));
    let listen = config.read().await.listen.clone();
+    let limit = get_limit_as_bytes(config.read().await.limitations.max_avatar_size.clone() as usize);

    if config.read().await.assets_updater_enabled {
        // Force update assets if folder or hash file doesn't exists.
@ -183,14 +189,14 @@ async fn main() -> Result<()> {
    let api = Router::new()
        .nest("//auth", api_auth::router()) // => /api//auth ¯\_(ツ)_/¯
        .nest("//assets", api_assets::router())
-        .nest("/v1", api::v1::router())
+        .nest("/v1", api::v1::router(limit))
        .route("/limits", get(api_info::limits))
        .route("/version", get(api_info::version))
        .route("/motd", get(api_info::motd))
        .route("/equip", post(api_profile::equip_avatar))
        .route("/:uuid", get(api_profile::user_info))
        .route("/:uuid/avatar", get(api_profile::download_avatar))
-        .route("/avatar", put(api_profile::upload_avatar).layer(DefaultBodyLimit::disable()))
+        .route("/avatar", put(api_profile::upload_avatar).layer(DefaultBodyLimit::max(limit)))
        .route("/avatar", delete(api_profile::delete_avatar));

    let app = Router::new()
--- a/src/utils/utils.rs
+++ b/src/utils/utils.rs
@ -143,4 +143,8 @@ pub fn get_log_file(folder: &str) -> String {
        }
        index += 1;
    }
+}
+
+pub fn get_limit_as_bytes(limit: usize) -> usize {
+    1024 + limit * 1024 // Adding additional 1 KB just for fun :)
 }