size limit
Browse files
main.py
CHANGED
|
@@ -13,6 +13,10 @@ DATA_DIR = os.path.join('/tmp')
|
|
| 13 |
MAX_TOTAL_SIZE_MB = 100 # Max total size of all notes in MB
|
| 14 |
PURGE_TO_SIZE_MB = 80 # When purging, reduce total size to this
|
| 15 |
AGE_LIMIT_DAYS = 2
|
|
|
|
|
|
|
|
|
|
|
|
|
| 16 |
|
| 17 |
# --- SECURITY HELPER ---
|
| 18 |
def sanitize_hash(hash_string):
|
|
@@ -100,8 +104,6 @@ def cleanup_files():
|
|
| 100 |
# --- FLASK ROUTES ---
|
| 101 |
@app.route('/')
|
| 102 |
def index():
|
| 103 |
-
# Run cleanup routine after a successful save
|
| 104 |
-
cleanup_files()
|
| 105 |
return send_from_directory('.', 'index.html')
|
| 106 |
|
| 107 |
@app.route('/api/load', methods=['POST'])
|
|
@@ -154,6 +156,11 @@ def save_content():
|
|
| 154 |
# The client must provide content to save
|
| 155 |
if not isinstance(encrypted_content, str):
|
| 156 |
return jsonify({'error': 'Invalid content format'}), 400
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 157 |
|
| 158 |
content_path = os.path.join(DATA_DIR, f'{file_hash}_content.txt')
|
| 159 |
|
|
@@ -162,6 +169,9 @@ def save_content():
|
|
| 162 |
with open(content_path, 'w', encoding='utf-8') as f:
|
| 163 |
f.write(encrypted_content)
|
| 164 |
|
|
|
|
|
|
|
|
|
|
| 165 |
return jsonify({'status': 'saved'})
|
| 166 |
except Exception as e:
|
| 167 |
print(f"Error during save: {e}") # For debugging
|
|
|
|
| 13 |
MAX_TOTAL_SIZE_MB = 100 # Max total size of all notes in MB
|
| 14 |
PURGE_TO_SIZE_MB = 80 # When purging, reduce total size to this
|
| 15 |
AGE_LIMIT_DAYS = 2
|
| 16 |
+
MAX_CONTENT_SIZE_MB = 10 # Max size for a single note in MB
|
| 17 |
+
|
| 18 |
+
# Limit request payload size (prevents large uploads from consuming memory)
|
| 19 |
+
app.config['MAX_CONTENT_LENGTH'] = 16 * 1024 * 1024 # 16 MB
|
| 20 |
|
| 21 |
# --- SECURITY HELPER ---
|
| 22 |
def sanitize_hash(hash_string):
|
|
|
|
| 104 |
# --- FLASK ROUTES ---
|
| 105 |
@app.route('/')
|
| 106 |
def index():
|
|
|
|
|
|
|
| 107 |
return send_from_directory('.', 'index.html')
|
| 108 |
|
| 109 |
@app.route('/api/load', methods=['POST'])
|
|
|
|
| 156 |
# The client must provide content to save
|
| 157 |
if not isinstance(encrypted_content, str):
|
| 158 |
return jsonify({'error': 'Invalid content format'}), 400
|
| 159 |
+
|
| 160 |
+
# Validate content size to prevent abuse
|
| 161 |
+
max_content_bytes = MAX_CONTENT_SIZE_MB * 1024 * 1024
|
| 162 |
+
if len(encrypted_content.encode('utf-8')) > max_content_bytes:
|
| 163 |
+
return jsonify({'error': f'Content too large. Maximum size is {MAX_CONTENT_SIZE_MB}MB'}), 413
|
| 164 |
|
| 165 |
content_path = os.path.join(DATA_DIR, f'{file_hash}_content.txt')
|
| 166 |
|
|
|
|
| 169 |
with open(content_path, 'w', encoding='utf-8') as f:
|
| 170 |
f.write(encrypted_content)
|
| 171 |
|
| 172 |
+
# Run cleanup routine after a successful save
|
| 173 |
+
cleanup_files()
|
| 174 |
+
|
| 175 |
return jsonify({'status': 'saved'})
|
| 176 |
except Exception as e:
|
| 177 |
print(f"Error during save: {e}") # For debugging
|