|
|
@@ -12,11 +12,13 @@ class DocumentUploadController
|
|
|
{
|
|
|
private DocumentModel $documentModel;
|
|
|
private DocumentStorageService $storage;
|
|
|
+ private int $maxUploadBytes;
|
|
|
|
|
|
public function __construct()
|
|
|
{
|
|
|
$this->documentModel = new DocumentModel();
|
|
|
$this->storage = new DocumentStorageService();
|
|
|
+ $this->maxUploadBytes = 30 * 1024 * 1024;
|
|
|
}
|
|
|
|
|
|
public function __invoke(ServerRequestInterface $request)
|
|
|
@@ -28,6 +30,11 @@ class DocumentUploadController
|
|
|
return ResponseLib::sendFail('Unauthorized', [], 'E_VALIDATE')->withStatus(401);
|
|
|
}
|
|
|
|
|
|
+ $contentLength = (int)$request->getHeaderLine('Content-Length');
|
|
|
+ if ($contentLength > 0 && $contentLength > $this->maxUploadBytes) {
|
|
|
+ return ResponseLib::sendFail('File too large. Max 30MB.', [], 'E_TOO_LARGE')->withStatus(413);
|
|
|
+ }
|
|
|
+
|
|
|
try {
|
|
|
$parsed = MultipartFormDataParser::parse($request);
|
|
|
} catch (\Throwable $e) {
|
|
|
@@ -51,6 +58,10 @@ class DocumentUploadController
|
|
|
$contentType = (string)($file['content_type'] ?? 'application/octet-stream');
|
|
|
$content = (string)$file['content'];
|
|
|
|
|
|
+ if (strlen($content) > $this->maxUploadBytes) {
|
|
|
+ return ResponseLib::sendFail('File too large. Max 30MB.', [], 'E_TOO_LARGE')->withStatus(413);
|
|
|
+ }
|
|
|
+
|
|
|
try {
|
|
|
$documentType = $this->storage->sanitizeDocumentType($documentType);
|
|
|
$dir = $this->storage->ensureDirectory($companyId, $userId, $documentType);
|
ljoaquim