From 0cfad09c6355eac3375850af5c12af158484bbdf Mon Sep 17 00:00:00 2001 From: rdavidek Date: Sun, 28 Dec 2025 20:08:05 +0100 Subject: [PATCH] limit upload --- src/main/java/cz/kamma/darts/App.java | 51 ++++++++++++++++++++++----- 1 file changed, 42 insertions(+), 9 deletions(-) diff --git a/src/main/java/cz/kamma/darts/App.java b/src/main/java/cz/kamma/darts/App.java index 8df6b4e..41d6546 100644 --- a/src/main/java/cz/kamma/darts/App.java +++ b/src/main/java/cz/kamma/darts/App.java @@ -17,6 +17,7 @@ import java.util.stream.Collectors; public class App { private static final Gson GSON = new Gson(); private static final String DATA_FILE = "stats.json"; + private static final long MAX_UPLOAD_SIZE = 5 * 1024 * 1024; // 5MB public static void main(String[] args) throws IOException { int port = 8080; @@ -68,8 +69,35 @@ public class App { return; } + String contentLengthHeader = exchange.getRequestHeaders().getFirst("Content-Length"); + if (contentLengthHeader != null) { + try { + long contentLength = Long.parseLong(contentLengthHeader); + if (contentLength > MAX_UPLOAD_SIZE) { + sendError(exchange, 413, "File too large. Maximum size is 5MB."); + return; + } + } catch (NumberFormatException ignored) { + } + } + InputStream is = exchange.getRequestBody(); - String body = new String(is.readAllBytes(), StandardCharsets.UTF_8); + ByteArrayOutputStream baos = new ByteArrayOutputStream(); + byte[] buffer = new byte[4096]; + int bytesRead; + long totalRead = 0; + + while ((bytesRead = is.read(buffer)) != -1) { + totalRead += bytesRead; + if (totalRead > MAX_UPLOAD_SIZE) { + sendError(exchange, 413, "File too large. Maximum size is 5MB."); + return; + } + baos.write(buffer, 0, bytesRead); + } + + byte[] bytes = baos.toByteArray(); + String body = new String(bytes, StandardCharsets.UTF_8); try { List rawGames = GSON.fromJson(body, new TypeToken>(){}.getType()); @@ -78,15 +106,14 @@ public class App { Files.writeString(Paths.get(DATA_FILE), GSON.toJson(convertedGames)); String response = "Upload successful"; - exchange.sendResponseHeaders(200, response.length()); - exchange.getResponseBody().write(response.getBytes()); + byte[] responseBytes = response.getBytes(StandardCharsets.UTF_8); + exchange.sendResponseHeaders(200, responseBytes.length); + try (OutputStream os = exchange.getResponseBody()) { + os.write(responseBytes); + } } catch (Exception e) { e.printStackTrace(); - String response = "Error processing upload: " + e.getMessage(); - exchange.sendResponseHeaders(400, response.length()); - exchange.getResponseBody().write(response.getBytes()); - } finally { - exchange.getResponseBody().close(); + sendError(exchange, 400, "Error processing upload: " + e.getMessage()); } } @@ -139,7 +166,13 @@ public class App { return result; } } - + private static void sendError(HttpExchange exchange, int statusCode, String message) throws IOException { + byte[] responseBytes = message.getBytes(StandardCharsets.UTF_8); + exchange.sendResponseHeaders(statusCode, responseBytes.length); + try (OutputStream os = exchange.getResponseBody()) { + os.write(responseBytes); + } + } static class StatsHandler implements HttpHandler { @Override public void handle(HttpExchange exchange) throws IOException {