Infra-Mirrors/ots
1
0
Fork 0
mirror of https://github.com/Luzifer/ots.git synced 2025-07-22 06:08:51 -04:00
Code Issues Projects Releases Packages Wiki Activity

Fix: Use a default maxSecretSize and limit the payload read (#144)

Browse source
This commit is contained in:
Knut Ahlers 2023-10-25 10:11:54 +02:00 committed by GitHub
parent 5ad6449757
commit 136c0e2c96
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 26 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

11
pkg/customization/customize.go
View file

@ -12,6 +12,13 @@ import (
"gopkg.in/yaml.v2"
)
// Frontend has a max attachment size of 64MiB as the base64 encoding
// will break afterwards. Therefore we use a maximum secret size of
// 65MiB and increase it by double base64 encoding:
//
// 65 MiB * 16/9 (twice 4/3 base64 size increase)
const defaultMaxSecretSize = 65 * 1024 * 1024 * (16 / 9) // = 115.6MiB
type (
// Customize holds the structure of the customization file
Customize struct {
@ -78,4 +85,8 @@ func (c *Customize) applyFixes() {
if len(c.AppTitle) == 0 {
c.AppTitle = "OTS - One Time Secrets"
}
if c.MaxSecretSize == 0 {
c.MaxSecretSize = defaultMaxSecretSize
}
}