feat: add configurable max download mb

Author: Fleeym

.env.example

@@ -16,5 +16,7 @@ DISCORD_WEBHOOK_URL=
 
 # Config
 
+MAX_MOD_FILESIZE_MB=250
+
 # Globally disables download counting, in the event of abuse
 DISABLE_DOWNLOAD_COUNTS=0

src/endpoints/mod_versions.rs

@@ -273,8 +273,14 @@ pub async fn create_version(
         .filter(|c| c.is_ascii() && *c != '\0')
         .collect();
 
-    let mut file_path = download_geode_file(&download_link).await?;
-    let json = ModJson::from_zip(&mut file_path, &download_link, dev.verified).map_err(|err| {
+    let mut file_path = download_geode_file(&download_link, data.max_download_mb).await?;
+    let json = ModJson::from_zip(
+        &mut file_path,
+        &download_link,
+        dev.verified,
+        data.max_download_mb,
+    )
+    .map_err(|err| {
         log::error!("Failed to parse mod.json: {}", err);
         ApiError::FilesystemError
     })?;
@@ -366,6 +372,7 @@ pub async fn update_version(
         payload.status,
         payload.info.clone(),
         dev.id,
+        data.max_download_mb,
         &mut transaction,
     )
     .await

src/endpoints/mods.rs

@@ -2,15 +2,15 @@ use actix_web::{get, post, put, web, HttpResponse, Responder};
 use serde::Deserialize;
 use sqlx::Acquire;
 
-use crate::webhook::send_webhook;
 use crate::extractors::auth::Auth;
 use crate::types::api::{create_download_link, ApiError, ApiResponse};
 use crate::types::mod_json::ModJson;
+use crate::types::models::developer::Developer;
 use crate::types::models::incompatibility::Incompatibility;
 use crate::types::models::mod_entity::{download_geode_file, Mod, ModUpdate};
 use crate::types::models::mod_gd_version::{GDVersionEnum, VerPlatform};
 use crate::types::models::mod_version_status::ModVersionStatusEnum;
-use crate::types::models::developer::Developer;
+use crate::webhook::send_webhook;
 use crate::AppData;
 
 #[derive(Deserialize, Default)]
@@ -85,9 +85,8 @@ pub async fn get(
     let mut pool = data.db.acquire().await.or(Err(ApiError::DbAcquireError))?;
 
     let has_extended_permissions = match auth.developer() {
-        Ok(dev) => dev.admin ||
-            Developer::has_access_to_mod(dev.id, &id, &mut pool).await?,
-        _ => false
+        Ok(dev) => dev.admin || Developer::has_access_to_mod(dev.id, &id, &mut pool).await?,
+        _ => false,
     };
 
     let found = Mod::get_one(&id, false, &mut pool).await?;
@@ -113,8 +112,13 @@ pub async fn create(
 ) -> Result<impl Responder, ApiError> {
     let dev = auth.developer()?;
     let mut pool = data.db.acquire().await.or(Err(ApiError::DbAcquireError))?;
-    let mut file_path = download_geode_file(&payload.download_link).await?;
-    let json = ModJson::from_zip(&mut file_path, &payload.download_link, false)?;
+    let mut file_path = download_geode_file(&payload.download_link, data.max_download_mb).await?;
+    let json = ModJson::from_zip(
+        &mut file_path,
+        &payload.download_link,
+        false,
+        data.max_download_mb,
+    )?;
     json.validate()?;
     let mut transaction = pool.begin().await.or(Err(ApiError::TransactionError))?;
     let result = Mod::from_json(&json, dev.clone(), &mut transaction).await;

src/main.rs

@@ -27,6 +27,7 @@ pub struct AppData {
     github_client_secret: String,
     webhook_url: String,
     disable_downloads: bool,
+    max_download_mb: u32,
 }
 
 #[derive(Debug, Parser)]
@@ -66,7 +67,12 @@ async fn main() -> anyhow::Result<()> {
     let github_client = dotenvy::var("GITHUB_CLIENT_ID").unwrap_or("".to_string());
     let github_secret = dotenvy::var("GITHUB_CLIENT_SECRET").unwrap_or("".to_string());
     let webhook_url = dotenvy::var("DISCORD_WEBHOOK_URL").unwrap_or("".to_string());
-    let disable_downloads = dotenvy::var("DISABLE_DOWNLOAD_COUNTS").unwrap_or("0".to_string()) == "1";
+    let disable_downloads =
+        dotenvy::var("DISABLE_DOWNLOAD_COUNTS").unwrap_or("0".to_string()) == "1";
+    let max_downloadmb = dotenvy::var("MAX_MOD_FILESIZE_MB")
+        .unwrap_or("250".to_string())
+        .parse::<u32>()
+        .unwrap_or(250);
 
     let app_data = AppData {
         db: pool.clone(),
@@ -75,6 +81,7 @@ async fn main() -> anyhow::Result<()> {
         github_client_secret: github_secret.clone(),
         webhook_url: webhook_url.clone(),
         disable_downloads,
+        max_download_mb: max_downloadmb,
     };
 
     let args = Args::parse();

src/types/mod_json.rs

@@ -93,9 +93,11 @@ impl ModJson {
         file: &mut Cursor<Bytes>,
         download_url: &str,
         store_image: bool,
+        max_size_mb: u32
     ) -> Result<ModJson, ApiError> {
+        let max_size_bytes = max_size_mb * 1_000_000;
         let mut bytes: Vec<u8> = vec![];
-        let mut take = file.take(100_000_000);
+        let mut take = file.take(max_size_bytes as u64);
         match take.read_to_end(&mut bytes) {
             Err(e) => {
                 log::error!("Failed to read bytes from {}: {}", download_url, e);

src/types/models/mod_entity.rs

@@ -1436,9 +1436,10 @@ impl Mod {
         id: &str,
         hash: &str,
         download_link: &str,
+        limit_mb: u32,
         pool: &mut PgConnection,
     ) -> Result<(), ApiError> {
-        let mut cursor = download_geode_file(download_link).await?;
+        let mut cursor = download_geode_file(download_link, limit_mb).await?;
         let mut bytes: Vec<u8> = vec![];
         match cursor.read_to_end(&mut bytes) {
             Err(e) => {
@@ -1501,11 +1502,12 @@ impl Mod {
     }
 }
 
-pub async fn download_geode_file(url: &str) -> Result<Cursor<Bytes>, ApiError> {
+pub async fn download_geode_file(url: &str, limit_mb: u32) -> Result<Cursor<Bytes>, ApiError> {
+    let limit_bytes = limit_mb * 1_000_000;
     let size = get_download_size(url).await?;
-    if size > 100_000_000 {
+    if size > limit_bytes as u64 {
         return Err(ApiError::BadRequest(
-            "File size is too large, max 100MB".to_string(),
+            format!("File size is too large, max {}MB", limit_mb)
         ));
     }
     let res = reqwest::get(url)

src/types/models/mod_version.rs

@@ -680,10 +680,12 @@ impl ModVersion {
         let json_tags = json.tags.clone().unwrap_or_default();
         let tags = Tag::get_tag_ids(json_tags, pool).await?;
         Tag::update_mod_tags(&json.id, tags.into_iter().map(|x| x.id).collect(), pool).await?;
-        ModGDVersion::clear_for_mod_version(version_id, pool).await.map_err(|err| {
-            log::error!("{}", err);
-            ApiError::DbError
-        })?;
+        ModGDVersion::clear_for_mod_version(version_id, pool)
+            .await
+            .map_err(|err| {
+                log::error!("{}", err);
+                ApiError::DbError
+            })?;
         ModGDVersion::create_from_json(json.gd.to_create_payload(json), version_id, pool).await?;
         Dependency::clear_for_mod_version(version_id, pool).await?;
         Incompatibility::clear_for_mod_version(version_id, pool).await?;
@@ -822,6 +824,7 @@ impl ModVersion {
         new_status: ModVersionStatusEnum,
         info: Option<String>,
         admin_id: i32,
+        limit_geode_mb: u32,
         pool: &mut PgConnection,
     ) -> Result<(), ApiError> {
         struct CurrentStatusRes {
@@ -913,7 +916,14 @@ impl ModVersion {
                 }
                 Ok(r) => r,
             };
-            Mod::update_mod_image(&info.mod_id, &info.hash, &info.download_link, pool).await?;
+            Mod::update_mod_image(
+                &info.mod_id,
+                &info.hash,
+                &info.download_link,
+                limit_geode_mb,
+                pool,
+            )
+            .await?;
         }
 
         if new_status == ModVersionStatusEnum::Accepted {