aevgarik/paperclip
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use attachment-size limit for company logos

Browse Source
This commit is contained in:
Dotta
2026-03-16 10:13:19 -05:00
parent 4dfd862f11
commit 6eceb9b886
4 changed files with 12 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
server/src/__tests__/assets.test.ts
View File

@@ -1,6 +1,7 @@
import { afterEach, describe, expect, it, vi } from "vitest";
import express from "express";
import request from "supertest";
import { MAX_ATTACHMENT_BYTES } from "../attachment-types.js";
import { assetRoutes } from "../routes/assets.js";
import type { StorageService } from "../storage/types.js";
@@ -195,30 +196,30 @@ describe("POST /api/companies/:companyId/logo", () => {
expect(body).not.toContain("https://evil.example/");
});
it("allows a logo exactly 100 KB in size", async () => {
it("allows logo uploads within the general attachment limit", async () => {
const png = createStorageService("image/png");
const app = createApp(png);
createAssetMock.mockResolvedValue(createAsset());
const file = Buffer.alloc(100 * 1024, "a");
const file = Buffer.alloc(150 * 1024, "a");
const res = await request(app)
.post("/api/companies/company-1/logo")
.attach("file", file, "exact-limit.png");
.attach("file", file, "within-limit.png");
expect(res.status).toBe(201);
});
it("rejects logo files larger than 100 KB", async () => {
it("rejects logo files larger than the general attachment limit", async () => {
const app = createApp(createStorageService());
createAssetMock.mockResolvedValue(createAsset());
const file = Buffer.alloc(100 * 1024 + 1, "a");
const file = Buffer.alloc(MAX_ATTACHMENT_BYTES + 1, "a");
const res = await request(app)
.post("/api/companies/company-1/logo")
.attach("file", file, "too-large.png");
expect(res.status).toBe(422);
expect(res.body.error).toBe("Image exceeds 102400 bytes");
expect(res.body.error).toBe(`Image exceeds ${MAX_ATTACHMENT_BYTES} bytes`);
});
it("rejects unsupported image types", async () => {

9
server/src/routes/assets.ts
View File

@@ -8,7 +8,6 @@ import type { StorageService } from "../storage/types.js";
import { assetService, logActivity } from "../services/index.js";
import { isAllowedContentType, MAX_ATTACHMENT_BYTES } from "../attachment-types.js";
import { assertCompanyAccess, getActorInfo } from "./authz.js";
const MAX_COMPANY_LOGO_BYTES = 100 * 1024;
const SVG_CONTENT_TYPE = "image/svg+xml";
const ALLOWED_COMPANY_LOGO_CONTENT_TYPES = new Set([
"image/png",
@@ -92,7 +91,7 @@ export function assetRoutes(db: Db, storage: StorageService) {
});
const companyLogoUpload = multer({
storage: multer.memoryStorage(),
limits: { fileSize: MAX_COMPANY_LOGO_BYTES + 1, files: 1 },
limits: { fileSize: MAX_ATTACHMENT_BYTES, files: 1 },
});
async function runSingleFileUpload(
@@ -157,10 +156,6 @@ export function assetRoutes(db: Db, storage: StorageService) {
res.status(422).json({ error: "Image is empty" });
return;
}
if (fileBody.length > MAX_COMPANY_LOGO_BYTES) {
res.status(422).json({ error: `Image exceeds ${MAX_COMPANY_LOGO_BYTES} bytes` });
return;
}
const actor = getActorInfo(req);
const stored = await storage.putFile({
@@ -224,7 +219,7 @@ export function assetRoutes(db: Db, storage: StorageService) {
} catch (err) {
if (err instanceof multer.MulterError) {
if (err.code === "LIMIT_FILE_SIZE") {
res.status(422).json({ error: `Image exceeds ${MAX_COMPANY_LOGO_BYTES} bytes` });
res.status(422).json({ error: `Image exceeds ${MAX_ATTACHMENT_BYTES} bytes` });
return;
}
res.status(400).json({ error: err.message });