Restrict large file uploads to only the Lift Upload endpoint (#875)

sillsdev · Dec 18, 2020 · dd7bd80 · dd7bd80
1 parent baab15c
commit dd7bd80
Show file tree

Hide file tree

Showing 4 changed files with 13 additions and 9 deletions.
diff --git a/Backend/Controllers/LiftController.cs b/Backend/Controllers/LiftController.cs
@@ -41,6 +41,10 @@ public LiftController(IWordRepository repo, IProjectService projServ, IPermissio
         /// <remarks> POST: v1/projects/{projectId}/words/upload </remarks>
         /// <returns> Number of words added </returns>
         [HttpPost("upload")]
+        // Allow clients to POST large import files to the server (default limit is 28MB).
+        // Note: The HTTP Proxy in front, such as NGNIX, also needs to be configured
+        //     to allow large requests through as well.
+        [RequestSizeLimit(250_000_000)]  // 250MB.
         public async Task<IActionResult> UploadLiftFile(string projectId, [FromForm] FileUpload fileUpload)
         {
             if (!_permissionService.HasProjectPermission(HttpContext, Permission.ImportExport))

diff --git a/Backend/Program.cs b/Backend/Program.cs
@@ -12,14 +12,6 @@ public static void Main(string[] args)
 
         public static IWebHostBuilder CreateWebHostBuilder(string[] args) =>
             WebHost.CreateDefaultBuilder(args)
-                .ConfigureKestrel((context, options) =>
-                {
-                    // Allow clients to POST large files to servers, such as project imports.
-                    // Note: The HTTP Proxy in front, such as NGNIX, also needs to be configured
-                    //     to allow large requests through as well.
-                    // 250MB.
-                    options.Limits.MaxRequestBodySize = 250_000_000;
-                })
                 .UseStartup<Startup>();
     }
 }
diff --git a/user_guide/docs/project.md b/user_guide/docs/project.md
@@ -25,7 +25,13 @@ and associated with new data entries.
 
 ### Import and Export
 
-Currently, only one LIFT file can be imported per project.
+!!! note
+
+    Currently, the maximum size of Lift files supported for import is 250MB.
+
+!!! note
+
+    Currently, only one LIFT file can be imported per project.
 
 After clicking the Export button, you can navigate to other parts of the website. A notification will appear in the App
 Bar when the export is ready for download. A project that has reached hundreds of MB is size may take tens of minutes to

diff --git a/user_guide/mkdocs.yml b/user_guide/mkdocs.yml
@@ -33,3 +33,5 @@ nav:
   - Data Entry: dataEntry.md
   - Data Cleanup: goals.md
   - Admin: admin.md
+markdown_extensions:
+  - admonition