Limiting file size (#105)

Limit the upload size of an attachment in the attachment plugin. Currently the maximum size size of data that can be scanned by the Malware Scanning Service on BTP is 400MB. So we would limit the file upload size to 400 MB. 1. Handling PUT request with 'before' handler to fetch the content length of the uploaded attachment in plugin.js. 2. Impose validation checks for size limit and rejecting the request which are above size limit. 3. Currently cannot access the UI part but validation checks are both imposed for hybrid and local mode. --------- Co-authored-by: jeevitha011 <118245189+jeevitha011@users.noreply.github.com>
cap-js · Dec 16, 2024 · 376a8c0 · 376a8c0
1 parent d014729
commit 376a8c0
Show file tree

Hide file tree

Showing 4 changed files with 60 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,6 +6,11 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/).
 
 ## Version 1.1.8
 
+### Added
+
+- **File Size Validation**: Introduced a new file size validation feature to ensure uploaded attachments comply with defined size limits.
+- This feature is compatible with SAPUI5 version `>= 1.131.0`.
+
 ### Changed
 
 - Included test cases for malware scanning within development profile.

diff --git a/lib/plugin.js b/lib/plugin.js
@@ -42,6 +42,8 @@ cds.once("served", async function registerPluginHandlers() {
 
             srv.after("READ", [target, target.drafts], readAttachment);
 
+            srv.before("PUT", target.drafts, (req) => validateAttachmentSize(req) );
+
             AttachmentsSrv.registerUpdateHandlers(srv, entity, target);
 
             srv.before('NEW', target.drafts, req => {
@@ -85,6 +87,23 @@ cds.once("served", async function registerPluginHandlers() {
   }
 });
 
+function validateAttachmentSize(req) {
+  const contentLengthHeader = req.headers["content-length"];
+  let fileSizeInBytes;
+
+  if (contentLengthHeader) {
+    fileSizeInBytes = Number(contentLengthHeader);
+    const MAX_FILE_SIZE = 419430400; //400 MB in bytes
+    if (fileSizeInBytes > MAX_FILE_SIZE) {
+      return req.reject(403, "File Size limit exceeded beyond 400 MB.");
+    }
+  } else {
+    return req.reject(403, "Invalid Content Size");
+  }
+}
+
+module.exports = { validateAttachmentSize };
+
 const Ext2MimeTyes = {
   aac: "audio/aac",
   abw: "application/x-abiword",

diff --git a/package.json b/package.json
@@ -14,7 +14,7 @@
   ],
   "scripts": {
     "lint": "npx eslint .",
-    "test": "npx jest attachments.test.js"
+    "test": "npx jest"
   },
   "dependencies": {
     "@aws-sdk/client-s3": "^3.400.0",

diff --git a/tests/unit/validateAttachmentSize.test.js b/tests/unit/validateAttachmentSize.test.js
@@ -0,0 +1,35 @@
+const { validateAttachmentSize } = require('../../lib/plugin');
+
+describe('validateAttachmentSize', () => {
+  let req; // Define a mock request object
+
+  beforeEach(() => {
+    req = {
+      headers: {},
+      reject: jest.fn(), // Mocking the reject function
+    };
+  });
+
+  it('should pass validation for a file size under 400 MB', () => {
+    req.headers['content-length'] = '51200765'; 
+
+    validateAttachmentSize(req); 
+
+    expect(req.reject).not.toHaveBeenCalled();
+  });
+
+  it('should reject for a file size over 400 MB', () => {
+    req.headers['content-length'] = '20480000000'; 
+
+    validateAttachmentSize(req); 
+
+    expect(req.reject).toHaveBeenCalledWith(403, 'File Size limit exceeded beyond 400 MB.');
+  });
+
+  it('should reject when content-length header is missing', () => {
+    validateAttachmentSize(req); 
+
+    expect(req.reject).toHaveBeenCalledWith(403, 'Invalid Content Size');
+  });
+});
+