Limiting file size

CHANGELOG.md

@@ -6,6 +6,11 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/).
 
 ## Version 1.1.8
 
+### Added
+
+- **File Size Validation**: Introduced a new file size validation feature to ensure uploaded attachments comply with defined size limits.
+- This feature is compatible with SAPUI5 version `>= 1.131.0`.
+
 ### Changed
 
 - Included test cases for malware scanning within development profile.

lib/plugin.js

@@ -42,6 +42,8 @@ cds.once("served", async function registerPluginHandlers() {
 
             srv.after("READ", [target, target.drafts], readAttachment);
 
+            srv.before("PUT", target.drafts, (req) => validateAttachmentSize(req) );
+
             AttachmentsSrv.registerUpdateHandlers(srv, entity, target);
 
             srv.before('NEW', target.drafts, req => {
@@ -85,6 +87,23 @@ cds.once("served", async function registerPluginHandlers() {
   }
 });
 
+function validateAttachmentSize(req) {
+  const contentLengthHeader = req.headers["content-length"];
+  let fileSizeInBytes;
+
+  if (contentLengthHeader) {
+    fileSizeInBytes = Number(contentLengthHeader);
+    const MAX_FILE_SIZE = 419430400; //400 MB in bytes
+    if (fileSizeInBytes > MAX_FILE_SIZE) {
+      return req.reject(403, "File Size limit exceeded beyond 400 MB.");
+    }
+  } else {
+    return req.reject(403, "Invalid Content Size");
+  }
+}
+
+module.exports = { validateAttachmentSize };
+
 const Ext2MimeTyes = {
   aac: "audio/aac",
   abw: "application/x-abiword",

package.json

@@ -14,7 +14,7 @@
   ],
   "scripts": {
     "lint": "npx eslint .",
-    "test": "npx jest attachments.test.js"
+    "test": "npx jest"
   },
   "dependencies": {
     "@aws-sdk/client-s3": "^3.400.0",

tests/unit/validateAttachmentSize.test.js

@@ -0,0 +1,35 @@
+const { validateAttachmentSize } = require('../../lib/plugin');
+
+describe('validateAttachmentSize', () => {
+  let req; // Define a mock request object
+
+  beforeEach(() => {
+    req = {
+      headers: {},
+      reject: jest.fn(), // Mocking the reject function
+    };
+  });
+
+  it('should pass validation for a file size under 400 MB', () => {
+    req.headers['content-length'] = '51200765'; 
+
+    validateAttachmentSize(req); 
+
+    expect(req.reject).not.toHaveBeenCalled();
+  });
+
+  it('should reject for a file size over 400 MB', () => {
+    req.headers['content-length'] = '20480000000'; 
+
+    validateAttachmentSize(req); 
+
+    expect(req.reject).toHaveBeenCalledWith(403, 'File Size limit exceeded beyond 400 MB.');
+  });
+
+  it('should reject when content-length header is missing', () => {
+    validateAttachmentSize(req); 
+
+    expect(req.reject).toHaveBeenCalledWith(403, 'Invalid Content Size');
+  });
+});
+