From 51dbc4b2399a0344026014cd815c6e7adb1bc0a0 Mon Sep 17 00:00:00 2001
From: David Wilemski <david@wilemski.org>
Date: Mon, 1 Jan 2024 15:59:32 +0000
Subject: [PATCH] Improve auth logging + configurable body size

---
 src/bin/server.rs        | 4 ++--
 src/config.rs            | 4 ++--
 src/constants.rs         | 2 +-
 src/handlers/micropub.rs | 5 +++++
 4 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/src/bin/server.rs b/src/bin/server.rs
index a4558da..53a26fd 100644
--- a/src/bin/server.rs
+++ b/src/bin/server.rs
@@ -6,7 +6,7 @@ use log::{debug, error, info};
 use serde_json::json;
 
 use axum::{
-    extract::Path,
+    extract::{Path, DefaultBodyLimit},
     http::{HeaderMap, StatusCode},
     response::IntoResponse,
     routing::{get, on, on_service, post, MethodFilter},
@@ -175,7 +175,7 @@ async fn main() -> Result<(), anyhow::Error> {
                 }
 
             })
-        )
+        ).route_layer(DefaultBodyLimit::max(site_config.micropub.media_endpoint_max_upload_length))
         .route(
             "/tag/:tag",
             on(
diff --git a/src/config.rs b/src/config.rs
index c2b62c5..0fbcb63 100644
--- a/src/config.rs
+++ b/src/config.rs
@@ -30,7 +30,7 @@ pub struct MicropubConfig {
     pub host_website: String,
     pub media_endpoint: String,
     #[serde(default = "default_max_upload_length")]
-    pub media_endpoint_max_upload_length: u64, // XXX currently unused
+    pub media_endpoint_max_upload_length: usize,
     pub micropub_endpoint: String,
 }
 
@@ -42,6 +42,6 @@ fn default_auth_endpoint() -> String {
     crate::DEFAULT_AUTH_ENDPOINT.into()
 }
 
-fn default_max_upload_length() -> u64 {
+fn default_max_upload_length() -> usize {
     crate::DEFAULT_MAX_CONTENT_LENGTH
 }
diff --git a/src/constants.rs b/src/constants.rs
index b9f3b19..1101896 100644
--- a/src/constants.rs
+++ b/src/constants.rs
@@ -1,3 +1,3 @@
-pub const DEFAULT_MAX_CONTENT_LENGTH: u64 = 1024 * 1024 * 50; // 50 megabytes
+pub const DEFAULT_MAX_CONTENT_LENGTH: usize = 1024 * 1024 * 50; // 50 megabytes
 pub const DEFAULT_AUTH_TOKEN_ENDPOINT: &str = "https://tokens.indieauth.com/token";
 pub const DEFAULT_AUTH_ENDPOINT: &str = "https://indieauth.com/auth";
diff --git a/src/handlers/micropub.rs b/src/handlers/micropub.rs
index 975e025..1e23029 100644
--- a/src/handlers/micropub.rs
+++ b/src/handlers/micropub.rs
@@ -468,6 +468,11 @@ pub async fn handle_post(
     ).await?;
 
     if validate_response.me != site_config.micropub.host_website {
+        error!(
+            "mismatched authorization: me: {} host_website: {}",
+           validate_response.me,
+           site_config.micropub.host_website
+        );
         return Err(StatusCode::FORBIDDEN);
     }