From 67ec78f7c63ac43d20a2d3491d6ef6aefd3c0759 Mon Sep 17 00:00:00 2001
From: Brian Gough <briangough@users.noreply.github.com>
Date: Wed, 20 Sep 2023 08:47:06 +0100
Subject: [PATCH] Merge pull request #14827 from
 overleaf/bg-size-limit-for-all-files

add size limit for all streamed files in web

GitOrigin-RevId: 65ab73163bc94a643977f8a0a1fd7418bbf6e365
---
 .../LinkedFiles/LinkedFilesController.js      |  8 +++++++-
 .../web/app/src/infrastructure/FileWriter.js  |  2 +-
 .../test/acceptance/src/LinkedFilesTests.js   | 19 +++++++++++++++++++
 3 files changed, 27 insertions(+), 2 deletions(-)

diff --git a/services/web/app/src/Features/LinkedFiles/LinkedFilesController.js b/services/web/app/src/Features/LinkedFiles/LinkedFilesController.js
index 9746c7c126..9b4fe6dcd1 100644
--- a/services/web/app/src/Features/LinkedFiles/LinkedFilesController.js
+++ b/services/web/app/src/Features/LinkedFiles/LinkedFilesController.js
@@ -34,7 +34,10 @@ const {
   RemoteServiceError,
   FileCannotRefreshError,
 } = require('./LinkedFilesErrors')
-const { OutputFileFetchFailedError } = require('../Errors/Errors')
+const {
+  OutputFileFetchFailedError,
+  FileTooLargeError,
+} = require('../Errors/Errors')
 const Modules = require('../../infrastructure/Modules')
 const { plainTextResponse } = require('../../infrastructure/Response')
 
@@ -209,6 +212,9 @@ module.exports = LinkedFilesController = {
     } else if (/\bECONNREFUSED\b/.test(error.message)) {
       res.status(500)
       plainTextResponse(res, 'Importing references is not currently available')
+    } else if (error instanceof FileTooLargeError) {
+      res.status(422)
+      plainTextResponse(res, 'File too large')
     } else {
       next(error)
     }
diff --git a/services/web/app/src/infrastructure/FileWriter.js b/services/web/app/src/infrastructure/FileWriter.js
index f1d4d478e3..c560d5a833 100644
--- a/services/web/app/src/infrastructure/FileWriter.js
+++ b/services/web/app/src/infrastructure/FileWriter.js
@@ -27,7 +27,7 @@ class SizeLimitedStream extends Transform {
     super(options)
 
     this.bytes = 0
-    this.maxSizeBytes = options.maxSizeBytes
+    this.maxSizeBytes = options.maxSizeBytes || Settings.maxUploadSize
     this.drain = false
     this.on('error', () => {
       this.drain = true
diff --git a/services/web/test/acceptance/src/LinkedFilesTests.js b/services/web/test/acceptance/src/LinkedFilesTests.js
index 62a4255315..a4e22e30c6 100644
--- a/services/web/test/acceptance/src/LinkedFilesTests.js
+++ b/services/web/test/acceptance/src/LinkedFilesTests.js
@@ -16,6 +16,8 @@ LinkedUrlProxy.get('/', (req, res, next) => {
     return plainTextResponse(res, 'foo foo foo')
   } else if (req.query.url === 'http://example.com/bar') {
     return plainTextResponse(res, 'bar bar bar')
+  } else if (req.query.url === 'http://example.com/large') {
+    return plainTextResponse(res, 'x'.repeat(Settings.maxUploadSize + 1))
   } else {
     return res.sendStatus(404)
   }
@@ -319,6 +321,23 @@ describe('LinkedFiles', function () {
       expect(body).to.equal('bar bar bar')
     })
 
+    it('should return an error if the file exceeds the maximum size', async function () {
+      // download does not succeed
+      const { response, body } = await owner.doRequest('post', {
+        url: `/project/${projectOneId}/linked_file`,
+        json: {
+          provider: 'url',
+          data: {
+            url: 'http://example.com/large',
+          },
+          parent_folder_id: projectOneRootFolderId,
+          name: 'url-large-file-1',
+        },
+      })
+      expect(response.statusCode).to.equal(422)
+      expect(body).to.equal('File too large')
+    })
+
     it("should return an error if the file can't be downloaded", async function () {
       // download does not succeed
       let { response, body } = await owner.doRequest('post', {