fix attachment file size limit in server backend (#35519) (#35720)

Backport #35519 by @a1012112796 fix #35512 Co-authored-by: a1012112796 <1012112796@qq.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2025-11-20 09:32:43 +09:00 · 2025-10-22 02:01:59 +08:00
parent 16f4f0d473
commit cb338a2ba1
18 changed files with 169 additions and 109 deletions
--- a/modules/git/utils.go
+++ b/modules/git/utils.go
@@ -6,7 +6,6 @@ package git
 import (
 	"crypto/sha1"
 	"encoding/hex"
-	"io"
 	"strconv"
 	"strings"
 	"sync"
@@ -68,32 +67,6 @@ func ParseBool(value string) (result, valid bool) {
 	return intValue != 0, true
 }

-// LimitedReaderCloser is a limited reader closer
-type LimitedReaderCloser struct {
-	R io.Reader
-	C io.Closer
-	N int64
-}
-
-// Read implements io.Reader
-func (l *LimitedReaderCloser) Read(p []byte) (n int, err error) {
-	if l.N <= 0 {
-		_ = l.C.Close()
-		return 0, io.EOF
-	}
-	if int64(len(p)) > l.N {
-		p = p[0:l.N]
-	}
-	n, err = l.R.Read(p)
-	l.N -= int64(n)
-	return n, err
-}
-
-// Close implements io.Closer
-func (l *LimitedReaderCloser) Close() error {
-	return l.C.Close()
-}
-
 func HashFilePathForWebUI(s string) string {
 	h := sha1.New()
 	_, _ = h.Write([]byte(s))
--- a/modules/setting/attachment.go
+++ b/modules/setting/attachment.go
@@ -16,9 +16,13 @@ var Attachment AttachmentSettingType
 func loadAttachmentFrom(rootCfg ConfigProvider) (err error) {
 	Attachment = AttachmentSettingType{
 		AllowedTypes: ".avif,.cpuprofile,.csv,.dmp,.docx,.fodg,.fodp,.fods,.fodt,.gif,.gz,.jpeg,.jpg,.json,.jsonc,.log,.md,.mov,.mp4,.odf,.odg,.odp,.ods,.odt,.patch,.pdf,.png,.pptx,.svg,.tgz,.txt,.webm,.webp,.xls,.xlsx,.zip",
-		MaxSize:      2048,
-		MaxFiles:     5,
-		Enabled:      true,
+
+		// FIXME: this size is used for both "issue attachment" and "release attachment"
+		// The design is not right, these two should be different settings
+		MaxSize: 2048,
+
+		MaxFiles: 5,
+		Enabled:  true,
 	}
 	sec, _ := rootCfg.GetSection("attachment")
 	if sec == nil {
--- a/modules/util/error.go
+++ b/modules/util/error.go
@@ -16,6 +16,7 @@ var (
 	ErrPermissionDenied = errors.New("permission denied")       // also implies HTTP 403
 	ErrNotExist         = errors.New("resource does not exist") // also implies HTTP 404
 	ErrAlreadyExist     = errors.New("resource already exists") // also implies HTTP 409
+	ErrContentTooLarge  = errors.New("content exceeds limit")   // also implies HTTP 413

 	// ErrUnprocessableContent implies HTTP 422, the syntax of the request content is correct,
 	// but the server is unable to process the contained instructions