Commit d5be41b6 authored by Floreal Cabanettes's avatar Floreal Cabanettes
Browse files

Add checks of uploaded files server side (including URL uploading), Fixes #94

parent 726887ed
......@@ -8,8 +8,12 @@ batch_system_type = local
threads = 4
web_url = http://localhost:5000
# Max size of uploaded files (also for files from URL):
max_upload_size = 3G # Please set the unit: M for Megabyte or G for Gigabyte (-1 without unit to don't set a limit)
# Max size of uploaded files (also for files from URL, size uncompressed):
# Please set the unit: M for Megabyte or G for Gigabyte (-1 without unit to don't set a limit)
max_upload_size = 3G
# Max upload file size (compressed or not, only for uploaded files, not from URL):
# Please set the unit: M for Megabyte or G for Gigabyte (-1 without unit to don't set a limit)
max_upload_file_size = 1G
[debug]
......
......@@ -6,12 +6,14 @@ dgenies.run = {};
// Init global variables:
dgenies.run.s_id = null;
dgenies.run.allowed_ext = [];
dgenies.run.max_upload_file_size = -1
dgenies.run.files = [undefined, undefined];
dgenies.run.allow_upload = false;
dgenies.run.init = function (s_id, allowed_ext) {
dgenies.run.init = function (s_id, allowed_ext, max_upload_file_size=1073741824) {
dgenies.run.s_id = s_id;
dgenies.run.allowed_ext = allowed_ext;
dgenies.run.max_upload_file_size = max_upload_file_size
dgenies.run.restore_form();
dgenies.run.set_events();
dgenies.run.init_fileuploads();
......@@ -152,17 +154,18 @@ dgenies.run.get_file_size_str = function(size) {
};
dgenies.run.set_events = function() {
let max_file_size_txt = dgenies.run.get_file_size_str(dgenies.run.max_upload_file_size);
$("input.file-query").change(function () {
let file_size_query = $("div.file-size.query");
if (this.files.length > 0)
if (this.files[0].size <= 1073741824) {
if (this.files[0].size <= dgenies.run.max_upload_file_size) {
file_size_query.html(dgenies.run.get_file_size_str(this.files[0].size));
dgenies.run.set_filename(this.files[0].name, "query");
}
else {
$(this).val("");
dgenies.run.set_filename("", "query");
dgenies.notify("File exceed the size limit (1 Go)", "danger", 2000);
dgenies.notify(`File exceed the size limit (${max_file_size_txt})`, "danger", 2000);
file_size_query.html("");
}
else
......@@ -173,14 +176,14 @@ dgenies.run.set_events = function() {
$("input.file-target").change(function () {
let file_size_target = $("div.file-size.target");
if (this.files.length > 0) {
if (this.files[0].size <= 1073741824) {
if (this.files[0].size <= dgenies.run.max_upload_file_size) {
file_size_target.html(dgenies.run.get_file_size_str(this.files[0].size));
dgenies.run.set_filename(this.files[0].name, "target");
}
else {
$(this).val("");
dgenies.run.set_filename("", "target");
dgenies.notify("File exceed the size limit (1 Go)", "danger", 2000);
dgenies.notify(`File exceed the size limit (${max_file_size_txt})`, "danger", 2000);
file_size_target.html("");
}
}
......
......@@ -50,13 +50,11 @@ class JobManager:
with open(filepath, 'rb') as test_f:
return binascii.hexlify(test_f.read(2)) == b'1f8b'
@staticmethod
def get_file_size(filepath: str):
if filepath.endswith(".gz"):
def get_file_size(self, filepath: str):
file_size = os.path.getsize(filepath)
if filepath.endswith(".gz") and file_size <= self.config.max_upload_size:
with gzip.open(filepath, 'rb') as file_obj:
file_size = file_obj.seek(0, io.SEEK_END)
else:
file_size = os.path.getsize(filepath)
return file_size
def get_query_split(self):
......
......@@ -83,6 +83,22 @@ class AppConfigReader:
except NoOptionError:
return -1
def get_max_upload_file_size(self):
try:
max_size_b = self.replace_vars(self.reader.get("global", "max_upload_file_size"))
if max_size_b == "-1":
return -1
size_v = float(max_size_b[:-1])
size_unit = max_size_b[-1].upper()
if size_unit not in ["M", "G"]:
raise ValueError("Max size unit must be M or G")
max_size = int(size_v * 1024 * 1024)
if size_unit == "G":
max_size *= 1024
return max_size
except NoOptionError:
return 1024 * 1024 * 1024
def get_minimap2_exec(self):
try:
entry = self.reader.get("softwares", "minimap2")
......
......@@ -39,6 +39,7 @@ app_title = "D-GENIES - Dotplot for Genomes Interactive, E-connected and Speedy"
# Init Flask:
app = Flask(__name__, static_url_path='/static')
app.config['UPLOAD_FOLDER'] = UPLOAD_FOLDER
app.config['MAX_CONTENT_LENGTH'] = config_reader.max_upload_file_size
app.config['SECRET_KEY'] = 'dsqdsq-255sdA-fHfg52-25Asd5'
# Init mail:
......@@ -79,7 +80,8 @@ def run():
if "email" in request.args:
email = request.args["email"]
return render_template("run.html", title=app_title, id_job=id_job, email=email,
menu="run", allowed_ext=ALLOWED_EXTENSIONS, s_id=s_id)
menu="run", allowed_ext=ALLOWED_EXTENSIONS, s_id=s_id,
max_upload_file_size=config_reader.max_upload_file_size)
@app.route("/run-test", methods=['GET'])
......
......@@ -9,7 +9,7 @@
<script src="{{ url_for('static', filename='js/jquery.fileupload-validate.js') }}"></script>
<script src="{{ url_for('static', filename='js/dgenies.run.js') }}" type="text/JavaScript"></script>
{% endblock %}
{% block onload %}dgenies.run.init('{{ s_id }}',{{ allowed_ext }});{% endblock %}
{% block onload %}dgenies.run.init('{{ s_id }}',{{ allowed_ext }}, {{ max_upload_file_size }});{% endblock %}
{% block content %}
<form id="submit_minimap" method=post action="#">
<h2 class="title-launch">Launch map analysis</h2>
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment