Merge c6b131a into 32df722

lib/server/routes/frames.js

@@ -11,6 +11,7 @@ const inherits = require('util').inherits;
 const ms = require('ms');
 const log = require('../../logger');
 const constants = require('../../constants');
+const { MAX_SHARD_SIZE } = require('storj-service-storage-models').constants;
 const analytics = require('storj-analytics');
 const limiter = require('../limiter').DEFAULTS;
 
@@ -221,6 +222,7 @@ FramesRouter.prototype._publishContract = function(nodes, contract, audit, callb
  * @param {Function} next
  */
 FramesRouter.prototype.addShardToFrame = function(req, res, next) {
+  /* jshint maxstatements: 25 */
   const self = this;
   const Frame = this.storage.models.Frame;
   const Pointer = this.storage.models.Pointer;
@@ -244,6 +246,10 @@ FramesRouter.prototype.addShardToFrame = function(req, res, next) {
     ));
   }
 
+  if (req.body.size > MAX_SHARD_SIZE) {
+    return next(new errors.BadRequestError('Maximum shard size'));
+  }
+
   if (Array.isArray(req.body.exclude) &&
       req.body.exclude.length > constants.MAX_BLACKLIST) {
     return next(new errors.BadRequestError('Maximum blacklist length'));

package.json

@@ -87,7 +87,7 @@
     "storj-service-error-types": "^1.2.0",
     "storj-service-mailer": "^1.0.0",
     "storj-service-middleware": "^1.3.1",
-    "storj-service-storage-models": "^10.2.2",
+    "storj-service-storage-models": "braydonf/storj-service-storage-models#4586a77def0534b370c330b74b04aac18003fc78",
     "through": "^2.3.8"
   }
 }

test/server/routes/frames.unit.js

@@ -537,6 +537,40 @@ describe('FramesRouter', function() {
 
     });
 
+    it('it should reject shard sizes over the max', function(done) {
+      var request = httpMocks.createRequest({
+        method: 'PUT',
+        url: '/frames/frameid',
+        params: {
+          frame: 'frameid'
+        },
+        body: {
+          index: 0,
+          hash: storj.utils.rmd160('data'),
+          size: 4294967297,
+          challenges: auditStream.getPrivateRecord().challenges,
+          tree: auditStream.getPublicRecord()
+        }
+      });
+      var testUser = new framesRouter.storage.models.User({
+        _id: 'testuser@storj.io',
+        hashpass: storj.utils.sha256('password')
+      });
+      testUser.recordUploadBytes = sandbox.stub().callsArg(1);
+      testUser.isUploadRateLimited = sandbox.stub().returns(false);
+      request.user = testUser;
+
+      var response = httpMocks.createResponse({
+        req: request,
+        eventEmitter: EventEmitter
+      });
+      framesRouter.addShardToFrame(request, response, function(err) {
+        expect(err.message).to.match(/Maximum shard size/);
+        expect(err).to.be.instanceOf(errors.BadRequestError);
+        done();
+      });
+    });
+
     it('should return internal error if frame query fails', function(done) {
       var request = httpMocks.createRequest({
         method: 'PUT',