Added check in project api.

bloomberg · Feb 22, 2023 · bdd1060 · bdd1060
1 parent 9f1b0c5
commit bdd1060
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 1 deletion.
diff --git a/pybossa/api/api_base.py b/pybossa/api/api_base.py
@@ -325,6 +325,7 @@ def post(self):
             cls_name = self.__class__.__name__
             data = None
             self.valid_args()
+            self._preprocess_request(request)
             data = self._file_upload(request)
             if data is None:
                 data = self._parse_request_data()
@@ -363,10 +364,15 @@ def _parse_request_data(self):
         return data
 
     def _preprocess_post_data(self, data):
-        """Method to be overriden by inheriting classes that will
+        """Method to be overridden by inheriting classes that will
         perform preprocessing on the POST data"""
         pass
 
+    def _preprocess_request(self, request):
+        """Method to be overridden by inheriting classes that will
+        perform preprocessong on the POST request"""
+        pass
+
     def _create_instance_from_request(self, data):
         data = self.hateoas.remove_links(data)
         inst = self.__class__(**data)
@@ -428,6 +434,7 @@ def put(self, oid):
         """
         try:
             self.valid_args()
+            self._preprocess_request(request)
             cls_name = self.__class__.__name__
             repo = repos[cls_name]['repo']
             query_func = repos[cls_name]['get']

diff --git a/pybossa/api/project.py b/pybossa/api/project.py
@@ -51,6 +51,16 @@ class ProjectAPI(APIBase):
     private_keys = set(['secret_key'])
     restricted_keys = set()
 
+    def _preprocess_request(self, request):
+        # Limit maximum post data size.
+        content_length = request.content_length
+        max_length_mb = current_app.config.get('TASK_PRESENTER_MAX_SIZE_MB', 2)
+        max_length_bytes = max_length_mb * 1024 * 1024 # 2 MB maximum POST data size
+        if content_length is not None and content_length > max_length_bytes:
+            raise BadRequest('The task presenter/guidelines content exceeds ' +
+                str(max_length_mb) +
+                ' MB. Please move large content to an external file.')
+
     def _preprocess_post_data(self, data):
         # set amp_store default as true when not passed as input param
         amp_config = data.get('info', {}).get('annotation_config', {}).get('amp_store')