Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Set upper limit to attachment size #84

Open
manuerwin opened this issue Feb 5, 2024 · 7 comments
Open

Set upper limit to attachment size #84

manuerwin opened this issue Feb 5, 2024 · 7 comments
Assignees

Comments

@manuerwin
Copy link

The app seems to allow any size file to be uploaded, strongly suggest something like a setting that optionally limits the max attachment size and displays an error/warning if exceeded to:
a) conserve storage and
b) prevent bad actors

See screenshot of the 35MB sample image I was able to upload just now (I've since deleted the expense, however I'm unsure if the image has been deleted from S3?)
screencapture-spliit-app-groups-expenses-edit-2024-02-05-19_02_33

@scastiel
Copy link
Member

scastiel commented Feb 5, 2024

Agree! I found a nice way to add a limit for the file size when using next-s3-upload (the third package I used), but it requires a change in the library (see this open PR). I hope the repository is still maintained (last commit is from October), otherwise I’ll just fork the package.

@manuerwin
Copy link
Author

Seems like that will work, for S3 which is great.
However if the size check happened in app/window, then it would be applicable to any file provider right?

@scastiel
Copy link
Member

scastiel commented Feb 6, 2024

You’re right, I just pushed a check for the file size on the client side, which is nice for user experience anyway. But ultimately, we need to perform a better check, as for now nothing prevents a user from tweaking the code in the browser to disable the check.

@manuerwin
Copy link
Author

manuerwin commented Feb 6, 2024 via email

@manuerwin
Copy link
Author

After a bit more thought, suggest perhaps a max limit of 2MB?
That should allow for fairly large images and certainly PDF’s etc IMO.
The math on 5MB X many expenses => large over the long term IMO

@shynst
Copy link
Contributor

shynst commented Feb 22, 2024

After a bit more thought, suggest perhaps a max limit of 2MB? That should allow for fairly large images and certainly PDF’s etc IMO. The math on 5MB X many expenses => large over the long term IMO

A setting you should probably be able to tweak in a .env file, instead of having to hardcode.

@manuerwin
Copy link
Author

Great point about the .env file, agree!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants