Add back the content-length check as a preliminary check

geonetwork · Dec 30, 2024 · f4232fa · f4232fa
1 parent 00770fa
commit f4232fa
Showing 1 changed file with 27 additions and 0 deletions.
diff --git a/core/src/main/java/org/fao/geonet/api/records/attachments/AbstractStore.java b/core/src/main/java/org/fao/geonet/api/records/attachments/AbstractStore.java
@@ -188,6 +188,23 @@ protected String getFilenameFromHeader(final URL fileUrl) {
         }
     }
 
+    protected long getContentLengthFromHeader(final URL fileUrl) {
+        HttpURLConnection connection = null;
+        try {
+            connection = (HttpURLConnection) fileUrl.openConnection();
+            connection.setRequestMethod("HEAD");
+            connection.connect();
+            return connection.getContentLengthLong();
+        } catch (Exception e) {
+            log.error("Error retrieving resource content length from header", e);
+            return -1;
+        } finally {
+            if (connection != null) {
+                connection.disconnect();
+            }
+        }
+    }
+
     protected String getFilenameFromUrl(final URL fileUrl) {
         String fileName = FilenameUtils.getName(fileUrl.getPath());
         if (fileName.contains("?")) {
@@ -239,6 +256,16 @@ public final MetadataResource putResource(ServiceContext context, String metadat
             filename = getFilenameFromUrl(fileUrl);
         }
 
+        long contentLength = getContentLengthFromHeader(fileUrl);
+        if (contentLength > maxUploadSize) {
+            throw new GeonetMaxUploadSizeExceededException("uploadedResourceSizeExceededException")
+                .withMessageKey("exception.maxUploadSizeExceeded",
+                    new String[]{FileUtil.humanizeFileSize(maxUploadSize)})
+                .withDescriptionKey("exception.maxUploadSizeExceeded.description",
+                    new String[]{FileUtil.humanizeFileSize(contentLength),
+                        FileUtil.humanizeFileSize(maxUploadSize)});
+        }
+
         Path tempFilePath = Files.createTempFile("uploaded_resource", null);
         try (BoundedInputStream boundedInputStream = new BoundedInputStream(fileUrl.openStream(), maxUploadSize+1)) {
             Files.copy(boundedInputStream, tempFilePath, StandardCopyOption.REPLACE_EXISTING);