Add environment variables to control custom emoji size limits

Fixes #1524

diff --git a/.env.production.sample b/.env.production.sample
index 12ca64a0662ef0ebc286a6446694c64116a3d2da..65f3f9d1f38a4e9f0895e83aad8fe9733b1cd262 100644 (file)
--- a/.env.production.sample
+++ b/.env.production.sample
@@ -269,3 +269,10 @@ MAX_POLL_OPTION_CHARS=100
 # Maximum search results to display
 # Only relevant when elasticsearch is installed
 # MAX_SEARCH_RESULTS=20
+
+# Maximum custom emoji file sizes
+# If undefined or smaller than MAX_EMOJI_SIZE, the value
+# of MAX_EMOJI_SIZE will be used for MAX_REMOTE_EMOJI_SIZE
+# Units are in bytes
+MAX_EMOJI_SIZE=51200
+MAX_REMOTE_EMOJI_SIZE=204800

diff --git a/app/models/custom_emoji.rb b/app/models/custom_emoji.rb
index 7cb03b8199ba5cc7596413ea647f73496413c91d..f143579322880a0cbd4dff7663d429c083a5d8bb 100644 (file)
--- a/app/models/custom_emoji.rb
+++ b/app/models/custom_emoji.rb
@@ -21,7 +21,8 @@
 #
 
 class CustomEmoji < ApplicationRecord
-  LIMIT = 50.kilobytes
+  LOCAL_LIMIT = (ENV['MAX_EMOJI_SIZE'] || 50.kilobytes).to_i
+  LIMIT       = [LOCAL_LIMIT, (ENV['MAX_REMOTE_EMOJI_SIZE'] || 200.kilobytes).to_i].max
 
   SHORTCODE_RE_FRAGMENT = '[a-zA-Z0-9_]{2,}'
 
@@ -38,7 +39,9 @@ class CustomEmoji < ApplicationRecord
 
   before_validation :downcase_domain
 
-  validates_attachment :image, content_type: { content_type: IMAGE_MIME_TYPES }, presence: true, size: { less_than: LIMIT }
+  validates_attachment :image, content_type: { content_type: IMAGE_MIME_TYPES }, presence: true
+  validates_attachment_size :image, less_than: LIMIT, unless: :local?
+  validates_attachment_size :image, less_than: LOCAL_LIMIT, if: :local?
   validates :shortcode, uniqueness: { scope: :domain }, format: { with: /\A#{SHORTCODE_RE_FRAGMENT}\z/ }, length: { minimum: 2 }
 
   scope :local, -> { where(domain: nil) }