From f7e8d7ce0153a474217a2a2e2e0fc7d11b1434ca Mon Sep 17 00:00:00 2001
From: noctera <noctera.dev@proton.me>
Date: Sun, 4 Dec 2022 12:13:39 +0100
Subject: [PATCH 1/4] fix: set custom file upload size

---
 app/Controllers/InfoController.js | 1 +
 app/config/config/schema.js       | 1 +
 server.js                         | 5 +++++
 vocascan.config.example.js        | 1 +
 4 files changed, 8 insertions(+)

diff --git a/app/Controllers/InfoController.js b/app/Controllers/InfoController.js
index f9d9f052..7b6c1aba 100644
--- a/app/Controllers/InfoController.js
+++ b/app/Controllers/InfoController.js
@@ -15,6 +15,7 @@ const sendInfo = catchAsync(async (_req, res) => {
       level: config.service.email_confirm_level,
       time: config.service.email_confirm_time,
     },
+    max_file_upload: config.server.max_file_upload,
   });
 });
 
diff --git a/app/config/config/schema.js b/app/config/config/schema.js
index 5c7e404a..494b0383 100644
--- a/app/config/config/schema.js
+++ b/app/config/config/schema.js
@@ -55,6 +55,7 @@ const configSchema = Joi.object({
       .forbidden()
       .messages({ 'any.unknown': 'The `sever.registration_locked` option is moved to `service.invite_code`' }),
     cors: Joi.alternatives().try(Joi.boolean(), Joi.keyArray()).default(false),
+    max_file_upload: Joi.string().required(),
   }).required(),
 
   database: Joi.object({
diff --git a/server.js b/server.js
index be38d658..8f5bc87c 100644
--- a/server.js
+++ b/server.js
@@ -1,6 +1,7 @@
 const http = require('http');
 const path = require('path');
 const express = require('express');
+const bodyParser = require('body-parser');
 const chalk = require('chalk');
 const httpStatus = require('http-status');
 const eta = require('eta');
@@ -46,6 +47,10 @@ const createServer = async (extraConfig) => {
     next();
   });
 
+  // set body parser limit
+  server.app.use(bodyParser.json({ limit: config.server.max_file_upload }));
+  server.app.use(bodyParser.urlencoded({ extended: true, limit: config.server.max_file_upload }));
+
   // logging middleware
   server.app.use(LoggingMiddleware);
 
diff --git a/vocascan.config.example.js b/vocascan.config.example.js
index 5e10ea34..be258454 100644
--- a/vocascan.config.example.js
+++ b/vocascan.config.example.js
@@ -12,6 +12,7 @@ module.exports = {
     jwt_secret: '',
     salt_rounds: 10,
     cors: ['https://web.example1.com', 'https://web.example2.com'],
+    max_file_upload: '10mb',
   },
 
   database: {

From 2058776c65c9a1193be88b66c97b657484ccedf8 Mon Sep 17 00:00:00 2001
From: noctera <noctera.dev@proton.me>
Date: Sun, 4 Dec 2022 12:39:00 +0100
Subject: [PATCH 2/4] docs: updated swagger

---
 app/Controllers/InfoController.js | 2 +-
 docs/api/swagger.json             | 3 +++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/app/Controllers/InfoController.js b/app/Controllers/InfoController.js
index 7b6c1aba..1f535eb2 100644
--- a/app/Controllers/InfoController.js
+++ b/app/Controllers/InfoController.js
@@ -10,12 +10,12 @@ const sendInfo = catchAsync(async (_req, res) => {
     version: getVersion(),
     locked: config.service.invite_code,
     commitRef: gitDescribe === undefined ? (gitDescribe = await getGitDescribe()) : gitDescribe,
+    max_file_upload: config.server.max_file_upload,
     email_confirm: {
       enabled: config.service.email_confirm,
       level: config.service.email_confirm_level,
       time: config.service.email_confirm_time,
     },
-    max_file_upload: config.server.max_file_upload,
   });
 });
 
diff --git a/docs/api/swagger.json b/docs/api/swagger.json
index a1d48e97..c2dd2fbb 100644
--- a/docs/api/swagger.json
+++ b/docs/api/swagger.json
@@ -1082,6 +1082,9 @@
           "commitRef": {
             "type": "string"
           },
+          "max_file_upload": {
+            "type": "string"
+          },
           "email_confirm": {
             "type": "object",
             "properties": {

From beb8994d8ecc741315c321e07e45ee40188dfbc0 Mon Sep 17 00:00:00 2001
From: noctera <noctera.dev@proton.me>
Date: Sun, 4 Dec 2022 12:52:57 +0100
Subject: [PATCH 3/4] fix: default value for setting

---
 app/config/config/schema.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/config/config/schema.js b/app/config/config/schema.js
index 494b0383..956c912d 100644
--- a/app/config/config/schema.js
+++ b/app/config/config/schema.js
@@ -55,7 +55,7 @@ const configSchema = Joi.object({
       .forbidden()
       .messages({ 'any.unknown': 'The `sever.registration_locked` option is moved to `service.invite_code`' }),
     cors: Joi.alternatives().try(Joi.boolean(), Joi.keyArray()).default(false),
-    max_file_upload: Joi.string().required(),
+    max_file_upload: Joi.string().default('1mb'),
   }).required(),
 
   database: Joi.object({

From e9d44ecaa468bb80e1733ba55846fcf56aa7d9de Mon Sep 17 00:00:00 2001
From: noctera <noctera.dev@proton.me>
Date: Sun, 4 Dec 2022 13:04:32 +0100
Subject: [PATCH 4/4] fix: body-parser dependency

---
 package.json | 1 +
 1 file changed, 1 insertion(+)

diff --git a/package.json b/package.json
index 1331069b..cfe48917 100644
--- a/package.json
+++ b/package.json
@@ -34,6 +34,7 @@
   },
   "dependencies": {
     "bcrypt": "^5.0.0",
+    "body-parser": "^1.20.1",
     "chalk": "^4.1.0",
     "cli-highlight": "^2.1.11",
     "commander": "^8.3.0",