From 1cf5bf2cf7d9c573ec29dbaf17e12669be90efeb Mon Sep 17 00:00:00 2001
From: Benjamin Bolte <ben@bolte.cc>
Date: Sun, 18 Aug 2024 23:54:41 -0700
Subject: [PATCH] server side checks

---
 store/app/routers/urdf.py | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/store/app/routers/urdf.py b/store/app/routers/urdf.py
index bc6746d7..5affdb85 100644
--- a/store/app/routers/urdf.py
+++ b/store/app/routers/urdf.py
@@ -16,6 +16,7 @@
     get_compression_type,
 )
 from store.app.routers.users import get_session_user_with_write_permission
+from store.settings import settings
 
 urdf_router = APIRouter()
 
@@ -65,6 +66,27 @@ async def set_urdf(
     crud: Annotated[Crud, Depends(Crud.get)],
     file: UploadFile,
 ) -> UrdfResponse:
+    if file.filename is None:
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail="Artifact filename was not provided",
+        )
+    if file.size is None:
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail="Artifact size was not provided",
+        )
+    if file.size < settings.artifact.min_bytes:
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail=f"Artifact size is too small; {file.size} is less than {settings.artifact.min_bytes} bytes",
+        )
+    if file.size > settings.artifact.max_bytes:
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail=f"Artifact size is too large; {file.size} is greater than {settings.artifact.max_bytes} bytes",
+        )
+
     # Gets the compression type from the file content type and filename.
     compression_type = get_compression_type(file.content_type, file.filename)
     if compression_type not in ("tgz", "zip"):