Avatar upload restriction has been finalized! Update your Config.toml!!!

Config.example.toml

@@ -63,8 +63,9 @@ customText = """
 ]
 """
 
+### Full update of these parameters occurs only after restarting the Sculptor!!!
 [limitations]
-maxAvatarSize = 100000 # 100 KB
+maxAvatarSize = 100 # KB
 maxAvatars = 10
 
 [advancedUsers.66004548-4de5-49de-bade-9c3933d8eb97]

src/api/figura/info.rs

@@ -41,7 +41,7 @@ pub async fn limits(State(state): State<AppState>) -> Json<Value> {
             "upload": 1
         },
         "limits": {
-            "maxAvatarSize": state.max_avatar_size,
+            "maxAvatarSize": state.max_avatar_size * 1000,
             "maxAvatars": state.max_avatars,
             "allowedBadges": {
                 "special": [0,0,0,0,0,0],

src/api/v1/mod.rs

@@ -6,7 +6,7 @@ mod users;
 mod types;
 mod avatars;
 
-pub fn router() -> Router<AppState> {
+pub fn router(limit: usize) -> Router<AppState> {
     Router::new()
         .route("/verify", get(http2ws::verify))
         .route("/raw", post(http2ws::raw))
@@ -16,6 +16,6 @@ pub fn router() -> Router<AppState> {
         .route("/user/create", post(users::create_user))
         .route("/user/:uuid/ban", post(users::ban))
         .route("/user/:uuid/unban", post(users::unban))
-        .route("/avatar/:uuid", put(avatars::upload_avatar).layer(DefaultBodyLimit::disable()))
+        .route("/avatar/:uuid", put(avatars::upload_avatar).layer(DefaultBodyLimit::max(limit)))
         .route("/avatar/:uuid", delete(avatars::delete_avatar))
 }

src/main.rs

@@ -35,7 +35,12 @@ use state::Config;
 
 // Utils
 mod utils;
-use utils::{check_updates, download_assets, get_commit_sha, get_log_file, get_path_to_assets_hash, is_assets_outdated, remove_assets, update_advanced_users, update_bans_from_minecraft, write_sha_to_file, FiguraVersions};
+use utils::{
+    check_updates, download_assets, get_commit_sha,
+    get_limit_as_bytes, get_log_file, get_path_to_assets_hash,
+    is_assets_outdated, remove_assets, update_advanced_users,
+    update_bans_from_minecraft, write_sha_to_file, FiguraVersions
+};
 
 #[derive(Debug, Clone)]
 pub struct AppState {
@@ -120,6 +125,7 @@ async fn main() -> Result<()> {
     // Config
     let config = Arc::new(RwLock::new(Config::parse(CONFIG_VAR.clone().into())));
     let listen = config.read().await.listen.clone();
+    let limit = get_limit_as_bytes(config.read().await.limitations.max_avatar_size.clone() as usize);
 
     if config.read().await.assets_updater_enabled {
         // Force update assets if folder or hash file doesn't exists.
@@ -183,14 +189,14 @@ async fn main() -> Result<()> {
     let api = Router::new()
         .nest("//auth", api_auth::router()) // => /api//auth ¯\_(ツ)_/¯
         .nest("//assets", api_assets::router())
-        .nest("/v1", api::v1::router())
+        .nest("/v1", api::v1::router(limit))
         .route("/limits", get(api_info::limits))
         .route("/version", get(api_info::version))
         .route("/motd", get(api_info::motd))
         .route("/equip", post(api_profile::equip_avatar))
         .route("/:uuid", get(api_profile::user_info))
         .route("/:uuid/avatar", get(api_profile::download_avatar))
-        .route("/avatar", put(api_profile::upload_avatar).layer(DefaultBodyLimit::disable()))
+        .route("/avatar", put(api_profile::upload_avatar).layer(DefaultBodyLimit::max(limit)))
         .route("/avatar", delete(api_profile::delete_avatar));
 
     let app = Router::new()

src/utils/utils.rs

@@ -143,4 +143,8 @@ pub fn get_log_file(folder: &str) -> String {
         }
         index += 1;
     }
+}
+
+pub fn get_limit_as_bytes(limit: usize) -> usize {
+    1024 + limit * 1024 // Adding additional 1 KB just for fun :)
 }