Skip to content

Commit

Permalink
Fix thumbnails status code
Browse files Browse the repository at this point in the history
Return 403 instead of 500 when the image is too large (in dimensions or file
size).

Fixes: #10589
  • Loading branch information
rhafer committed Nov 18, 2024
1 parent 8a90399 commit e0cf17d
Show file tree
Hide file tree
Showing 2 changed files with 25 additions and 8 deletions.
9 changes: 9 additions & 0 deletions changelog/unreleased/fix-thumbnails-statuscode.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
Bugfix: Fix status code for thumbnail requests

We fixed the status code returned by the thumbnails service when the image
source for a thumbnail exceeds the configured maximum dimensions or file size.
The service now returns a 403 Forbidden status code instead of a 500 Internal
Server Error status code.

https://github.com/owncloud/ocis/pull/10592
https://github.com/owncloud/ocis/issues/10589
24 changes: 16 additions & 8 deletions services/thumbnails/pkg/service/grpc/v0/service.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ import (

"github.com/owncloud/ocis/v2/ocis-pkg/log"
thumbnailssvc "github.com/owncloud/ocis/v2/protogen/gen/ocis/services/thumbnails/v0"
terrors "github.com/owncloud/ocis/v2/services/thumbnails/pkg/errors"
"github.com/owncloud/ocis/v2/services/thumbnails/pkg/preprocessor"
"github.com/owncloud/ocis/v2/services/thumbnails/pkg/service/grpc/v0/decorators"
tjwt "github.com/owncloud/ocis/v2/services/thumbnails/pkg/service/jwt"
Expand Down Expand Up @@ -155,9 +156,13 @@ func (g Thumbnail) handleCS3Source(ctx context.Context, req *thumbnailssvc.GetTh

ctx = imgsource.ContextSetAuthorization(ctx, src.GetAuthorization())
r, err := g.cs3Source.Get(ctx, src.GetPath())
if err != nil {
switch {
case errors.Is(err, terrors.ErrImageTooLarge):
return "", merrors.Forbidden(g.serviceID, err.Error())
case err != nil:
return "", merrors.InternalServerError(g.serviceID, "could not get image from source: %s", err.Error())
}

defer r.Close()
ppOpts := map[string]interface{}{
"fontFileMap": g.preprocessorOpts.TxtFontFileMap,
Expand All @@ -169,10 +174,10 @@ func (g Thumbnail) handleCS3Source(ctx context.Context, req *thumbnailssvc.GetTh
}

key, err = g.manager.Generate(tr, img)
if err != nil {
return "", err
if errors.Is(err, terrors.ErrImageTooLarge) {
return "", merrors.Forbidden(g.serviceID, err.Error())
}
return key, nil
return key, err
}

func (g Thumbnail) handleWebdavSource(ctx context.Context, req *thumbnailssvc.GetThumbnailRequest) (string, error) {
Expand Down Expand Up @@ -244,7 +249,10 @@ func (g Thumbnail) handleWebdavSource(ctx context.Context, req *thumbnailssvc.Ge
imgURL.RawQuery = params.Encode()

r, err := g.webdavSource.Get(ctx, imgURL.String())
if err != nil {
switch {
case errors.Is(err, terrors.ErrImageTooLarge):
return "", merrors.Forbidden(g.serviceID, err.Error())
case err != nil:
return "", merrors.InternalServerError(g.serviceID, "could not get image from source: %s", err.Error())
}
defer r.Close()
Expand All @@ -258,10 +266,10 @@ func (g Thumbnail) handleWebdavSource(ctx context.Context, req *thumbnailssvc.Ge
}

key, err = g.manager.Generate(tr, img)
if err != nil {
return "", err
if errors.Is(err, terrors.ErrImageTooLarge) {
return "", merrors.Forbidden(g.serviceID, err.Error())
}
return key, nil
return key, err
}

func (g Thumbnail) stat(path, auth string) (*provider.StatResponse, error) {
Expand Down

0 comments on commit e0cf17d

Please sign in to comment.