Add file type and size limit on file upload

d25d5656 · Zamil Majdy · c540b8e1 · d25d5656 · d25d5656 · d25d5656
Commit d25d5656 authored Jun 02, 2017 by Zamil Majdy
--- a/assets/js/ProfilePage.jsx
+++ b/assets/js/ProfilePage.jsx
 import React from 'react';
-import { Segment, Image, Header, Icon, Checkbox, Container, Button, Form, Grid, Card } from 'semantic-ui-react';
+import { Segment, Image, Header, Icon, Checkbox, Container, Button, Form, Grid } from 'semantic-ui-react';
 import Server from './lib/Server';
 import Storage from './lib/Storage';
 import ModalAlert from './components/ModalAlert';
+import Dumper from './lib/Dumper';

 export default class ProfilePage extends React.Component {

@@ -96,7 +97,7 @@ export default class ProfilePage extends React.Component {
      this.modalAlert.open('Profil berhasil diperbaharui', 'Silakan periksa kembali profil anda', this.getProfile);
    }, error => error.then((r) => {
      this.setState({ loading: false });
-      this.modalAlert.open('Pembaharuan profil gagal', r.detail);
+      this.modalAlert.open('Pembaharuan profil gagal', Dumper.dump(r));
    }));
  };


--- a/core/lib/validators.py
+++ b/core/lib/validators.py
+import os
+from django.core.exceptions import ValidationError
+from kape.settings import MAX_UPLOAD_SIZE
+
+
+def validate_file(value, valid_extensions):
+    ext = os.path.splitext(value.name)[1]  # [0] returns path+filename
+    if not ext.lower() in valid_extensions:
+        raise ValidationError(u'Unsupported file extension.')
+
+    print value._size
+
+    if value._size > MAX_UPLOAD_SIZE:
+        raise ValidationError(u'File too large.')
+
+
+def validate_document_file_extension(value):
+    validate_file(value, ['.pdf', '.doc', '.docx', '.jpg', '.png', '.xlsx', '.xls'])
+
+
+def validate_image_file_extension(value):
+    validate_file(value, ['.jpeg', '.jpg', '.png', '.JPG', '.JPEG'])
--- a/core/migrations/0013_auto_20170602_1130.py
+++ b/core/migrations/0013_auto_20170602_1130.py
+# -*- coding: utf-8 -*-
+# Generated by Django 1.10.5 on 2017-06-02 04:30
+from __future__ import unicode_literals
+
+import core.lib.validators
+import core.models.accounts
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('core', '0012_auto_20170502_0925'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='company',
+            name='logo',
+            field=models.FileField(blank=True, null=True, upload_to=core.models.accounts.get_company_logo_file_path, validators=[core.lib.validators.validate_image_file_extension]),
+        ),
+        migrations.AlterField(
+            model_name='student',
+            name='photo',
+            field=models.FileField(blank=True, null=True, upload_to=core.models.accounts.get_student_photo_file_path, validators=[core.lib.validators.validate_image_file_extension]),
+        ),
+        migrations.AlterField(
+            model_name='student',
+            name='resume',
+            field=models.FileField(blank=True, null=True, upload_to=core.models.accounts.get_student_resume_file_path, validators=[core.lib.validators.validate_document_file_extension]),
+        ),
+    ]
--- a/core/models/accounts.py
+++ b/core/models/accounts.py
@@ -5,6 +5,8 @@ from django.contrib.auth.models import User
 from django.core.validators import MinValueValidator, MaxValueValidator
 from django.db import models

+from core.lib.validators import validate_document_file_extension, validate_image_file_extension
+

 def get_student_resume_file_path(instance, filename):
    extension = filename.split('.')[-1].lower()
@@ -52,7 +54,7 @@ class Student(models.Model):
    updated = models.DateTimeField(auto_now=True)
    user = models.OneToOneField(User)
    npm = models.IntegerField(validators=[MinValueValidator(100000000), MaxValueValidator(9999999999)], unique=True)
-    resume = models.FileField(upload_to=get_student_resume_file_path, null=True, blank=True)
+    resume = models.FileField(upload_to=get_student_resume_file_path, null=True, blank=True, validators=[validate_document_file_extension])
    phone_number = models.CharField(max_length=100, blank=True, db_index=True, null=True)
    bookmarked_vacancies = models.ManyToManyField('core.Vacancy', related_name="bookmarked_vacancies", blank=True)
    applied_vacancies = models.ManyToManyField('core.Vacancy', related_name="applied_vacancies",
@@ -62,7 +64,7 @@ class Student(models.Model):
    major = models.CharField(max_length=30, blank=True, null=True)
    batch = models.CharField(max_length=4, blank=True, null=True)
    show_transcript = models.BooleanField(default=False)
-    photo = models.FileField(upload_to=get_student_photo_file_path, null=True, blank=True)
+    photo = models.FileField(upload_to=get_student_photo_file_path, null=True, blank=True, validators=[validate_image_file_extension])

    @property
    def name(self):
@@ -92,7 +94,7 @@ class Company(models.Model):
    user = models.OneToOneField(User)
    description = models.TextField()
    status = models.IntegerField(default=NEW)
-    logo = models.FileField(upload_to=get_company_logo_file_path, null=True, blank=True)
+    logo = models.FileField(upload_to=get_company_logo_file_path, null=True, blank=True,  validators=[validate_image_file_extension])
    address = models.CharField(max_length=1000, blank=True, null=True)

    @property

--- a/kape/settings.py
+++ b/kape/settings.py
@@ -165,3 +165,13 @@ RUNNING_DEVSERVER = (len(sys.argv) > 1 and sys.argv[1] == 'runserver')

 API_CS_CREDENTIALS = {'user': 'kape', 'password': 'yukcarikape'}

+# 2.5MB - 2621440
+# 5MB - 5242880
+# 10MB - 10485760
+# 20MB - 20971520
+# 50MB - 5242880
+# 100MB 104857600
+# 250MB - 214958080
+# 500MB - 429916160
+# 10MB - 10485760
+MAX_UPLOAD_SIZE = 5242880