Adding configurable file size limit for application attachments

[viktorcsimma]

Now, it is not limited to 2 MB, but a limit can be given in .env (the default is 10 MB = 10 000 000 B).

This applies to language exam files and profile pictures, too. In the future, these could be separated to different .env entries.

And as an additional nicety, language exam files are new opened on a new tab.

[coderabbitai[bot]]

Walkthrough

## Walkthrough The recent changes significantly enhance the application's file upload capabilities by introducing a configurable maximum file size limit. This limit, now sourced from environment configurations, ensures greater flexibility across different deployment settings. By replacing hard-coded values with dynamic references, the system has become more maintainable and adaptable. User interfaces have also been updated to reflect these configurations, providing users with clear information regarding current upload constraints. ## Changes | File Path | Change Summary | |-------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------| | `.env.example` | Added `APPLICATION_MAX_FILE_SIZE=10000000` to set a maximum file size limit in bytes. | | `app/Http/Controllers/Secretariat/UserController.php` | Updated file upload validation rules to use a dynamic limit from configuration instead of hard-coded values. | | `app/Utils/ApplicationHandler.php` | Changed file upload validation to reference a configurable file size limit rather than a fixed number. | | `config/application.php` | Introduced a configuration for maximum file size, using the environment variable with a default value. | | `config/custom.php` | Added a setting for maximum accepted file size for general uploads and profile pictures. | | `config/print.php` | Increased PDF file size limit from 5,000,000 bytes to 10,000,000 bytes. | | `resources/views/auth/application/files.blade.php` | Updated file input size limit to a dynamic configuration value, enhancing user interface feedback. | | `resources/views/user/alfonso-language-exams.blade.php` | Modified file input size limit dynamically and added `target="_blank"` to an anchor tag for improved navigation. | | `resources/views/utils/user/profile-picture.blade.php` | Adjusted helper text to dynamically reflect the maximum file size limit based on configuration. | ## Sequence Diagram(s) ```mermaid sequenceDiagram participant User participant Frontend participant UserController participant ApplicationHandler participant Config User->>Frontend: Uploads file Frontend->>UserController: Sends file upload request UserController->>Config: Retrieves file size limit Config-->>UserController: Returns dynamic limit UserController->>ApplicationHandler: Validates file size against limit ApplicationHandler-->>UserController: Validation result UserController-->>Frontend: Responds with success or error Frontend-->>User: Displays outcome ```

---

Recent review details

**Configuration used: .coderabbit.yaml** **Review profile: CHILL**

Commits

Files that changed from the base of the PR and between 261525c6a91aefa8340554eac7dd370e9f86a851 and 6437bb8c221b42e773f38e5bbc01a9e78f8125c5.

Files selected for processing (2)

* resources/views/auth/application/files.blade.php (1 hunks) * resources/views/user/alfonso-language-exams.blade.php (3 hunks)

Files skipped from review as they are similar to previous changes (2)

* resources/views/auth/application/files.blade.php * resources/views/user/alfonso-language-exams.blade.php

--- Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

- [X](https://twitter.com/intent/tweet?text=I%20just%20used%20%40coderabbitai%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20the%20proprietary%20code.%20Check%20it%20out%3A&url=https%3A//coderabbit.ai) - [Mastodon](https://mastodon.social/share?text=I%20just%20used%20%40coderabbitai%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20the%20proprietary%20code.%20Check%20it%20out%3A%20https%3A%2F%2Fcoderabbit.ai) - [Reddit](https://www.reddit.com/submit?title=Great%20tool%20for%20code%20review%20-%20CodeRabbit&text=I%20just%20used%20CodeRabbit%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20proprietary%20code.%20Check%20it%20out%3A%20https%3A//coderabbit.ai) - [LinkedIn](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fcoderabbit.ai&mini=true&title=Great%20tool%20for%20code%20review%20-%20CodeRabbit&summary=I%20just%20used%20CodeRabbit%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20proprietary%20code)

Tips

### Chat There are 3 ways to chat with [CodeRabbit](https://coderabbit.ai): - Review comments: Directly reply to a review comment made by CodeRabbit. Example: - `I pushed a fix in commit .` - `Generate unit testing code for this file.` - `Open a follow-up GitHub issue for this discussion.` - Files and specific lines of code (under the "Files changed" tab): Tag `@coderabbitai` in a new review comment at the desired location with your query. Examples: - `@coderabbitai generate unit testing code for this file.` - `@coderabbitai modularize this function.` - PR comments: Tag `@coderabbitai` in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples: - `@coderabbitai generate interesting stats about this repository and render them as a table.` - `@coderabbitai show all the console.log statements in this repository.` - `@coderabbitai read src/utils.ts and generate unit testing code.` - `@coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.` - `@coderabbitai help me debug CodeRabbit configuration file.` Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. ### CodeRabbit Commands (invoked as PR comments) - `@coderabbitai pause` to pause the reviews on a PR. - `@coderabbitai resume` to resume the paused reviews. - `@coderabbitai review` to trigger an incremental review. This is useful when automatic reviews are disabled for the repository. - `@coderabbitai full review` to do a full review from scratch and review all the files again. - `@coderabbitai summary` to regenerate the summary of the PR. - `@coderabbitai resolve` resolve all the CodeRabbit review comments. - `@coderabbitai configuration` to show the current CodeRabbit configuration for the repository. - `@coderabbitai help` to get help. Additionally, you can add `@coderabbitai ignore` anywhere in the PR description to prevent this PR from being reviewed. ### CodeRabbit Configuration File (`.coderabbit.yaml`) - You can programmatically configure CodeRabbit by adding a `.coderabbit.yaml` file to the root of your repository. - Please see the [configuration documentation](https://docs.coderabbit.ai/guides/configure-coderabbit) for more information. - If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: `# yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json` ### Documentation and Community - Visit our [Documentation](https://coderabbit.ai/docs) for detailed information on how to use CodeRabbit. - Join our [Discord Community](https://discord.com/invite/GsXnASn26c) to get help, request features, and share feedback. - Follow us on [X/Twitter](https://twitter.com/coderabbitai) for updates and announcements.

[viktorcsimma]

With the naming, you are right; what about putting it into the general config file as something like "general file size limit"?

Bytes seem to be logical to me because the size attribute expects bytes; those have also been used earlier for printer file size limits.

I think it would be nice to make it configurable if we could, but I don't insist on it. WDYT?

[horcsinbalint]

I'm not insisting on changing the unit of measurement, just found the proposed changes quite confusing.

On the one hand, yes, it is used in the size attribute. But does the size attribute have any effect? I think according to the HTML5 specification the size attribute is ignored in cases where <input type="file"> is used. If you want to change the scope of this PR by implementing a general file size limit, please note that in cases where the file size limit is larger than a reverse proxy's size limit, it should return with an error code of 413 and not pass the request to the PHP interpreter.

[viktorcsimma]

I see... so should we include a comment on this limitation in .env.example?

Until then, I'll simply remove the size attributes; thanks for pointing that out.

[horcsinbalint]

But as the printer's file upload limit is set in bytes, I would also use bytes on this PR. So yeah, changing the units of measurements is not necessary, I think it would be out of scope of this PR. (If I were the author, I would open a separate PR for changing the unit of measurement and drop the unnecessary size attributes.)

[viktorcsimma]

So should we have a small, immediately mergeable PR that just raises the limits until then?

[viktorcsimma]

Okay; thank you:)