judicialcouncilcalifornia / docassemble.jcc.abilitytopay

https://mycitations.courts.ca.gov
MIT License
0 stars 0 forks source link

Validate image upload size #94

Open bennlich opened 5 years ago

bennlich commented 5 years ago

Need to disallow image uploads larger than maximum allowed file size.

See https://docassemble.org/docs/config.html#maximum%20content%20length and https://docassemble.org/docs/recipes.html#upload%20validation

Frontend should validate image size.

nginx needs to be set up to have no limit:

https://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size

JCCChris commented 5 years ago

What file size do we want to allow? There is also ability to accept only JPGs if we want. (which makes sense to me)

CC @bennlich

bennlich commented 5 years ago

There's a feature for automatically resizing images. Maybe that's what we should use. I think the main goals are:

So I'm inclined to leave the max upload size large, and just make the UI validate that large number.

We should also determine if it's possible for the blob storage to get too full.

JCCChris commented 5 years ago

Seems like 50 megabytes is an acceptable limit. DA can use imagemagick to convert the image on the server to jpeg from other image formats. This is processor intensive, however. And, to my knowledge phone cameras always use jpeg. We can allow other types too for desktop uploads. Do we want to convert to jpeg?

bennlich commented 5 years ago

Hmm. 50MB sounds pretty large to me. But really it all depends on how our image storage is set up. Can we figure out how much space the image blob storage that we're using has, and what happens if it gets too full?

A related question: do images ever get removed from this blob storage? (e.g. when a case is completed by a clerk)

Might need to coordinate with Akbar from GJS to answer some of these questions.

Do we want to convert to jpeg?

I don't think this is necessary. I think we have our bases covered so long as we:

1) set a limit on the file upload size 2) know how much storage space we're working with 3) have an estimate of how long it will take to fill up 4) have a plan for what happens when it does

JCCChris commented 5 years ago

I don't know enough about blob storage to answer these questions. @glenster75 Do you know the answers to Benny's questions.

glensouza commented 5 years ago

Blob storage is elastic. It can take Petabytes without a problem. It's a matter of how much we're willing to spend as they charge per block of "x" GBs. How big will this get if we allow 50MB images to be uploaded? I have no sense of volume.

JCCChris commented 5 years ago

There's about 10 forms of benefits right now. Each person can upload proof for each form of benefit. Depending on how many people use the system will determine the requirements. There was discussion around deleting this evidence after processing.

glensouza commented 5 years ago

We should be fine for a long time with Blob Storage and should keep an eye periodically on expenditure to determine how long we should keep it and also if we should limit upload sizes.

JCCChris commented 5 years ago

What size would you suggest as the file size limit? I threw out 50MB as what seemed pretty safe to me. They can upload PDFs (I recently found out).

glensouza commented 5 years ago

Maybe we evaluate the size limits once we have more usage and data? Let's keep an eye out.