From 9e86af98262c34de3d0c34df33f39f826d272676 Mon Sep 17 00:00:00 2001
From: AdrienLSH <git.adrienlsh@42l.fr>
Date: Thu, 8 Feb 2024 08:54:13 +0100
Subject: [PATCH] pp upload: size limit in django settings

---
 profiles/models.py        | 2 +-
 profiles/viewsets.py      | 6 ++++--
 transcendence/settings.py | 4 ++++
 3 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/profiles/models.py b/profiles/models.py
index aaa2daa..aaff1ad 100644
--- a/profiles/models.py
+++ b/profiles/models.py
@@ -14,7 +14,7 @@ def upload_to(instance, filename: str):
 # Create your models here.
 class ProfileModel(models.Model):
     user = models.ForeignKey(User, on_delete=models.CASCADE)
-    avatar_url = models.ImageField(upload_to=upload_to, default="./profiles/static/avatars/default.avif") #blank=True, null=True)
+    avatar_url = models.ImageField(upload_to=upload_to, default="./profiles/static/avatars/default.avif")
     
     def get_game(self) -> int:
         for game in game_manager._game_list:
diff --git a/profiles/viewsets.py b/profiles/viewsets.py
index 1d902b5..60725e1 100644
--- a/profiles/viewsets.py
+++ b/profiles/viewsets.py
@@ -8,6 +8,8 @@ from rest_framework.authentication import SessionAuthentication
 from django.http import HttpRequest
 from django.db.models import QuerySet
 from django.contrib.auth.models import User
+from django.core.files.uploadedfile import InMemoryUploadedFile
+from django.conf import settings
 
 from .serializers import ProfileSerializer
 from .models import ProfileModel
@@ -55,8 +57,8 @@ class MyProfileViewSet(viewsets.ModelViewSet):
 
     def perform_update(self, serializer, pk=None):
         profile: ProfileModel = self.get_object()
-        avatar = self.request.data.get("file", None)
-        if (avatar is not None and avatar.size <= 2 * 1024 * 1024):
+        avatar : InMemoryUploadedFile = self.request.data.get("file", None)
+        if (avatar is not None and avatar.size <= settings.PROFILE_PICTURE_MAX_SIZE):
             if (profile.avatar_url.name != "./profiles/static/avatars/default.avif"):
                 profile.avatar_url.storage.delete(profile.avatar_url.name)
             profile.avatar_url = avatar
diff --git a/transcendence/settings.py b/transcendence/settings.py
index f6193a8..7e4fe90 100644
--- a/transcendence/settings.py
+++ b/transcendence/settings.py
@@ -160,3 +160,7 @@ STATIC_URL = 'static/'
 # https://docs.djangoproject.com/en/4.2/ref/settings/#default-auto-field
 
 DEFAULT_AUTO_FIELD = 'django.db.models.BigAutoField'
+
+# Profile picture upload limit
+
+PROFILE_PICTURE_MAX_SIZE = 2 * 1024 * 1024 # 2MB