Fix upload limits for direct uploads (again) (#1479)

* Use constants to represent file size limits

* Allow uploads of up to 500mb for self-hosted

* Set nginx max body size to 505mb

* Add reminder about updating nginx/proxy.conf

src/Api/Controllers/CiphersController.cs

@@ -17,6 +17,7 @@ using Microsoft.Azure.EventGrid.Models;
 using Bit.Core.Models.Data;
 using Microsoft.Extensions.Logging;
 using Newtonsoft.Json;
+using Bit.Core;
 
 namespace Bit.Api.Controllers
 {
@@ -622,7 +623,7 @@ namespace Bit.Api.Controllers
         }
 
         [HttpPost("{id}/attachment/{attachmentId}")]
-        [DisableRequestSizeLimit]
+        [RequestSizeLimit(Constants.FileSize501mb)]
         [DisableFormValueModelBinding]
         public async Task PostFileForExistingAttachment(string id, string attachmentId)
         {
@@ -652,7 +653,7 @@ namespace Bit.Api.Controllers
         }
 
         [HttpPost("{id}/attachment")]
-        [RequestSizeLimit(105_906_176)]
+        [RequestSizeLimit(Constants.FileSize101mb)]
         [DisableFormValueModelBinding]
         public async Task<CipherResponseModel> PostAttachment(string id)
         {
@@ -676,7 +677,7 @@ namespace Bit.Api.Controllers
         }
 
         [HttpPost("{id}/attachment-admin")]
-        [RequestSizeLimit(105_906_176)]
+        [RequestSizeLimit(Constants.FileSize101mb)]
         [DisableFormValueModelBinding]
         public async Task<CipherMiniResponseModel> PostAttachmentAdmin(string id)
         {
@@ -709,7 +710,7 @@ namespace Bit.Api.Controllers
         }
 
         [HttpPost("{id}/attachment/{attachmentId}/share")]
-        [RequestSizeLimit(105_906_176)]
+        [RequestSizeLimit(Constants.FileSize101mb)]
         [DisableFormValueModelBinding]
         public async Task PostAttachmentShare(string id, string attachmentId, Guid organizationId)
         {
@@ -805,7 +806,7 @@ namespace Bit.Api.Controllers
                 throw new BadRequestException("Invalid content.");
             }
 
-            if (Request.ContentLength > 105906176) // 101 MB, give em' 1 extra MB for cushion
+            if (Request.ContentLength > Constants.FileSize101mb)
             {
                 throw new BadRequestException("Max file size is 100 MB.");
             }

src/Api/Controllers/SendsController.cs

@@ -19,6 +19,7 @@ using Bit.Core.Models.Table;
 using Newtonsoft.Json;
 using Bit.Core.Models.Data;
 using Microsoft.Extensions.Logging;
+using Bit.Core;
 
 namespace Bit.Api.Controllers
 {
@@ -166,7 +167,7 @@ namespace Bit.Api.Controllers
         }
 
         [HttpPost("file")]
-        [RequestSizeLimit(105_906_176)]
+        [RequestSizeLimit(Constants.FileSize101mb)]
         [DisableFormValueModelBinding]
         public async Task<SendResponseModel> PostFile()
         {
@@ -175,7 +176,7 @@ namespace Bit.Api.Controllers
                 throw new BadRequestException("Invalid content.");
             }
 
-            if (Request.ContentLength > 105906176) // 101 MB, give em' 1 extra MB for cushion
+            if (Request.ContentLength > Constants.FileSize101mb)
             {
                 throw new BadRequestException("Max file size is 100 MB.");
             }
@@ -249,7 +250,7 @@ namespace Bit.Api.Controllers
         }
 
         [HttpPost("{id}/file/{fileId}")]
-        [DisableRequestSizeLimit]
+        [RequestSizeLimit(Constants.FileSize501mb)]
         [DisableFormValueModelBinding]
         public async Task PostFileForExistingSend(string id, string fileId)
         {
@@ -258,7 +259,7 @@ namespace Bit.Api.Controllers
                 throw new BadRequestException("Invalid content.");
             }
 
-            if (Request.ContentLength > 105906176 && !_globalSettings.SelfHosted) // 101 MB, give em' 1 extra MB for cushion
+            if (Request.ContentLength > Constants.FileSize101mb && !_globalSettings.SelfHosted)
             {
                 throw new BadRequestException("Max file size for direct upload is 100 MB.");
             }

src/Core/Constants.cs

@@ -3,6 +3,12 @@
     public static class Constants
     {
         public const int BypassFiltersEventId = 12482444;
+
+        // File size limits - give 1 MB extra for cushion.
+        // Note: if request size limits are changed, 'client_max_body_size'
+        // in nginx/proxy.conf may also need to be updated accordingly.
+        public const long FileSize101mb = 101L * 1024L * 1024L;
+        public const long FileSize501mb = 501L * 1024L * 1024L;
     }
 
     public static class TokenPurposes 

src/Core/Services/Implementations/CipherService.cs

@@ -18,7 +18,7 @@ namespace Bit.Core.Services
 {
     public class CipherService : ICipherService
     {
-        public const long MAX_FILE_SIZE = 500L * 1024L * 1024L; // 500MB
+        public const long MAX_FILE_SIZE = Constants.FileSize501mb;
         public const string MAX_FILE_SIZE_READABLE = "500 MB";
         private readonly ICipherRepository _cipherRepository;
         private readonly IFolderRepository _folderRepository;

src/Core/Services/Implementations/SendService.cs

@@ -17,7 +17,7 @@ namespace Bit.Core.Services
 {
     public class SendService : ISendService
     {
-        public const long MAX_FILE_SIZE = 500L * 1024L * 1024L; // 500MB
+        public const long MAX_FILE_SIZE = Constants.FileSize501mb;
         public const string MAX_FILE_SIZE_READABLE = "500 MB";
         private readonly ISendRepository _sendRepository;
         private readonly IUserRepository _userRepository;

util/Nginx/proxy.conf

@@ -4,7 +4,7 @@ proxy_set_header        X-Real-IP         $remote_addr;
 proxy_set_header        X-Forwarded-For   $proxy_add_x_forwarded_for;
 proxy_set_header        X-Url-Scheme      $scheme;
 proxy_set_header        X-Forwarded-Proto $scheme;
-client_max_body_size    105m;
+client_max_body_size    505m;
 client_body_buffer_size 128k;
 proxy_connect_timeout   90;
 proxy_send_timeout      90;
@@ -12,4 +12,4 @@ proxy_read_timeout      90;
 proxy_buffer_size       128k;
 proxy_buffers           4 256k;
 proxy_busy_buffers_size 256k;
-large_client_header_buffers 4 32k;
+large_client_header_buffers 4 32k;