hvlads · hvlads · Aug 31, 2024 · Jul 18, 2024 · hvlads · Jul 28, 2024
diff --git a/README.rst b/README.rst
@@ -387,6 +387,17 @@ distinguish between image and file upload. Exposing the file upload to
 all/untrusted users poses a risk!
 
 
+Restrict upload file size:
+^^^^^^^^^^^^^^^^^^^^^^^^^^
+You can restrict the maximum size for uploaded images and files by adding
+
+ .. code-block:: python
+
+      CKEDITOR_5_MAX_FILE_SIZE = 5 # Max size in MB
+
+to your config. Default is 0 (allow any file size).
+
+
 Installing from GitHub:
 ^^^^^^^^^^^^^^^^^^^^^^^
   .. code-block:: bash

diff --git a/django_ckeditor_5/forms.py b/django_ckeditor_5/forms.py
@@ -2,6 +2,8 @@
 from django.conf import settings
 from django.core.validators import FileExtensionValidator
 
+from django_ckeditor_5.validators import FileMaxSizeValidator
+
 
 class UploadFileForm(forms.Form):
     upload = forms.FileField(
@@ -13,5 +15,6 @@ class UploadFileForm(forms.Form):
                     ["jpg", "jpeg", "png", "gif", "bmp", "webp", "tiff"],
                 ),
             ),
+            FileMaxSizeValidator(getattr(settings, "CKEDITOR_5_MAX_FILE_SIZE", 0)),
         ],
     )
diff --git a/django_ckeditor_5/validators.py b/django_ckeditor_5/validators.py
@@ -0,0 +1,40 @@
+from django import get_version
+from django.core.exceptions import ValidationError
+from django.utils.deconstruct import deconstructible
+
+if get_version() >= "4.0":
+    from django.utils.translation import gettext_lazy as _
+else:
+    from django.utils.translation import ugettext_lazy as _
+
+
+@deconstructible()
+class FileMaxSizeValidator:
+    """Validate that a file is not bigger than max_size mb, otherwise raise ValidationError.
+    If zero is passed for max_size any file size is allowed.
+    """
+
+    message = _("File should be at most %(max_size)s MB.")
+    code = "invalid_size"
+
+    def __init__(self, max_size):
+        self.max_size = max_size * 1024 * 1024
+        self.orig_max_size = max_size
+
+    def __call__(self, value):
+        if value.size > self.max_size > 0:
+            raise ValidationError(
+                self.message,
+                code=self.code,
+                params={
+                    "max_size": self.orig_max_size,
+                },
+            )
+
+    def __eq__(self, other):
+        return (
+            isinstance(other, self.__class__)
+            and self.max_size == other.max_size
+            and self.message == other.message
+            and self.code == other.code
+        )
diff --git a/django_ckeditor_5/views.py b/django_ckeditor_5/views.py
@@ -81,4 +81,10 @@ def upload_file(request):
         url = handle_uploaded_file(request.FILES["upload"])
         return JsonResponse({"url": url})
 
+    if form.errors["upload"]:
+        return JsonResponse(
+            {"error": {"message": form.errors["upload"][0]}},
+            status=400,
+        )
+
     return JsonResponse({"error": {"message": _("Invalid form data")}}, status=400)
diff --git a/example/blog/blog/test_settings.py b/example/blog/blog/test_settings.py
@@ -0,0 +1,4 @@
+from .settings import *
+
+# set to a small number for easier testing
+CKEDITOR_5_MAX_FILE_SIZE = 0.06