From fe28b4c3d34fcc22c41c8a5ed08ff8dc3525e9b6 Mon Sep 17 00:00:00 2001
From: 0xK2 <65908739+thomas192@users.noreply.github.com>
Date: Thu, 18 Apr 2024 19:50:10 +0200
Subject: [PATCH] Updated addTemplateImg(): dimension check (#59)

---
 backend/routes/templates.go | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/backend/routes/templates.go b/backend/routes/templates.go
index 090e58e1..88e5a9b8 100644
--- a/backend/routes/templates.go
+++ b/backend/routes/templates.go
@@ -3,6 +3,8 @@ package routes
 import (
 	"encoding/json"
 	"fmt"
+	"image"
+	_ "image/png"
 	"io"
 	"io/ioutil"
 	"net/http"
@@ -42,8 +44,6 @@ func imageToPixelData(imageData []byte) []byte {
 }
 
 func addTemplateImg(w http.ResponseWriter, r *http.Request) {
-	// TODO: Limit file size / proportions between 5x5 and 64x64
-	// Passed like this curl -F "image=@art-peace-low-res-goose.jpg" http://localhost:8080/addTemplateImg
 	file, _, err := r.FormFile("image")
 	if err != nil {
 		panic(err)
@@ -58,6 +58,19 @@ func addTemplateImg(w http.ResponseWriter, r *http.Request) {
 	}
 	defer tempFile.Close()
 
+	// Decode the image to check dimensions
+	img, format, err := image.Decode(file)
+	if err != nil {
+		http.Error(w, "Failed to decode the image: "+err.Error()+" - format: "+format, http.StatusBadRequest)
+		return
+	}
+	bounds := img.Bounds()
+	width, height := bounds.Max.X-bounds.Min.X, bounds.Max.Y-bounds.Min.Y
+	if width < 5 || width > 50 || height < 5 || height > 50 {
+		http.Error(w, fmt.Sprintf("Image dimensions out of allowed range (5x5 to 50x50). Uploaded image size: %dx%d", width, height), http.StatusBadRequest)
+		return
+	}
+
 	// Read all data from the uploaded file and write it to the temporary file
 	fileBytes, err := ioutil.ReadAll(file)
 	if err != nil {