From f55f67ee0ad6cdb173541a93731d41a46e5cf0ba Mon Sep 17 00:00:00 2001
From: Tobias Bieniek <tobias@bieniek.cloud>
Date: Wed, 27 Nov 2024 21:00:25 +0100
Subject: [PATCH 1/3] config/server: Change `max_upload_size` to `u32`

A higher value isn't possible anyway due to the way the publish endpoint was designed...
---
 src/config/server.rs                | 2 +-
 src/controllers/krate/publish.rs    | 2 +-
 src/tests/krate/publish/max_size.rs | 4 ++--
 src/util.rs                         | 9 +++++----
 4 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/src/config/server.rs b/src/config/server.rs
index 8f59f94aedf..0262c4ce6bf 100644
--- a/src/config/server.rs
+++ b/src/config/server.rs
@@ -41,7 +41,7 @@ pub struct Server {
     pub session_key: cookie::Key,
     pub gh_client_id: ClientId,
     pub gh_client_secret: ClientSecret,
-    pub max_upload_size: u64,
+    pub max_upload_size: u32,
     pub max_unpack_size: u64,
     pub max_dependencies: usize,
     pub max_features: usize,
diff --git a/src/controllers/krate/publish.rs b/src/controllers/krate/publish.rs
index f44a78ea6c6..ed1694309d3 100644
--- a/src/controllers/krate/publish.rs
+++ b/src/controllers/krate/publish.rs
@@ -152,7 +152,7 @@ pub async fn publish(app: AppState, req: Parts, body: Body) -> AppResult<Json<Go
         app.config.max_unpack_size,
     );
 
-    let tarball_bytes = read_tarball_bytes(&mut reader, maximums.max_upload_size as u32).await?;
+    let tarball_bytes = read_tarball_bytes(&mut reader, maximums.max_upload_size).await?;
     let content_length = tarball_bytes.len() as u64;
 
     let pkg_name = format!("{}-{}", &*metadata.name, &version_string);
diff --git a/src/tests/krate/publish/max_size.rs b/src/tests/krate/publish/max_size.rs
index 0ae2df8ea82..7ed194a78cc 100644
--- a/src/tests/krate/publish/max_size.rs
+++ b/src/tests/krate/publish/max_size.rs
@@ -12,7 +12,7 @@ async fn tarball_between_default_axum_limit_and_max_upload_size() {
     let (app, _, _, token) = TestApp::full()
         .with_config(|config| {
             config.max_upload_size = max_upload_size;
-            config.max_unpack_size = max_upload_size;
+            config.max_unpack_size = max_upload_size as u64;
         })
         .with_token()
         .await;
@@ -65,7 +65,7 @@ async fn tarball_bigger_than_max_upload_size() {
     let (app, _, _, token) = TestApp::full()
         .with_config(|config| {
             config.max_upload_size = max_upload_size;
-            config.max_unpack_size = max_upload_size;
+            config.max_unpack_size = max_upload_size as u64;
         })
         .with_token()
         .await;
diff --git a/src/util.rs b/src/util.rs
index 65b9ae36ff0..9b241aa4e23 100644
--- a/src/util.rs
+++ b/src/util.rs
@@ -15,18 +15,19 @@ pub mod tracing;
 
 #[derive(Debug, Copy, Clone)]
 pub struct Maximums {
-    pub max_upload_size: u64,
+    pub max_upload_size: u32,
     pub max_unpack_size: u64,
 }
 
 impl Maximums {
     pub fn new(
         krate_max_upload: Option<i32>,
-        app_max_upload: u64,
+        app_max_upload: u32,
         app_max_unpack: u64,
     ) -> Maximums {
-        let max_upload_size = krate_max_upload.map(|m| m as u64).unwrap_or(app_max_upload);
-        let max_unpack_size = cmp::max(app_max_unpack, max_upload_size);
+        let krate_max_upload = krate_max_upload.and_then(|m| u32::try_from(m).ok());
+        let max_upload_size = krate_max_upload.unwrap_or(app_max_upload);
+        let max_unpack_size = cmp::max(app_max_unpack, max_upload_size as u64);
         Maximums {
             max_upload_size,
             max_unpack_size,

From 4312354e63d1c6b86356d92d69de79f556ea2419 Mon Sep 17 00:00:00 2001
From: Tobias Bieniek <tobias@bieniek.cloud>
Date: Wed, 27 Nov 2024 21:07:24 +0100
Subject: [PATCH 2/3] controllers/krate/publish: Inline `Maximums` calculation

This is only used in the publish endpoint, and can apparently be written quite a bit more concise... :D
---
 src/controllers/krate/publish.rs | 17 ++++++++---------
 src/util.rs                      | 24 ------------------------
 2 files changed, 8 insertions(+), 33 deletions(-)

diff --git a/src/controllers/krate/publish.rs b/src/controllers/krate/publish.rs
index ed1694309d3..343e728efb7 100644
--- a/src/controllers/krate/publish.rs
+++ b/src/controllers/krate/publish.rs
@@ -37,7 +37,6 @@ use crate::rate_limiter::LimitedAction;
 use crate::schema::*;
 use crate::sql::canon_crate_name;
 use crate::util::errors::{bad_request, custom, internal, AppResult, BoxedAppError};
-use crate::util::Maximums;
 use crate::views::{
     EncodableCrate, EncodableCrateDependency, GoodCrate, PublishMetadata, PublishWarnings,
 };
@@ -146,18 +145,18 @@ pub async fn publish(app: AppState, req: Parts, body: Body) -> AppResult<Json<Go
         .check_rate_limit(auth.user().id, rate_limit_action, &mut conn)
         .await?;
 
-    let maximums = Maximums::new(
-        existing_crate.as_ref().and_then(|c| c.max_upload_size),
-        app.config.max_upload_size,
-        app.config.max_unpack_size,
-    );
+    let max_upload_size = existing_crate
+        .as_ref()
+        .and_then(|c| c.max_upload_size)
+        .and_then(|m| u32::try_from(m).ok())
+        .unwrap_or(app.config.max_upload_size);
 
-    let tarball_bytes = read_tarball_bytes(&mut reader, maximums.max_upload_size).await?;
+    let tarball_bytes = read_tarball_bytes(&mut reader, max_upload_size).await?;
     let content_length = tarball_bytes.len() as u64;
 
     let pkg_name = format!("{}-{}", &*metadata.name, &version_string);
-    let tarball_info =
-        process_tarball(&pkg_name, &*tarball_bytes, maximums.max_unpack_size).await?;
+    let max_unpack_size = std::cmp::max(app.config.max_unpack_size, max_upload_size as u64);
+    let tarball_info = process_tarball(&pkg_name, &*tarball_bytes, max_unpack_size).await?;
 
     // `unwrap()` is safe here since `process_tarball()` validates that
     // we only accept manifests with a `package` section and without
diff --git a/src/util.rs b/src/util.rs
index 9b241aa4e23..39f25b3014d 100644
--- a/src/util.rs
+++ b/src/util.rs
@@ -1,5 +1,3 @@
-use std::cmp;
-
 pub use self::bytes_request::BytesRequest;
 pub use self::io_util::{read_fill, read_le_u32};
 pub use self::request_helpers::*;
@@ -12,25 +10,3 @@ mod request_helpers;
 pub mod rfc3339;
 pub mod token;
 pub mod tracing;
-
-#[derive(Debug, Copy, Clone)]
-pub struct Maximums {
-    pub max_upload_size: u32,
-    pub max_unpack_size: u64,
-}
-
-impl Maximums {
-    pub fn new(
-        krate_max_upload: Option<i32>,
-        app_max_upload: u32,
-        app_max_unpack: u64,
-    ) -> Maximums {
-        let krate_max_upload = krate_max_upload.and_then(|m| u32::try_from(m).ok());
-        let max_upload_size = krate_max_upload.unwrap_or(app_max_upload);
-        let max_unpack_size = cmp::max(app_max_unpack, max_upload_size as u64);
-        Maximums {
-            max_upload_size,
-            max_unpack_size,
-        }
-    }
-}

From 9fdeaa6dac2d5530eb877c99dc614efa9330c9fd Mon Sep 17 00:00:00 2001
From: Tobias Bieniek <tobias@bieniek.cloud>
Date: Thu, 28 Nov 2024 10:29:28 +0100
Subject: [PATCH 3/3] models/krate: Extract `max_upload_size()` fn

---
 src/controllers/krate/publish.rs | 3 +--
 src/models/krate.rs              | 7 ++++++-
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/src/controllers/krate/publish.rs b/src/controllers/krate/publish.rs
index 343e728efb7..1a72bf650d6 100644
--- a/src/controllers/krate/publish.rs
+++ b/src/controllers/krate/publish.rs
@@ -147,8 +147,7 @@ pub async fn publish(app: AppState, req: Parts, body: Body) -> AppResult<Json<Go
 
     let max_upload_size = existing_crate
         .as_ref()
-        .and_then(|c| c.max_upload_size)
-        .and_then(|m| u32::try_from(m).ok())
+        .and_then(|c| c.max_upload_size())
         .unwrap_or(app.config.max_upload_size);
 
     let tarball_bytes = read_tarball_bytes(&mut reader, max_upload_size).await?;
diff --git a/src/models/krate.rs b/src/models/krate.rs
index f423595dc29..86aea511ee3 100644
--- a/src/models/krate.rs
+++ b/src/models/krate.rs
@@ -52,7 +52,7 @@ pub struct Crate {
     pub homepage: Option<String>,
     pub documentation: Option<String>,
     pub repository: Option<String>,
-    pub max_upload_size: Option<i32>,
+    max_upload_size: Option<i32>,
     pub max_features: Option<i16>,
 }
 
@@ -156,6 +156,11 @@ impl<'a> NewCrate<'a> {
 }
 
 impl Crate {
+    pub fn max_upload_size(&self) -> Option<u32> {
+        self.max_upload_size
+            .and_then(|size| u32::try_from(size).ok())
+    }
+
     /// SQL filter based on whether the crate's name loosely matches the given
     /// string.
     ///