screwdriver-api 7.0.223 → 7.0.224

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/config/custom-environment-variables.yaml +3 -0
  2. package/config/default.yaml +3 -0
  3. package/lib/server.js +2 -0
  4. package/package.json +1 -1
  5. package/plugins/builds/artifacts/get.js +18 -0
package/config/custom-environment-variables.yaml CHANGED
@@ -489,6 +489,9 @@ build:
489
489
  environment:
490
490
  __name: CLUSTER_ENVIRONMENT_VARIABLES
491
491
  __format: json
492
+ artifacts:
493
+ # max artifact download size (in GB)
494
+ maxDownloadSize: MAX_DOWNLOAD_SIZE
492
495
 
493
496
  rateLimit:
494
497
  __name: RATE_LIMIT_VARIABLES
package/config/default.yaml CHANGED
@@ -390,6 +390,9 @@ log:
390
390
  build:
391
391
  environment:
392
392
  SD_VERSION: 4
393
+ artifacts:
394
+ # max artifact download size (in GB)
395
+ maxDownloadSize: 2
393
396
 
394
397
  rateLimit:
395
398
  # set true to enable rate limiting on auth token
package/lib/server.js CHANGED
@@ -211,6 +211,8 @@ module.exports = async config => {
211
211
  expiresIn
212
212
  );
213
213
  server.app.buildFactory.executor.tokenGen = server.app.buildFactory.tokenGen;
214
+ server.app.buildFactory.maxDownloadSize =
215
+ parseInt(config.build.artifacts.maxDownloadSize, 10) * 1024 * 1024 * 1024;
214
216
 
215
217
  server.app.jobFactory.apiUri = server.info.uri;
216
218
  server.app.jobFactory.tokenGen = (username, metadata, scmContext, scope = ['user']) =>
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "screwdriver-api",
3
- "version": "7.0.223",
3
+ "version": "7.0.224",
4
4
  "description": "API server for the Screwdriver.cd service",
5
5
  "main": "index.js",
6
6
  "scripts": {
package/plugins/builds/artifacts/get.js CHANGED
@@ -31,6 +31,7 @@ module.exports = config => ({
31
31
  const { credentials } = req.auth;
32
32
  const { canAccessPipeline } = req.server.plugins.pipelines;
33
33
  const { buildFactory, eventFactory } = req.server.app;
34
+ const { maxDownloadSize } = buildFactory;
34
35
 
35
36
  return buildFactory.get(buildId)
36
37
  .then(build => {
@@ -70,6 +71,23 @@ module.exports = config => ({
70
71
  }).text();
71
72
  const manifestArray = manifest.trim().split('\n');
72
73
  const directoryArray = manifestArray.filter(f => f.startsWith(`./${artifact}/`));
74
+ let totalSize = 0;
75
+
76
+ // Check file sizes by fetching metadata
77
+ for (const file of directoryArray) {
78
+ if (file) {
79
+ const fileMetaResponse = await request.head(`${baseUrl}/${file}?token=${token}&type=download`);
80
+ const fileSize = parseInt(fileMetaResponse.headers['content-length'], 10);
81
+
82
+ // Accumulate total size
83
+ totalSize += fileSize;
84
+
85
+ // If total size exceeds allowed limit, stop further processing
86
+ if (totalSize > maxDownloadSize) {
87
+ throw new Error(`Total size of files exceeds the allowed limit of ${maxDownloadSize/1024/1024/1024}GB.`);
88
+ }
89
+ }
90
+ }
73
91
 
74
92
  // Create a stream and set up archiver
75
93
  const archive = archiver('zip', { zlib: { level: 9 } });