From 579c76b695ecf907abd69c8d0f55cfd6267a3593 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Muhammed=20Tanr=C4=B1kulu?= <md.tanrikulu@gmail.com>
Date: Fri, 5 Aug 2022 01:19:44 +0200
Subject: [PATCH] add config to restrict maximum content length

---
 src/config.ts         | 4 ++++
 src/service/avatar.ts | 4 ++--
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/config.ts b/src/config.ts
index 793ccb9..a6fae0c 100644
--- a/src/config.ts
+++ b/src/config.ts
@@ -28,6 +28,9 @@ const ETH_REGISTRY_ABI = [
 // response timeout: 1 min
 const RESPONSE_TIMEOUT = 60 * 1000;
 
+// avatar cannot be greater than 50mb
+const MAX_CONTENT_LENGTH = 50000000;
+
 export {
   ADDRESS_ETH_REGISTRAR,
   ADDRESS_ETH_REGISTRY,
@@ -39,6 +42,7 @@ export {
   INAMEWRAPPER,
   IPFS_GATEWAY,
   INFURA_API_KEY,
+  MAX_CONTENT_LENGTH,
   RESPONSE_TIMEOUT,
   SERVER_URL,
 };
diff --git a/src/service/avatar.ts b/src/service/avatar.ts
index 95dc323..a992081 100644
--- a/src/service/avatar.ts
+++ b/src/service/avatar.ts
@@ -8,7 +8,7 @@ import {
   RetrieveURIFailed,
   TextRecordNotFound,
 }                           from '../base';
-import { IPFS_GATEWAY }     from '../config';
+import { IPFS_GATEWAY, MAX_CONTENT_LENGTH }     from '../config';
 
 const window = new JSDOM('').window;
 
@@ -75,7 +75,7 @@ export class AvatarMetadata {
     }
 
     if (avatarURI?.startsWith('http')) {
-      const response = await fetch(avatarURI);
+      const response = await fetch(avatarURI, { size: MAX_CONTENT_LENGTH });
 
       assert(response, 'Response is empty');