From a47e87d7bc2a62fb4d71c00f03ba673533ed6829 Mon Sep 17 00:00:00 2001
From: Andris Reinman <andris@kreata.ee>
Date: Tue, 12 Apr 2016 22:36:55 -0700
Subject: [PATCH] added max post size option

---
 app.js              | 12 +++++++++---
 config/default.toml |  5 ++---
 lib/passport.js     |  4 +++-
 package.json        |  6 +++---
 4 files changed, 17 insertions(+), 10 deletions(-)

diff --git a/app.js b/app.js
index 4144edb0..b04bd714 100644
--- a/app.js
+++ b/app.js
@@ -114,11 +114,17 @@ app.use(session({
 app.use(flash());
 
 app.use(bodyParser.urlencoded({
-    extended: true
+    extended: true,
+    limit: config.www.postsize
 }));
 
-app.use(bodyParser.text());
-app.use(bodyParser.json());
+app.use(bodyParser.text({
+    limit: config.www.postsize
+}));
+
+app.use(bodyParser.json({
+    limit: config.www.postsize
+}));
 
 passport.setup(app);
 
diff --git a/config/default.toml b/config/default.toml
index 14b26037..8df7f198 100644
--- a/config/default.toml
+++ b/config/default.toml
@@ -15,9 +15,8 @@ remember=2592000 # 30 days
 log="dev"
 # is the server behind a proxy? true/false
 proxy=true
-
-[paging]
-size=20
+# maximum POST body size
+postsize="2MB"
 
 [mysql]
 host="localhost"
diff --git a/lib/passport.js b/lib/passport.js
index d3882d64..111f24a1 100644
--- a/lib/passport.js
+++ b/lib/passport.js
@@ -1,5 +1,6 @@
 'use strict';
 
+let config = require('config');
 let passport = require('passport');
 let LocalStrategy = require('passport-local').Strategy;
 let csrf = require('csurf');
@@ -11,7 +12,8 @@ module.exports.csrfProtection = csrf({
 });
 
 module.exports.parseForm = bodyParser.urlencoded({
-    extended: false
+    extended: false,
+    limit: config.www.postsize
 });
 
 module.exports.setup = app => {
diff --git a/package.json b/package.json
index 07cbf078..bb2b5ba0 100644
--- a/package.json
+++ b/package.json
@@ -29,7 +29,7 @@
     "body-parser": "^1.15.0",
     "bounce-handler": "^7.3.2-fork.0",
     "compression": "^1.6.1",
-    "config": "^1.20.0",
+    "config": "^1.20.1",
     "connect-flash": "^0.1.1",
     "connect-redis": "^3.0.2",
     "cookie-parser": "^1.4.1",
@@ -46,11 +46,11 @@
     "morgan": "^1.7.0",
     "multer": "^1.1.0",
     "mysql": "^2.10.2",
-    "nodemailer": "^2.3.1",
+    "nodemailer": "^2.3.2",
     "npmlog": "^2.0.3",
     "passport": "^0.3.2",
     "passport-local": "^1.0.0",
-    "request": "^2.70.0",
+    "request": "^2.71.0",
     "serve-favicon": "^2.3.0",
     "shortid": "^2.2.6",
     "slugify": "^0.1.1",