cli: enforce profile image size limit in --user-image-file

Reject the file if the encoded data URL exceeds 12500 bytes - matches
the cap mobile and desktop UIs pass to resizeImageToStrSize for profile
images. Without this, oversized images would be silently set on the
user profile.
This commit is contained in:
shum
2026-05-05 07:52:40 +00:00
parent 7a28ed0e9d
commit 33829d5576
+6 -1
View File
@@ -228,9 +228,14 @@ loadImageFile path = case map toLower (takeExtension path) of
".jpeg" -> readAs "image/jpg"
ext -> pure $ Left $ "--user-image-file: unsupported image extension " <> show ext <> " (only .png, .jpg, .jpeg)"
where
-- matches the cap mobile/desktop UIs pass to resizeImageToStrSize for profile images
maxProfileImageSize = 12500
readAs mime = do
bs <- BS.readFile path
pure $ Right $ ImageData $ "data:" <> mime <> ";base64," <> decodeUtf8 (B64.encode bs)
let url = "data:" <> mime <> ";base64," <> decodeUtf8 (B64.encode bs)
pure $ if T.length url > maxProfileImageSize
then Left $ "--user-image-file: encoded image size " <> show (T.length url) <> " bytes exceeds max " <> show maxProfileImageSize <> " bytes"
else Right $ ImageData url
userStr :: User -> String
userStr User {localDisplayName, profile = LocalProfile {fullName}} =