feat: multipart manga + chapter uploads with magic-byte MIME sniff

POST /api/v1/mangas and POST /api/v1/mangas/{id}/chapters now accept multipart/form-data, gated by CurrentUser: - /mangas: required `metadata` part (NewManga JSON) + optional `cover` image part. - /mangas/{id}/chapters: required `metadata` (NewChapter JSON) + one or more `page` parts ordered by arrival. Returns 404 if the parent manga doesn't exist, 409 on duplicate (manga_id, number). MIME is sniffed via the `infer` crate (magic bytes), not the client-supplied filename or Content-Type. Whitelist: jpeg / png / webp / gif / avif. Anything else → 415 unsupported_media_type. The stored key's extension is derived from the sniffed type so a "page1.png" that's actually a JPEG lands as `.jpg`. Size cap is two-layer: - Request body cap (config.max_request_bytes, default 200 MiB) enforced by axum's DefaultBodyLimit before the handler sees the request. - Per-image-part cap (config.max_file_bytes, default 20 MiB) enforced after reading the part, so a single oversized image can't pass even if the total request fits. Storage keys follow the layout documented in CLAUDE.md: - mangas/{manga_id}/cover.{ext} - mangas/{manga_id}/chapters/{chapter_id}/pages/{nnnn}.{ext} (1-indexed). AppError grows PayloadTooLarge/UnsupportedMediaType/ValidationFailed (413 / 415 / 422). ValidationFailed carries a `details` JSON object the client can use to highlight bad fields (e.g. {"title":"required"}). Top-level matching in code() stays exhaustive. Backend coverage in tests/api_uploads.rs (10 cases): - create_manga_with_cover_stores_image — file is reachable via /api/v1/files/{key} with the right Content-Type. - create_manga_without_cover_leaves_path_null. - create_manga_rejects_non_image_cover_with_415 — PDF claimed as png. - create_manga_rejects_oversized_cover_with_413. - create_chapter_with_pages_stores_each — extension derived from sniffed MIME, files reachable in arrival order. - create_chapter_rejects_when_no_pages_with_422 — details.page set. - create_chapter_rejects_renamed_non_image_page → 415. - create_chapter_returns_409_on_duplicate_number. - create_chapter_requires_authentication → 401. - create_chapter_under_unknown_manga_is_404. Existing tests/api_mangas.rs is migrated to multipart; the create response is now 201 Created. tests/common::MultipartBuilder builds the body by hand so the test crate stays free of HTTP-client deps. Frontend lib/api/mangas.ts: createManga now sends FormData (metadata + optional cover Blob). Browser fills in the boundary header automatically. Vitest asserts the FormData structure via FileReader (jsdom doesn't implement Blob.text()). E2E tests wait for the post-hydration nav-login link before interacting with the login form, fixing a flake where pre-hydration clicks would submit via the browser default and bypass our handler. Lockstep version bump to 0.5.0. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-16 22:21:10 +02:00
parent 2f9912533f
commit a92f6f70e2
17 changed files with 931 additions and 75 deletions
--- a/backend/src/config.rs
+++ b/backend/src/config.rs
@@ -17,12 +17,33 @@ impl Default for AuthConfig {
    }
 }

+#[derive(Clone, Debug)]
+pub struct UploadConfig {
+    /// Total request size cap, enforced by axum's DefaultBodyLimit on the
+    /// upload routes. Rejected requests get a 413.
+    pub max_request_bytes: usize,
+    /// Per-image-part size cap, enforced after the part is read. Lets us
+    /// reject a single oversized cover/page without failing the whole
+    /// request just because the total happens to fit.
+    pub max_file_bytes: usize,
+}
+
+impl Default for UploadConfig {
+    fn default() -> Self {
+        Self {
+            max_request_bytes: 200 * 1024 * 1024, // 200 MiB
+            max_file_bytes: 20 * 1024 * 1024,     // 20 MiB
+        }
+    }
+}
+
 #[derive(Clone, Debug)]
 pub struct Config {
    pub database_url: String,
    pub bind_address: String,
    pub storage_dir: PathBuf,
    pub auth: AuthConfig,
+    pub upload: UploadConfig,
    pub cors_allowed_origins: Vec<String>,
 }

@@ -43,6 +64,10 @@ impl Config {
                    .filter(|s| !s.is_empty()),
                session_ttl_days: env_i64("SESSION_TTL_DAYS", 30),
            },
+            upload: UploadConfig {
+                max_request_bytes: env_usize("MAX_REQUEST_BYTES", 200 * 1024 * 1024),
+                max_file_bytes: env_usize("MAX_FILE_BYTES", 20 * 1024 * 1024),
+            },
            cors_allowed_origins: std::env::var("CORS_ALLOWED_ORIGINS")
                .ok()
                .map(|s| {
@@ -70,3 +95,10 @@ fn env_i64(name: &str, default: i64) -> i64 {
        .and_then(|s| s.parse().ok())
        .unwrap_or(default)
 }
+
+fn env_usize(name: &str, default: usize) -> usize {
+    std::env::var(name)
+        .ok()
+        .and_then(|s| s.parse().ok())
+        .unwrap_or(default)
+}