BC-11223 - Add CSV file size limit (#3750)

cdarsow · web-flow · commit 4e83229df99e · 2026-02-05T10:38:45.000+01:00
diff --git a/config/default.schema.json b/config/default.schema.json
@@ -569,6 +569,11 @@
 				"MAX_FILE_SIZE"
 			]
 		},
+        "CSV_IMPORT_MAX_FILE_SIZE": {
+            "type": "integer",
+            "default": 512000,
+            "description": "Maximum file size for incoming requests in Byte, sync with nginx config"
+        },
 		"FEATURE_CONSENT_NECESSARY": {
 			"type": "boolean",
 			"default": true,
diff --git a/controllers/administration.js b/controllers/administration.js
@@ -18,7 +18,10 @@ const redirectHelper = require('../helpers/redirect');
 const timesHelper = require('../helpers/timesHelper');
 
 const router = express.Router();
-const upload = multer({ storage: multer.memoryStorage() });
+const upload = multer({
+	storage: multer.memoryStorage(),
+	limits: { fileSize: Configuration.get('CSV_IMPORT_MAX_FILE_SIZE') },
+});
 
 const { HOST, CONSENT_WITHOUT_PARENTS_MIN_AGE_YEARS } = require('../config/global');
 const { isUserHidden } = require('../helpers/users');
diff --git a/locales/de.json b/locales/de.json
@@ -280,6 +280,7 @@
 		"form_Import": {
 			"label": {
 				"selectCSVFile": "CSV-Datei auswählen",
+                "fileSizeInfo" : "max. Dateigröße",
 				"sendRegistrationLinkToUsers": "Registrierungslinks sofort nach Import an Nutzer:in senden"
 			},
 			"text": {
diff --git a/locales/en.json b/locales/en.json
@@ -280,6 +280,7 @@
 		"form_Import": {
 			"label": {
 				"selectCSVFile": "Select CSV file",
+                "fileSizeInfo" : "max file size",
 				"sendRegistrationLinkToUsers": "Send registration links to users immediately after import"
 			},
 			"text": {
diff --git a/locales/es.json b/locales/es.json
@@ -280,6 +280,7 @@
 		"form_Import": {
 			"label": {
 				"selectCSVFile": "Seleccionar archivo CSV",
+                "fileSizeInfo" : "tamaño máximo de archivo",
 				"sendRegistrationLinkToUsers": "Enviar enlaces de registro a los usuarios inmediatamente después de la importación"
 			},
 			"text": {
diff --git a/locales/uk.json b/locales/uk.json
@@ -979,6 +979,7 @@
 		"form_Import": {
 			"label": {
 				"selectCSVFile": "Вибрати CSV-файл",
+                "fileSizeInfo" : "максимальний розмір файлу",
 				"sendRegistrationLinkToUsers": "Відразу після імпорту надсилайте користувачам посилання для реєстрації"
 			},
 			"text": {
diff --git a/views/administration/forms/form-import.hbs b/views/administration/forms/form-import.hbs
@@ -9,7 +9,7 @@
     <img src="{{getAssetPath '/images/csv_example.png'}}" />
 </p>
 <div class="form-group">
-    <label>{{$t "administration.form_Import.label.selectCSVFile" }}</label>
+    <label>{{$t "administration.form_Import.label.selectCSVFile" }} ({{$t "administration.form_Import.label.fileSizeInfo" }} {{ writeFileSizePretty (getConfig "CSV_IMPORT_MAX_FILE_SIZE") }})</label>
     <input class="form-control" name="csvFile" type="file" required />
 </div>
 <div class="form-group">
