From b862f35dde8eb235f7e0f5f3075a3bde196b2b95 Mon Sep 17 00:00:00 2001
From: Johannes <labahn@Optimal-systems.org>
Date: Thu, 12 Mar 2026 14:00:50 -1100
Subject: [PATCH] Refuse uploads when saves folder exceeds 1 GB

---
 app.py | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/app.py b/app.py
index 0cd1dd3..344def5 100644
--- a/app.py
+++ b/app.py
@@ -22,6 +22,13 @@ def get_hash_path(name):
     return os.path.join(SAVES_DIR, safe_filename(name).replace(".puC", ".hash"))
 
 
+QUOTA_BYTES = 1 * 1024 ** 3  # 1 GB
+
+
+def get_dir_size():
+    return sum(os.path.getsize(os.path.join(SAVES_DIR, f)) for f in os.listdir(SAVES_DIR))
+
+
 def check_password(name, req):
     hash_path = get_hash_path(name)
     if not os.path.exists(hash_path):
@@ -58,6 +65,10 @@ def store_save(name):
     data = request.get_data()
     if not data:
         abort(400, "No data")
+    existing = os.path.join(SAVES_DIR, safe_filename(name))
+    existing_size = os.path.getsize(existing) if os.path.exists(existing) else 0
+    if get_dir_size() - existing_size + len(data) > QUOTA_BYTES:
+        abort(507, "Storage quota exceeded")
     with open(os.path.join(SAVES_DIR, filename), "wb") as f:
         f.write(data)
     ph = request.headers.get("X-Password-Hash", "")