Use RequestSizeLimit for all file upload endpoints (#1507)

* Enforce upload size limits via RequestSizeLimit instead of if statements
* 101mb limit for legacy uploads, 501mb limit for all other
* Only allow v2 local storage for self-hosted instances

src/Api/Controllers/CiphersController.cs

@@ -8,6 +8,7 @@ using Bit.Core.Models.Api;
 using Bit.Core.Exceptions;
 using Bit.Core.Services;
 using Bit.Core.Context;
+using Bit.Core.Utilities;
 using Bit.Api.Utilities;
 using System.Collections.Generic;
 using Bit.Core.Models.Table;
@@ -594,7 +595,7 @@ namespace Bit.Api.Controllers
                 throw new NotFoundException();
             }
 
-            if (request.FileSize > CipherService.MAX_FILE_SIZE && !_globalSettings.SelfHosted)
+            if (request.FileSize > CipherService.MAX_FILE_SIZE)
             {
                 throw new BadRequestException($"Max file size is {CipherService.MAX_FILE_SIZE_READABLE}.");
             }
@@ -632,6 +633,7 @@ namespace Bit.Api.Controllers
         }
 
         [HttpPost("{id}/attachment/{attachmentId}")]
+        [SelfHosted(SelfHostedOnly = true)]
         [RequestSizeLimit(Constants.FileSize501mb)]
         [DisableFormValueModelBinding]
         public async Task PostFileForExistingAttachment(string id, string attachmentId)
@@ -641,11 +643,6 @@ namespace Bit.Api.Controllers
                 throw new BadRequestException("Invalid content.");
             }
 
-            if (!_globalSettings.SelfHosted)
-            {
-                throw new BadRequestException("Invalid endpoint for non self-hosted servers.");
-            }
-
             var userId = _userService.GetProperUserId(User).Value;
             var cipher = await _cipherRepository.GetByIdAsync(new Guid(id), userId);
             var attachments = cipher?.GetAttachments();
@@ -662,6 +659,7 @@ namespace Bit.Api.Controllers
         }
 
         [HttpPost("{id}/attachment")]
+        [Obsolete("Deprecated Attachments API", false)]
         [RequestSizeLimit(Constants.FileSize101mb)]
         [DisableFormValueModelBinding]
         public async Task<CipherResponseModel> PostAttachment(string id)
@@ -814,11 +812,6 @@ namespace Bit.Api.Controllers
             {
                 throw new BadRequestException("Invalid content.");
             }
-
-            if (Request.ContentLength > Constants.FileSize101mb)
-            {
-                throw new BadRequestException("Max file size is 100 MB.");
-            }
         }
     }
 }

src/Api/Controllers/SendsController.cs

@@ -167,6 +167,7 @@ namespace Bit.Api.Controllers
         }
 
         [HttpPost("file")]
+        [Obsolete("Deprecated File Send API", false)]
         [RequestSizeLimit(Constants.FileSize101mb)]
         [DisableFormValueModelBinding]
         public async Task<SendResponseModel> PostFile()
@@ -176,11 +177,6 @@ namespace Bit.Api.Controllers
                 throw new BadRequestException("Invalid content.");
             }
 
-            if (Request.ContentLength > Constants.FileSize101mb)
-            {
-                throw new BadRequestException("Max file size is 100 MB.");
-            }
-
             Send send = null;
             await Request.GetSendFileAsync(async (stream, fileName, model) =>
             {
@@ -250,6 +246,7 @@ namespace Bit.Api.Controllers
         }
 
         [HttpPost("{id}/file/{fileId}")]
+        [SelfHosted(SelfHostedOnly = true)]
         [RequestSizeLimit(Constants.FileSize501mb)]
         [DisableFormValueModelBinding]
         public async Task PostFileForExistingSend(string id, string fileId)
@@ -259,11 +256,6 @@ namespace Bit.Api.Controllers
                 throw new BadRequestException("Invalid content.");
             }
 
-            if (Request.ContentLength > Constants.FileSize101mb && !_globalSettings.SelfHosted)
-            {
-                throw new BadRequestException("Max file size for direct upload is 100 MB.");
-            }
-
             var send = await _sendRepository.GetByIdAsync(new Guid(id));
             await Request.GetFileAsync(async (stream) =>
             {