edited230126

app/__init__.py

@@ -1,5 +1,6 @@
 import os
-from flask import Flask
+from flask import Flask, jsonify, request
+from werkzeug.exceptions import RequestEntityTooLarge
 
 from .extensions import db, login_manager
 from .models import User
@@ -18,7 +19,14 @@ def create_app():
     )
     app.config.setdefault("SQLALCHEMY_TRACK_MODIFICATIONS", False)
     app.config.setdefault("UPLOAD_FOLDER", os.path.join(app.root_path, "static", "uploads"))
-    app.config.setdefault("MAX_CONTENT_LENGTH", 500 * 1024 * 1024)  # 500MB
+
+    # NOTE: Videos should be max 250MB.
+    # Flask's MAX_CONTENT_LENGTH applies to the full request payload (multipart includes overhead).
+    # We set this slightly above 250MB to allow for multipart/form fields overhead, while still
+    # blocking excessively large uploads early.
+    app.config.setdefault("MAX_CONTENT_LENGTH", 260 * 1024 * 1024)  # ~260MB request cap
+
+    # Explicit per-video validation lives in the upload route; this app-wide cap is a safety net.
 
     os.makedirs(app.instance_path, exist_ok=True)
     os.makedirs(app.config["UPLOAD_FOLDER"], exist_ok=True)
@@ -40,6 +48,14 @@ def create_app():
                     # Best-effort unique index (SQLite doesn't support adding unique constraints after the fact).
                     db.session.execute(db.text("CREATE UNIQUE INDEX IF NOT EXISTS ix_user_email ON user (email)"))
                     db.session.commit()
+
+                # Displays: ensure optional description column exists.
+                display_cols = [
+                    r[1] for r in db.session.execute(db.text("PRAGMA table_info(display)")).fetchall()
+                ]
+                if "description" not in display_cols:
+                    db.session.execute(db.text("ALTER TABLE display ADD COLUMN description VARCHAR(200)"))
+                    db.session.commit()
         except Exception:
             db.session.rollback()
 
@@ -75,4 +91,25 @@ def create_app():
             return redirect(url_for("admin.dashboard"))
         return redirect(url_for("company.dashboard"))
 
+    @app.errorhandler(RequestEntityTooLarge)
+    def handle_request_too_large(e):
+        """Return a user-friendly message when uploads exceed MAX_CONTENT_LENGTH."""
+        # Keep behavior consistent with our AJAX endpoints.
+        wants_json = (
+            (request.headers.get("X-Requested-With") == "XMLHttpRequest")
+            or ("application/json" in (request.headers.get("Accept") or ""))
+            or request.is_json
+            or (request.form.get("response") == "json")
+        )
+
+        msg = "Upload too large. Videos must be 250MB or smaller."
+        if wants_json:
+            return jsonify({"ok": False, "error": msg}), 413
+
+        # For non-AJAX form posts, redirect back with a flash message.
+        from flask import flash, redirect
+
+        flash(msg, "danger")
+        return redirect(request.referrer or url_for("company.dashboard")), 413
+
     return app