fix content limits and overwrite on hash collision

app/rest/pyapi.py

@@ -136,10 +136,17 @@ def clip():
     
     if request.method == 'POST':
         if 'paste' not in request.params:
-            return abort(400, "Missing arameter: 'paste'")
+            return abort(400, "Missing parameter: 'paste'")
+        
+        # TODO: what is correct overhead for form content?
+        OVERHEAD = 1024
+        if 'paste' not in request.query and request.content_length == -1 or request.content_length > CLIP_SIZE_LIMIT + OVERHEAD:
+            return abort(418, f"Paste size can not exceed {CLIP_SIZE_LIMIT}")
+        
         content = request.params['paste'].encode('utf-8')
         if len(content) > CLIP_SIZE_LIMIT:
-            return abort(413, f"Paste size can not exceed {CLIP_SIZE_LIMIT}")
+            return abort(418, f"Paste size can not exceed {CLIP_SIZE_LIMIT}")
+        
         _bytes = blake(content, person='clip'.encode('utf-8'))
         _b32 = bytes_to_base32(_bytes)
         directory = f'app/rest/static/{_b32}'
@@ -147,7 +154,7 @@ def clip():
             os.mkdir(directory, mode=0o700, dir_fd=None)
         except FileExistsError:
             pass
-        fd = os.open(f'{directory}/{_b32}.file', os.O_WRONLY | os.O_CREAT, 0o600)
+        fd = os.open(f'{directory}/{_b32}.file', os.O_WRONLY | os.O_TRUNC | os.O_CREAT, 0o600)
         with open(fd, "wb") as f:
             f.write(content)