--- a/plugins/mod_http_file_share.lua	Tue Jan 26 14:52:37 2021 +0100
+++ b/plugins/mod_http_file_share.lua	Tue Jan 26 14:53:24 2021 +0100
@@ -14,6 +14,7 @@
 local dm = require "core.storagemanager".olddm;
 local jwt = require "util.jwt";
 local errors = require "util.error";
+local dataform = require "util.dataforms".new;
 
 local namespace = "urn:xmpp:http:upload:0";
 
@@ -27,6 +28,7 @@
 
 local secret = module:get_option_string(module.name.."_secret", require"util.id".long());
 local external_base_url = module:get_option_string(module.name .. "_base_url");
+local file_size_limit = module:get_option_number(module.name .. "_size_limit", 10 * 1024 * 1024); -- 10 MB
 
 local access = module:get_option_set(module.name .. "_access", {});
 
@@ -34,9 +36,16 @@
 	module:depends("http");
 end
 
+module:add_extension(dataform {
+	{ name = "FORM_TYPE", type = "hidden", value = namespace },
+	{ name = "max-file-size", type = "text-single" },
+}:form({ ["max-file-size"] = tostring(file_size_limit) }, "result"));
+
 local upload_errors = errors.init(module.name, namespace, {
 	access = { "auth"; "forbidden" };
 	filename = { "modify"; "bad-request", "Invalid filename" };
+	filesize = { "modify"; "not-acceptable"; "File too large";
+		st.stanza("file-too-large", {xmlns = namespace}):tag("max-size"):text(tostring(file_size_limit)); };
 });
 
 function may_upload(uploader, filename, filesize, filetype) -- > boolean, error
@@ -50,6 +59,10 @@
 		return false, upload_errors.new("filename");
 	end
 
+	if filesize > file_size_limit then
+		return false, upload_errors.new("filesize");
+	end
+
 	return true;
 end