1 files changed, 12 insertions, 3 deletions

diff --git a/pastiche.lisp b/pastiche.lisp
index 1da7e18..90aafdb 100644
--- a/pastiche.lisp
+++ b/pastiche.lisp
@@ -254,9 +254,12 @@ from make-paste-filename."))
     (key :type string :initform (error "key is required"))
     :documentation "Mixin for endpoint classes that require a known key")
 
-  (defmethod http:authorize ((ep has-known-key))
+  (defmethod http:authenticate ((ep has-known-key))
     (member (key ep) (known-keys*) :test #'equal)))
 
+(def:const +paste-length-limit+ (* 1024 1024)
+  "Limited to 1mb")
+
 (http:defendpoint create-paste
   :using has-known-key
   :post :to "create" "paste"
@@ -265,8 +268,9 @@ from make-paste-filename."))
   (title string)
   (content string)
   :documentation "Create a new paste and return a URL to its content."
-  :authenticate
-  (< (length title) +paste-title-limit+)
+  :authorize
+  (or (<= (length title) +paste-title-limit+)
+      (http:err :content "Paste title must be shorter than 80 characters."))
   :handle
   (do>
     location := (make-paste-filename content title)
@@ -286,6 +290,11 @@ from make-paste-filename."))
 
     (fully-qualified-route-to instance)))
 
+(defmethod http:check-request-compliance ((class (eql (find-class 'create-paste))))
+  (unless (< (parse-integer (http:get-header :content-length))
+             +paste-length-limit+)
+    (http:err :content (format nil "Paste bodies limited to 1MB"))))
+
 (http:defendpoint new-paste-form
   :using has-known-key
   :get :route ""