[BUG]: No file size limit on PDF template upload — potential DoS

[abhishek-8081]

⚡️ Describe the Bug

The POST /templates/upload endpoint in api/routes/templates.py reads the entire uploaded file into memory without any size validation:

line 76

content = await file.read()

There is no check on the file size before reading. A malicious or accidental upload of a very large file could exhaust server memory and potentially crash the application.

👣 Steps to Reproduce

1. Send a request to POST /templates/upload
2. Upload a very large file (e.g., hundreds of MBs or more)
3. Observe increased memory usage and possible server crash or slowdown

📉 Expected Behavior

The endpoint should validate file size and reject uploads exceeding a reasonable limit (e.g., 10MB). Typical PDF form uploads are generally well under 1MB.

🖥️ Environment Information

• OS: Any
• Docker/Compose Version: Any
• Ollama Model used: Not applicable

📸 Screenshots/Logs

⚠️ Why This Is Necessary

• Prevents memory exhaustion and server crashes caused by large uploads
• Protects against denial-of-service (DoS) attacks using oversized files
• Ensures stable performance and resource usage in production
• Improves overall reliability and user experience

🕵️ Possible Fix

MAX_UPLOAD_SIZE = 10 * 1024 * 1024 # 10 MB
content = await file.read()

if len(content) > MAX_UPLOAD_SIZE:
raise HTTPException(status_code=413, detail="File too large. Maximum size is 10MB.")