[backend/core] Limit HttpClient buffer size to 1MiB, except DriveService from this policy (until proper limits are in place there)

Iceshrimp.Backend/Core/Extensions/ServiceExtensions.cs

@@ -86,6 +86,7 @@ public static class ServiceExtensions
 		// Singleton = instantiated once across application lifetime
 		services
 			.AddSingleton<HttpClient, CustomHttpClient>()
+			.AddSingleton<UnrestrictedHttpClient>()
 			.AddSingleton<HttpRequestService>()
 			.AddSingleton<CronService>()
 			.AddSingleton<QueueService>()

Iceshrimp.Backend/Core/Services/CustomHttpClient.cs

@@ -31,6 +31,9 @@ public class CustomHttpClient : HttpClient
 		DefaultRequestHeaders.TryAddWithoutValidation("User-Agent", options.Value.UserAgent);
 		Timeout = TimeSpan.FromSeconds(30);
 
+		// Protect against DoS attacks
+		MaxResponseContentBufferSize = 1024 * 1024; // 1MiB
+
 		// Configure FastFallback
 		FastFallbackHandler.Logger   = loggerFactory.CreateLogger<FastFallback>();
 		FastFallbackHandler.Security = security;
@@ -363,3 +366,15 @@ public class CustomHttpClient : HttpClient
 		}
 	}
 }
+
+public class UnrestrictedHttpClient : CustomHttpClient
+{
+	public UnrestrictedHttpClient(
+		IOptions<Config.InstanceSection> options,
+		IOptionsMonitor<Config.SecuritySection> security,
+		ILoggerFactory loggerFactory
+	) : base(options, security, loggerFactory)
+	{
+		MaxResponseContentBufferSize = int.MaxValue;
+	}
+}

Iceshrimp.Backend/Core/Services/DriveService.cs

@@ -17,7 +17,7 @@ public class DriveService(
 	[SuppressMessage("ReSharper", "SuggestBaseTypeForParameterInConstructor")]
 	IOptionsSnapshot<Config.StorageSection> storageConfig,
 	IOptions<Config.InstanceSection> instanceConfig,
-	HttpClient httpClient,
+	UnrestrictedHttpClient httpClient,
 	QueueService queueSvc,
 	ILogger<DriveService> logger,
 	ImageProcessor imageProcessor