A limit of 200kb should suffice for the file size. This can (probably) be checked via the Content-Length header. There's also libraries that could do this. Like this or this for examples.
We may also benefit of limiting the width and height of the image.
