diff --git a/internal/services/gateway/gateway.go b/internal/services/gateway/gateway.go index de72c86..9b7c01c 100644 --- a/internal/services/gateway/gateway.go +++ b/internal/services/gateway/gateway.go @@ -44,6 +44,10 @@ var level = zap.NewAtomicLevelAt(zapcore.InfoLevel) var logger = slog.New(level) var log = logger.Sugar() +const ( + maxRequestSize = 1024 * 1024 +) + type Gateway struct { c *config.Gateway @@ -269,8 +273,10 @@ func (g *Gateway) Run(ctx context.Context) error { router.Handle("/webhooks", webhooksHandler).Methods("POST") router.PathPrefix("/").HandlerFunc(handlers.NewWebBundleHandlerFunc(g.c.APIExposedURL)) + maxBytesHandler := handlers.NewMaxBytesHandler(router, 1024*1024) + mainrouter := mux.NewRouter() - mainrouter.PathPrefix("/").Handler(corsHandler(router)) + mainrouter.PathPrefix("/").Handler(corsHandler(maxBytesHandler)) var tlsConfig *tls.Config if g.c.Web.TLS { diff --git a/internal/services/gateway/handlers/maxbyte.go b/internal/services/gateway/handlers/maxbyte.go new file mode 100644 index 0000000..6e21083 --- /dev/null +++ b/internal/services/gateway/handlers/maxbyte.go @@ -0,0 +1,38 @@ +// Copyright 2019 Sorint.lab +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied +// See the License for the specific language governing permissions and +// limitations under the License. + +package handlers + +import "net/http" + +type maxBytesHandler struct { + h http.Handler + n int64 +} + +func NewMaxBytesHandler(h http.Handler, n int64) *maxBytesHandler { + return &maxBytesHandler{ + h: h, + n: n, + } +} + +func (h *maxBytesHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { + if r.ContentLength > h.n { + http.Error(w, "request too large", http.StatusExpectationFailed) + return + } + r.Body = http.MaxBytesReader(w, r.Body, h.n) + h.h.ServeHTTP(w, r) +}