gateway: limit requests to a predefined max size

This commit is contained in:
Simone Gotti 2019-04-03 16:59:17 +02:00
parent 0a32b78359
commit 84879bf591
2 changed files with 45 additions and 1 deletions

View File

@ -44,6 +44,10 @@ var level = zap.NewAtomicLevelAt(zapcore.InfoLevel)
var logger = slog.New(level) var logger = slog.New(level)
var log = logger.Sugar() var log = logger.Sugar()
const (
maxRequestSize = 1024 * 1024
)
type Gateway struct { type Gateway struct {
c *config.Gateway c *config.Gateway
@ -269,8 +273,10 @@ func (g *Gateway) Run(ctx context.Context) error {
router.Handle("/webhooks", webhooksHandler).Methods("POST") router.Handle("/webhooks", webhooksHandler).Methods("POST")
router.PathPrefix("/").HandlerFunc(handlers.NewWebBundleHandlerFunc(g.c.APIExposedURL)) router.PathPrefix("/").HandlerFunc(handlers.NewWebBundleHandlerFunc(g.c.APIExposedURL))
maxBytesHandler := handlers.NewMaxBytesHandler(router, 1024*1024)
mainrouter := mux.NewRouter() mainrouter := mux.NewRouter()
mainrouter.PathPrefix("/").Handler(corsHandler(router)) mainrouter.PathPrefix("/").Handler(corsHandler(maxBytesHandler))
var tlsConfig *tls.Config var tlsConfig *tls.Config
if g.c.Web.TLS { if g.c.Web.TLS {

View File

@ -0,0 +1,38 @@
// Copyright 2019 Sorint.lab
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied
// See the License for the specific language governing permissions and
// limitations under the License.
package handlers
import "net/http"
type maxBytesHandler struct {
h http.Handler
n int64
}
func NewMaxBytesHandler(h http.Handler, n int64) *maxBytesHandler {
return &maxBytesHandler{
h: h,
n: n,
}
}
func (h *maxBytesHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
if r.ContentLength > h.n {
http.Error(w, "request too large", http.StatusExpectationFailed)
return
}
r.Body = http.MaxBytesReader(w, r.Body, h.n)
h.h.ServeHTTP(w, r)
}