From f016ae172c640b55691c6701f9590766dd005c96 Mon Sep 17 00:00:00 2001
From: Ainar Garipov <a.garipov@adguard.com>
Date: Thu, 11 Feb 2021 14:10:42 +0300
Subject: [PATCH] Pull request: home: inc req size for some apis

Merge in DNS/adguard-home from 2666-req-body-lim to master

Updates #2666.

Squashed commit of the following:

commit a525974aee54831963e3f95c8186d44f1752e9c7
Merge: 947703f3 44168292
Author: Ainar Garipov <A.Garipov@AdGuard.COM>
Date:   Thu Feb 11 13:48:06 2021 +0300

    Merge branch 'master' into 2666-req-body-lim

commit 947703f36e1ee0ab08f938850f76824b7899d7e1
Author: Ainar Garipov <A.Garipov@AdGuard.COM>
Date:   Thu Feb 11 13:28:54 2021 +0300

    home: inc req size for some apis
---
 CHANGELOG.md                 |  7 +++++++
 internal/home/middlewares.go | 12 +++++++++++-
 internal/home/web.go         |  2 +-
 3 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1b17ff8b..7560957b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -17,13 +17,20 @@ and this project adheres to
 ## [v0.105.1] - 2021-02-24
 -->
 
+### Changed
+
+- Increase the HTTP API request body size limit for the `/control/access/set`
+  API ([#2666]).
+
 ### Fixed
 
+- Set the request body size limit for HTTPS reqeusts as well.
 - Incorrect version tag in the Docker release ([#2663]).
 - DNSCrypt queries weren't marked as such in logs ([#2662]).
 
 [#2662]: https://github.com/AdguardTeam/AdGuardHome/issues/2662
 [#2663]: https://github.com/AdguardTeam/AdGuardHome/issues/2663
+[#2666]: https://github.com/AdguardTeam/AdGuardHome/issues/2666
 
 
 
diff --git a/internal/home/middlewares.go b/internal/home/middlewares.go
index d530ace8..7d34f73e 100644
--- a/internal/home/middlewares.go
+++ b/internal/home/middlewares.go
@@ -30,7 +30,17 @@ const RequestBodySizeLimit = 64 * 1024
 func limitRequestBody(h http.Handler) (limited http.Handler) {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		var err error
-		r.Body, err = aghio.LimitReadCloser(r.Body, RequestBodySizeLimit)
+
+		var bodySizeLimit int64 = RequestBodySizeLimit
+		if u := r.URL; u.Path == "/control/access/set" {
+			// An exception for a poorly designed API.  Remove once
+			// the new, better API is up.
+			//
+			// See https://github.com/AdguardTeam/AdGuardHome/issues/2666.
+			bodySizeLimit *= 4
+		}
+
+		r.Body, err = aghio.LimitReadCloser(r.Body, bodySizeLimit)
 		if err != nil {
 			log.Error("limitRequestBody: %s", err)
 
diff --git a/internal/home/web.go b/internal/home/web.go
index 0048f427..cdd19aba 100644
--- a/internal/home/web.go
+++ b/internal/home/web.go
@@ -259,7 +259,7 @@ func (web *Web) tlsServerLoop() {
 				RootCAs:      Context.tlsRoots,
 				CipherSuites: Context.tlsCiphers,
 			},
-			Handler:           Context.mux,
+			Handler:           withMiddlewares(Context.mux, limitRequestBody),
 			ReadTimeout:       web.conf.ReadTimeout,
 			ReadHeaderTimeout: web.conf.ReadHeaderTimeout,
 			WriteTimeout:      web.conf.WriteTimeout,