Skip to content

Commit

Permalink
Utilise http.MaxBytesReader
Browse files Browse the repository at this point in the history
  • Loading branch information
mikeymike committed Dec 19, 2024
1 parent 33c4a39 commit e7318f4
Showing 1 changed file with 3 additions and 9 deletions.
12 changes: 3 additions & 9 deletions webhook_verifier.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,9 +17,6 @@ var (

// ErrInvalidSignatureFormat is returned when the signature format is invalid.
ErrInvalidSignatureFormat = errors.New("invalid signature format")

// ErrRequestExceedsExpectation is returned when the request exceeds the limit
ErrRequestExceedsExpectation = errors.New("request body size exceeds limit")
)

// signatureRegexp matches the Paddle-Signature header format, e.g.:
Expand Down Expand Up @@ -55,17 +52,14 @@ func (wv *WebhookVerifier) Verify(req *http.Request) (bool, error) {
h1 := matches[0][2]

const maxBodySize = 2 << 20 // 2 MB
limitedReader := io.LimitReader(req.Body, maxBodySize)

body, err := io.ReadAll(limitedReader)
req.Body = http.MaxBytesReader(nil, req.Body, maxBodySize)

body, err := io.ReadAll(req.Body)
if err != nil {
return false, err
}

if len(body) == maxBodySize {
return false, ErrRequestExceedsExpectation
}

req.Body = io.NopCloser(bytes.NewBuffer(body))

mac := hmac.New(sha256.New, wv.secretKey)
Expand Down

0 comments on commit e7318f4

Please sign in to comment.