From e7318f46c4b1fea4f35258ef59c9324cd7fe5127 Mon Sep 17 00:00:00 2001 From: Michael Woodward Date: Thu, 19 Dec 2024 10:55:25 +0000 Subject: [PATCH] Utilise http.MaxBytesReader --- webhook_verifier.go | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/webhook_verifier.go b/webhook_verifier.go index 794656f..75d7b4a 100644 --- a/webhook_verifier.go +++ b/webhook_verifier.go @@ -17,9 +17,6 @@ var ( // ErrInvalidSignatureFormat is returned when the signature format is invalid. ErrInvalidSignatureFormat = errors.New("invalid signature format") - - // ErrRequestExceedsExpectation is returned when the request exceeds the limit - ErrRequestExceedsExpectation = errors.New("request body size exceeds limit") ) // signatureRegexp matches the Paddle-Signature header format, e.g.: @@ -55,17 +52,14 @@ func (wv *WebhookVerifier) Verify(req *http.Request) (bool, error) { h1 := matches[0][2] const maxBodySize = 2 << 20 // 2 MB - limitedReader := io.LimitReader(req.Body, maxBodySize) - body, err := io.ReadAll(limitedReader) + req.Body = http.MaxBytesReader(nil, req.Body, maxBodySize) + + body, err := io.ReadAll(req.Body) if err != nil { return false, err } - if len(body) == maxBodySize { - return false, ErrRequestExceedsExpectation - } - req.Body = io.NopCloser(bytes.NewBuffer(body)) mac := hmac.New(sha256.New, wv.secretKey)