limit http request body size

ayinke-llc · Jan 24, 2024 · 5b3f25e · 5b3f25e
1 parent c0f3c60
commit 5b3f25e
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 5 deletions.
diff --git a/cmd/cmd.go b/cmd/cmd.go
@@ -63,6 +63,7 @@ func initializeConfig(cfg *config.Config) error {
 	viper.SetDefault("http.database.log_queries", false)
 	viper.SetDefault("http.port", 4200)
 	viper.SetDefault("http.domain", "sdump.app")
+	viper.SetDefault("http.max_request_body", 1024)
 
 	return viper.Unmarshal(cfg)
 }

diff --git a/config/config.go b/config/config.go
@@ -17,21 +17,22 @@ type SSHConfig struct {
 type HTTPConfig struct {
 	// Port to run http server on
 	// The server
-	Port int `mapstructure:"port" json:"port,omitempty"`
+	Port int `mapstructure:"port" json:"port,omitempty" yaml:"port"`
 
 	// AdminSecret is used to protect routes that are meant to be internal or
 	// only ran by an admin
 	// Endpoints to create a new url as an example should only be ran by an admin
 	// or the ssh server ( after it has verified we have a verified connection)
 	// If empty, server would crash
-	AdminSecret string `mapstructure:"admin_secret" json:"admin_secret,omitempty"`
+	AdminSecret string `mapstructure:"admin_secret" json:"admin_secret,omitempty" yaml:"admin_secret"`
 
 	Database struct {
 		DSN        string `mapstructure:"dsn" json:"dsn,omitempty" yaml:"dsn"`
-		LogQueries bool   `mapstructure:"log_queries" json:"log_queries,omitempty"`
+		LogQueries bool   `mapstructure:"log_queries" json:"log_queries,omitempty" yaml:"log_queries"`
 	} `mapstructure:"database" json:"database,omitempty" yaml:"database"`
 
-	Domain string `json:"domain,omitempty"`
+	Domain             string `json:"domain,omitempty" yaml:"domain" mapstructure:"domain"`
+	MaxRequestBodySize int64  `json:"max_request_body_size,omitempty" yaml:"max_request_body_size" mapstructure:"max_request_body_size"`
 }
 
 type TUIConfig struct {

diff --git a/server/httpd/url.go b/server/httpd/url.go
@@ -78,6 +78,8 @@ func (u *urlHandler) ingest(w http.ResponseWriter, r *http.Request) {
 
 	logger.Debug("Ingesting http request")
 
+	r.Body = http.MaxBytesReader(w, r.Body, u.cfg.HTTP.MaxRequestBodySize)
+
 	ctx := r.Context()
 
 	endpoint, err := u.urlRepo.Get(ctx, &sdump.FindURLOptions{
@@ -100,9 +102,14 @@ func (u *urlHandler) ingest(w http.ResponseWriter, r *http.Request) {
 
 	size, err := io.Copy(s, r.Body)
 	if err != nil {
+		msg := "could not copy request body"
+		if maxErr, ok := err.(*http.MaxBytesError); ok {
+			msg = maxErr.Error()
+		}
+
 		logger.WithError(err).Error("could not copy request body")
 		_ = render.Render(w, r, newAPIError(http.StatusInternalServerError,
-			"could not copy request body"))
+			msg))
 		return
 	}