2016-04-30 20:08:06 -07:00
|
|
|
package middleware
|
|
|
|
|
|
|
|
import (
|
|
|
|
"io"
|
|
|
|
"sync"
|
|
|
|
|
2021-07-15 23:34:01 +03:00
|
|
|
"github.com/labstack/echo/v5"
|
2016-04-30 20:08:06 -07:00
|
|
|
)
|
|
|
|
|
2021-07-15 23:34:01 +03:00
|
|
|
// BodyLimitConfig defines the config for BodyLimitWithConfig middleware.
|
|
|
|
type BodyLimitConfig struct {
|
|
|
|
// Skipper defines a function to skip middleware.
|
|
|
|
Skipper Skipper
|
2016-07-27 09:34:44 -07:00
|
|
|
|
2021-07-15 23:34:01 +03:00
|
|
|
// LimitBytes is maximum allowed size in bytes for a request body
|
|
|
|
LimitBytes int64
|
|
|
|
}
|
2016-04-30 20:08:06 -07:00
|
|
|
|
2021-07-15 23:34:01 +03:00
|
|
|
type limitedReader struct {
|
|
|
|
BodyLimitConfig
|
2023-07-22 23:25:34 +03:00
|
|
|
reader io.ReadCloser
|
|
|
|
read int64
|
2021-07-15 23:34:01 +03:00
|
|
|
}
|
2016-07-27 09:34:44 -07:00
|
|
|
|
|
|
|
// BodyLimit returns a BodyLimit middleware.
|
2016-04-30 20:08:06 -07:00
|
|
|
//
|
2021-07-15 23:34:01 +03:00
|
|
|
// BodyLimit middleware sets the maximum allowed size for a request body, if the size exceeds the configured limit, it
|
|
|
|
// sends "413 - Request Entity Too Large" response. The BodyLimit is determined based on both `Content-Length` request
|
2016-05-23 11:23:15 -07:00
|
|
|
// header and actual content read, which makes it super secure.
|
2021-07-15 23:34:01 +03:00
|
|
|
func BodyLimit(limitBytes int64) echo.MiddlewareFunc {
|
|
|
|
return BodyLimitWithConfig(BodyLimitConfig{LimitBytes: limitBytes})
|
2016-04-30 20:08:06 -07:00
|
|
|
}
|
|
|
|
|
2021-07-15 23:34:01 +03:00
|
|
|
// BodyLimitWithConfig returns a BodyLimitWithConfig middleware. Middleware sets the maximum allowed size in bytes for
|
|
|
|
// a request body, if the size exceeds the configured limit, it sends "413 - Request Entity Too Large" response.
|
|
|
|
// The BodyLimitWithConfig is determined based on both `Content-Length` request header and actual content read, which
|
|
|
|
// makes it super secure.
|
2016-04-30 20:08:06 -07:00
|
|
|
func BodyLimitWithConfig(config BodyLimitConfig) echo.MiddlewareFunc {
|
2021-07-15 23:34:01 +03:00
|
|
|
return toMiddlewareOrPanic(config)
|
|
|
|
}
|
|
|
|
|
|
|
|
// ToMiddleware converts BodyLimitConfig to middleware or returns an error for invalid configuration
|
|
|
|
func (config BodyLimitConfig) ToMiddleware() (echo.MiddlewareFunc, error) {
|
2016-07-27 09:34:44 -07:00
|
|
|
if config.Skipper == nil {
|
2021-07-15 23:34:01 +03:00
|
|
|
config.Skipper = DefaultSkipper
|
2016-07-27 09:34:44 -07:00
|
|
|
}
|
2021-07-15 23:34:01 +03:00
|
|
|
pool := sync.Pool{
|
|
|
|
New: func() interface{} {
|
|
|
|
return &limitedReader{BodyLimitConfig: config}
|
|
|
|
},
|
2016-04-30 20:08:06 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
return func(next echo.HandlerFunc) echo.HandlerFunc {
|
|
|
|
return func(c echo.Context) error {
|
2016-07-27 09:34:44 -07:00
|
|
|
if config.Skipper(c) {
|
|
|
|
return next(c)
|
|
|
|
}
|
2016-04-30 20:08:06 -07:00
|
|
|
req := c.Request()
|
2016-05-23 11:23:15 -07:00
|
|
|
|
|
|
|
// Based on content length
|
2021-07-15 23:34:01 +03:00
|
|
|
if req.ContentLength > config.LimitBytes {
|
2016-05-23 11:23:15 -07:00
|
|
|
return echo.ErrStatusRequestEntityTooLarge
|
|
|
|
}
|
|
|
|
|
|
|
|
// Based on content read
|
2016-04-30 20:08:06 -07:00
|
|
|
r := pool.Get().(*limitedReader)
|
2023-07-22 23:25:34 +03:00
|
|
|
r.Reset(req.Body)
|
2016-04-30 20:08:06 -07:00
|
|
|
defer pool.Put(r)
|
2016-09-22 22:53:44 -07:00
|
|
|
req.Body = r
|
2016-05-23 11:23:15 -07:00
|
|
|
|
2016-04-30 20:08:06 -07:00
|
|
|
return next(c)
|
|
|
|
}
|
2021-07-15 23:34:01 +03:00
|
|
|
}, nil
|
2016-04-30 20:08:06 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
func (r *limitedReader) Read(b []byte) (n int, err error) {
|
|
|
|
n, err = r.reader.Read(b)
|
2016-05-10 08:59:55 -07:00
|
|
|
r.read += int64(n)
|
2021-07-15 23:34:01 +03:00
|
|
|
if r.read > r.LimitBytes {
|
2016-04-30 20:08:06 -07:00
|
|
|
return n, echo.ErrStatusRequestEntityTooLarge
|
|
|
|
}
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2016-09-22 22:53:44 -07:00
|
|
|
func (r *limitedReader) Close() error {
|
|
|
|
return r.reader.Close()
|
|
|
|
}
|
|
|
|
|
2023-07-22 23:25:34 +03:00
|
|
|
func (r *limitedReader) Reset(reader io.ReadCloser) {
|
2016-04-30 20:08:06 -07:00
|
|
|
r.reader = reader
|
2018-03-15 14:28:25 +01:00
|
|
|
r.read = 0
|
2016-04-30 20:08:06 -07:00
|
|
|
}
|