2016-05-01 05:08:06 +02:00
|
|
|
package middleware
|
|
|
|
|
|
|
|
import (
|
2016-05-23 20:23:15 +02:00
|
|
|
"bytes"
|
2022-12-04 22:17:48 +02:00
|
|
|
"io"
|
2016-05-01 05:08:06 +02:00
|
|
|
"net/http"
|
2016-09-23 07:53:44 +02:00
|
|
|
"net/http/httptest"
|
2016-05-01 05:08:06 +02:00
|
|
|
"testing"
|
|
|
|
|
2021-07-15 22:34:01 +02:00
|
|
|
"github.com/labstack/echo/v5"
|
2016-05-01 05:08:06 +02:00
|
|
|
"github.com/stretchr/testify/assert"
|
|
|
|
)
|
|
|
|
|
2021-07-15 22:34:01 +02:00
|
|
|
func TestBodyLimitConfig_ToMiddleware(t *testing.T) {
|
2016-05-01 05:08:06 +02:00
|
|
|
e := echo.New()
|
2016-05-23 20:23:15 +02:00
|
|
|
hw := []byte("Hello, World!")
|
2018-10-14 17:16:58 +02:00
|
|
|
req := httptest.NewRequest(http.MethodPost, "/", bytes.NewReader(hw))
|
2016-09-23 07:53:44 +02:00
|
|
|
rec := httptest.NewRecorder()
|
2016-05-01 05:08:06 +02:00
|
|
|
c := e.NewContext(req, rec)
|
|
|
|
h := func(c echo.Context) error {
|
2022-12-04 22:17:48 +02:00
|
|
|
body, err := io.ReadAll(c.Request().Body)
|
2016-05-01 06:56:35 +02:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2016-05-01 05:08:06 +02:00
|
|
|
return c.String(http.StatusOK, string(body))
|
|
|
|
}
|
|
|
|
|
2016-05-23 20:23:15 +02:00
|
|
|
// Based on content length (within limit)
|
2021-07-15 22:34:01 +02:00
|
|
|
mw, err := BodyLimitConfig{LimitBytes: 2 * MB}.ToMiddleware()
|
|
|
|
assert.NoError(t, err)
|
|
|
|
|
|
|
|
err = mw(h)(c)
|
|
|
|
if assert.NoError(t, err) {
|
|
|
|
assert.Equal(t, http.StatusOK, rec.Code)
|
|
|
|
assert.Equal(t, hw, rec.Body.Bytes())
|
2016-05-23 20:23:15 +02:00
|
|
|
}
|
|
|
|
|
2021-07-15 22:34:01 +02:00
|
|
|
// Based on content read (overlimit)
|
|
|
|
mw, err = BodyLimitConfig{LimitBytes: 2}.ToMiddleware()
|
|
|
|
assert.NoError(t, err)
|
|
|
|
he := mw(h)(c).(*echo.HTTPError)
|
|
|
|
assert.Equal(t, http.StatusRequestEntityTooLarge, he.Code)
|
2016-05-23 20:23:15 +02:00
|
|
|
|
|
|
|
// Based on content read (within limit)
|
2018-10-14 17:16:58 +02:00
|
|
|
req = httptest.NewRequest(http.MethodPost, "/", bytes.NewReader(hw))
|
2022-03-21 17:45:06 +02:00
|
|
|
req.ContentLength = -1
|
2016-09-23 07:53:44 +02:00
|
|
|
rec = httptest.NewRecorder()
|
2016-05-23 20:23:15 +02:00
|
|
|
c = e.NewContext(req, rec)
|
2021-07-15 22:34:01 +02:00
|
|
|
|
|
|
|
mw, err = BodyLimitConfig{LimitBytes: 2 * MB}.ToMiddleware()
|
|
|
|
assert.NoError(t, err)
|
|
|
|
err = mw(h)(c)
|
|
|
|
assert.NoError(t, err)
|
|
|
|
assert.Equal(t, http.StatusOK, rec.Code)
|
|
|
|
assert.Equal(t, "Hello, World!", rec.Body.String())
|
2016-05-01 05:08:06 +02:00
|
|
|
|
2016-05-23 20:23:15 +02:00
|
|
|
// Based on content read (overlimit)
|
2018-10-14 17:16:58 +02:00
|
|
|
req = httptest.NewRequest(http.MethodPost, "/", bytes.NewReader(hw))
|
2022-03-21 17:45:06 +02:00
|
|
|
req.ContentLength = -1
|
2016-09-23 07:53:44 +02:00
|
|
|
rec = httptest.NewRecorder()
|
2016-05-01 06:56:35 +02:00
|
|
|
c = e.NewContext(req, rec)
|
2021-07-15 22:34:01 +02:00
|
|
|
mw, err = BodyLimitConfig{LimitBytes: 2}.ToMiddleware()
|
|
|
|
assert.NoError(t, err)
|
|
|
|
he = mw(h)(c).(*echo.HTTPError)
|
|
|
|
assert.Equal(t, http.StatusRequestEntityTooLarge, he.Code)
|
2016-05-01 05:08:06 +02:00
|
|
|
}
|
2018-03-15 15:28:25 +02:00
|
|
|
|
|
|
|
func TestBodyLimitReader(t *testing.T) {
|
|
|
|
hw := []byte("Hello, World!")
|
|
|
|
|
|
|
|
config := BodyLimitConfig{
|
2021-07-15 22:34:01 +02:00
|
|
|
Skipper: DefaultSkipper,
|
|
|
|
LimitBytes: 2,
|
2018-03-15 15:28:25 +02:00
|
|
|
}
|
|
|
|
reader := &limitedReader{
|
|
|
|
BodyLimitConfig: config,
|
2022-12-04 22:17:48 +02:00
|
|
|
reader: io.NopCloser(bytes.NewReader(hw)),
|
2018-03-15 15:28:25 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
// read all should return ErrStatusRequestEntityTooLarge
|
2022-12-04 22:17:48 +02:00
|
|
|
_, err := io.ReadAll(reader)
|
2018-03-15 15:28:25 +02:00
|
|
|
he := err.(*echo.HTTPError)
|
|
|
|
assert.Equal(t, http.StatusRequestEntityTooLarge, he.Code)
|
|
|
|
|
|
|
|
// reset reader and read two bytes must succeed
|
|
|
|
bt := make([]byte, 2)
|
2023-07-22 22:25:34 +02:00
|
|
|
reader.Reset(io.NopCloser(bytes.NewReader(hw)))
|
2018-03-15 15:28:25 +02:00
|
|
|
n, err := reader.Read(bt)
|
|
|
|
assert.Equal(t, 2, n)
|
|
|
|
assert.Equal(t, nil, err)
|
|
|
|
}
|
2021-07-15 22:34:01 +02:00
|
|
|
|
|
|
|
func TestBodyLimit_skipper(t *testing.T) {
|
|
|
|
e := echo.New()
|
|
|
|
h := func(c echo.Context) error {
|
2022-12-04 22:17:48 +02:00
|
|
|
body, err := io.ReadAll(c.Request().Body)
|
2021-07-15 22:34:01 +02:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
return c.String(http.StatusOK, string(body))
|
|
|
|
}
|
|
|
|
mw, err := BodyLimitConfig{
|
|
|
|
Skipper: func(c echo.Context) bool {
|
|
|
|
return true
|
|
|
|
},
|
|
|
|
LimitBytes: 2,
|
|
|
|
}.ToMiddleware()
|
|
|
|
assert.NoError(t, err)
|
|
|
|
|
|
|
|
hw := []byte("Hello, World!")
|
|
|
|
req := httptest.NewRequest(http.MethodPost, "/", bytes.NewReader(hw))
|
|
|
|
rec := httptest.NewRecorder()
|
|
|
|
c := e.NewContext(req, rec)
|
|
|
|
|
|
|
|
err = mw(h)(c)
|
|
|
|
assert.NoError(t, err)
|
|
|
|
assert.Equal(t, http.StatusOK, rec.Code)
|
|
|
|
assert.Equal(t, hw, rec.Body.Bytes())
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestBodyLimitWithConfig(t *testing.T) {
|
|
|
|
e := echo.New()
|
|
|
|
hw := []byte("Hello, World!")
|
|
|
|
req := httptest.NewRequest(http.MethodPost, "/", bytes.NewReader(hw))
|
|
|
|
rec := httptest.NewRecorder()
|
|
|
|
c := e.NewContext(req, rec)
|
|
|
|
h := func(c echo.Context) error {
|
2022-12-04 22:17:48 +02:00
|
|
|
body, err := io.ReadAll(c.Request().Body)
|
2021-07-15 22:34:01 +02:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
return c.String(http.StatusOK, string(body))
|
|
|
|
}
|
|
|
|
|
|
|
|
mw := BodyLimitWithConfig(BodyLimitConfig{LimitBytes: 2 * MB})
|
|
|
|
|
|
|
|
err := mw(h)(c)
|
|
|
|
assert.NoError(t, err)
|
|
|
|
assert.Equal(t, http.StatusOK, rec.Code)
|
|
|
|
assert.Equal(t, hw, rec.Body.Bytes())
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestBodyLimit(t *testing.T) {
|
|
|
|
e := echo.New()
|
|
|
|
hw := []byte("Hello, World!")
|
|
|
|
req := httptest.NewRequest(http.MethodPost, "/", bytes.NewReader(hw))
|
|
|
|
rec := httptest.NewRecorder()
|
|
|
|
c := e.NewContext(req, rec)
|
|
|
|
h := func(c echo.Context) error {
|
2022-12-04 22:17:48 +02:00
|
|
|
body, err := io.ReadAll(c.Request().Body)
|
2021-07-15 22:34:01 +02:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
return c.String(http.StatusOK, string(body))
|
|
|
|
}
|
|
|
|
|
|
|
|
mw := BodyLimit(2 * MB)
|
|
|
|
|
|
|
|
err := mw(h)(c)
|
|
|
|
assert.NoError(t, err)
|
|
|
|
assert.Equal(t, http.StatusOK, rec.Code)
|
|
|
|
assert.Equal(t, hw, rec.Body.Bytes())
|
|
|
|
}
|