forked from TykTechnologies/tyk
-
Notifications
You must be signed in to change notification settings - Fork 0
/
middleware_request_size_limit.go
120 lines (96 loc) · 3.34 KB
/
middleware_request_size_limit.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
package main
import (
"errors"
"net/http"
"strconv"
"github.com/TykTechnologies/logrus"
"github.com/TykTechnologies/tykcommon"
)
// TransformMiddleware is a middleware that will apply a template to a request body to transform it's contents ready for an upstream API
type RequestSizeLimitMiddleware struct {
*TykMiddleware
}
type RequestSizeLimitConfig struct{}
// New lets you do any initialisations for the object can be done here
func (t *RequestSizeLimitMiddleware) New() {}
// GetConfig retrieves the configuration from the API config - we user mapstructure for this for simplicity
func (t *RequestSizeLimitMiddleware) GetConfig() (interface{}, error) {
return nil, nil
}
func (t *RequestSizeLimitMiddleware) IsEnabledForSpec() bool {
var used bool
for _, thisVersion := range t.TykMiddleware.Spec.VersionData.Versions {
if len(thisVersion.ExtendedPaths.SizeLimit) > 0 {
used = true
break
}
}
return used
}
func (t *RequestSizeLimitMiddleware) checkRequestLimit(r *http.Request, sizeLimit int64) (error, int) {
statedCL := r.Header.Get("Content-Length")
if statedCL == "" {
return errors.New("Content length is required for this request"), 411
}
asInt, convErr := strconv.Atoi(statedCL)
if convErr != nil {
log.Error("String conversion for content length failed:", convErr)
return errors.New("Content length is not a valid Integer!"), 400
}
// Check stated size
if int64(asInt) > sizeLimit {
log.WithFields(logrus.Fields{
"path": r.URL.Path,
"origin": GetIPFromRequest(r),
"size": statedCL,
"limit": sizeLimit,
}).Info("Attempted access with large request size, blocked.")
return errors.New("Request is too large"), 400
}
// Check actual size
if r.ContentLength > sizeLimit {
// Request size is too big for globals
log.WithFields(logrus.Fields{
"path": r.URL.Path,
"origin": GetIPFromRequest(r),
"size": r.ContentLength,
"limit": sizeLimit,
}).Info("Attempted access with large request size, blocked.")
return errors.New("Request is too large"), 400
}
return nil, 200
}
// RequestSizeLimit will check a request for maximum request size, this can be a global limit or a matched limit.
func (t *RequestSizeLimitMiddleware) ProcessRequest(w http.ResponseWriter, r *http.Request, configuration interface{}) (error, int) {
log.Debug("Request size limiter active")
// Uee the request status validator to see if it's in our cache list
var stat RequestStatus
var meta interface{}
var found bool
vInfo, versionPaths, _, _ := t.TykMiddleware.Spec.GetVersionData(r)
log.Debug("Global limit is: ", vInfo.GlobalSizeLimit)
// Manage global headers first
if vInfo.GlobalSizeLimit > 0 {
log.Debug("Checking global limit")
globErr, code := t.checkRequestLimit(r, vInfo.GlobalSizeLimit)
// If not OK, block
if code != 200 {
return globErr, code
}
}
// if there's no paths at all path check
if len(vInfo.ExtendedPaths.SizeLimit) == 0 {
return nil, 200
}
// If there's a potential match, try to match
found, meta = t.TykMiddleware.Spec.CheckSpecMatchesStatus(r.URL.Path, r.Method, versionPaths, RequestSizeLimit)
if found {
stat = StatusRequestSizeControlled
}
if stat == StatusRequestSizeControlled {
log.Debug("Request size limit matched for this URL, checking...")
thisMeta := meta.(*tykcommon.RequestSizeMeta)
return t.checkRequestLimit(r, thisMeta.SizeLimit)
}
return nil, 200
}