satellite/console: GraphQL input length limitation. (#3045)
This commit is contained in:
parent
1ed724b7a6
commit
69aa0c6cc4
@ -122,7 +122,8 @@ func NewServer(logger *zap.Logger, config Config, service *console.Service, mail
|
||||
}
|
||||
|
||||
server.server = http.Server{
|
||||
Handler: mux,
|
||||
Handler: mux,
|
||||
MaxHeaderBytes: ContentLengthLimit.Int(),
|
||||
}
|
||||
|
||||
return &server
|
||||
@ -393,7 +394,7 @@ func (server *Server) grapqlHandler(w http.ResponseWriter, r *http.Request) {
|
||||
w.Header().Set(contentType, applicationJSON)
|
||||
|
||||
token := getToken(r)
|
||||
query, err := getQuery(r)
|
||||
query, err := getQuery(w, r)
|
||||
if err != nil {
|
||||
http.Error(w, err.Error(), http.StatusBadRequest)
|
||||
return
|
||||
|
@ -12,9 +12,13 @@ import (
|
||||
|
||||
"github.com/zeebo/errs"
|
||||
|
||||
"storj.io/storj/internal/memory"
|
||||
"storj.io/storj/satellite/console/consoleweb/consoleql"
|
||||
)
|
||||
|
||||
// ContentLengthLimit describes 4KB limit
|
||||
const ContentLengthLimit = 4 * memory.KB
|
||||
|
||||
func init() {
|
||||
err := mime.AddExtensionType(".ttf", "font/ttf")
|
||||
if err != nil {
|
||||
@ -49,28 +53,29 @@ func getToken(req *http.Request) string {
|
||||
}
|
||||
|
||||
// getQuery retrieves graphql query from request
|
||||
func getQuery(req *http.Request) (query graphqlJSON, err error) {
|
||||
func getQuery(w http.ResponseWriter, req *http.Request) (query graphqlJSON, err error) {
|
||||
switch req.Method {
|
||||
case http.MethodGet:
|
||||
query.Query = req.URL.Query().Get(consoleql.Query)
|
||||
return query, nil
|
||||
case http.MethodPost:
|
||||
return queryPOST(req)
|
||||
return queryPOST(w, req)
|
||||
default:
|
||||
return query, errs.New("wrong http request type")
|
||||
}
|
||||
}
|
||||
|
||||
// queryPOST retrieves graphql query from POST request
|
||||
func queryPOST(req *http.Request) (query graphqlJSON, err error) {
|
||||
func queryPOST(w http.ResponseWriter, req *http.Request) (query graphqlJSON, err error) {
|
||||
limitedReader := http.MaxBytesReader(w, req.Body, ContentLengthLimit.Int64())
|
||||
switch typ := req.Header.Get(contentType); typ {
|
||||
case applicationGraphql:
|
||||
body, err := ioutil.ReadAll(req.Body)
|
||||
body, err := ioutil.ReadAll(limitedReader)
|
||||
query.Query = string(body)
|
||||
return query, errs.Combine(err, req.Body.Close())
|
||||
return query, errs.Combine(err, limitedReader.Close())
|
||||
case applicationJSON:
|
||||
err := json.NewDecoder(req.Body).Decode(&query)
|
||||
return query, errs.Combine(err, req.Body.Close())
|
||||
err := json.NewDecoder(limitedReader).Decode(&query)
|
||||
return query, errs.Combine(err, limitedReader.Close())
|
||||
default:
|
||||
return query, errs.New("can't parse request body of type %s", typ)
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user