satellite/console: GraphQL input length limitation. (#3045)
This commit is contained in:
parent
1ed724b7a6
commit
69aa0c6cc4
@ -123,6 +123,7 @@ func NewServer(logger *zap.Logger, config Config, service *console.Service, mail
|
|||||||
|
|
||||||
server.server = http.Server{
|
server.server = http.Server{
|
||||||
Handler: mux,
|
Handler: mux,
|
||||||
|
MaxHeaderBytes: ContentLengthLimit.Int(),
|
||||||
}
|
}
|
||||||
|
|
||||||
return &server
|
return &server
|
||||||
@ -393,7 +394,7 @@ func (server *Server) grapqlHandler(w http.ResponseWriter, r *http.Request) {
|
|||||||
w.Header().Set(contentType, applicationJSON)
|
w.Header().Set(contentType, applicationJSON)
|
||||||
|
|
||||||
token := getToken(r)
|
token := getToken(r)
|
||||||
query, err := getQuery(r)
|
query, err := getQuery(w, r)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
http.Error(w, err.Error(), http.StatusBadRequest)
|
http.Error(w, err.Error(), http.StatusBadRequest)
|
||||||
return
|
return
|
||||||
|
@ -12,9 +12,13 @@ import (
|
|||||||
|
|
||||||
"github.com/zeebo/errs"
|
"github.com/zeebo/errs"
|
||||||
|
|
||||||
|
"storj.io/storj/internal/memory"
|
||||||
"storj.io/storj/satellite/console/consoleweb/consoleql"
|
"storj.io/storj/satellite/console/consoleweb/consoleql"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
// ContentLengthLimit describes 4KB limit
|
||||||
|
const ContentLengthLimit = 4 * memory.KB
|
||||||
|
|
||||||
func init() {
|
func init() {
|
||||||
err := mime.AddExtensionType(".ttf", "font/ttf")
|
err := mime.AddExtensionType(".ttf", "font/ttf")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@ -49,28 +53,29 @@ func getToken(req *http.Request) string {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// getQuery retrieves graphql query from request
|
// getQuery retrieves graphql query from request
|
||||||
func getQuery(req *http.Request) (query graphqlJSON, err error) {
|
func getQuery(w http.ResponseWriter, req *http.Request) (query graphqlJSON, err error) {
|
||||||
switch req.Method {
|
switch req.Method {
|
||||||
case http.MethodGet:
|
case http.MethodGet:
|
||||||
query.Query = req.URL.Query().Get(consoleql.Query)
|
query.Query = req.URL.Query().Get(consoleql.Query)
|
||||||
return query, nil
|
return query, nil
|
||||||
case http.MethodPost:
|
case http.MethodPost:
|
||||||
return queryPOST(req)
|
return queryPOST(w, req)
|
||||||
default:
|
default:
|
||||||
return query, errs.New("wrong http request type")
|
return query, errs.New("wrong http request type")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// queryPOST retrieves graphql query from POST request
|
// queryPOST retrieves graphql query from POST request
|
||||||
func queryPOST(req *http.Request) (query graphqlJSON, err error) {
|
func queryPOST(w http.ResponseWriter, req *http.Request) (query graphqlJSON, err error) {
|
||||||
|
limitedReader := http.MaxBytesReader(w, req.Body, ContentLengthLimit.Int64())
|
||||||
switch typ := req.Header.Get(contentType); typ {
|
switch typ := req.Header.Get(contentType); typ {
|
||||||
case applicationGraphql:
|
case applicationGraphql:
|
||||||
body, err := ioutil.ReadAll(req.Body)
|
body, err := ioutil.ReadAll(limitedReader)
|
||||||
query.Query = string(body)
|
query.Query = string(body)
|
||||||
return query, errs.Combine(err, req.Body.Close())
|
return query, errs.Combine(err, limitedReader.Close())
|
||||||
case applicationJSON:
|
case applicationJSON:
|
||||||
err := json.NewDecoder(req.Body).Decode(&query)
|
err := json.NewDecoder(limitedReader).Decode(&query)
|
||||||
return query, errs.Combine(err, req.Body.Close())
|
return query, errs.Combine(err, limitedReader.Close())
|
||||||
default:
|
default:
|
||||||
return query, errs.New("can't parse request body of type %s", typ)
|
return query, errs.New("can't parse request body of type %s", typ)
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user