JakeHillion/storj
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

satellite/console: GraphQL input length limitation. (#3045)

Browse Source
This commit is contained in:
Bogdan Artemenko 2019-09-20 20:40:26 +03:00 committed by GitHub
parent 1ed724b7a6
commit 69aa0c6cc4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 15 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
satellite/console/consoleweb/server.go
View File

@ -123,6 +123,7 @@ func NewServer(logger *zap.Logger, config Config, service *console.Service, mail
server.server = http.Server{
Handler: mux,
MaxHeaderBytes: ContentLengthLimit.Int(),
}
return &server
@ -393,7 +394,7 @@ func (server *Server) grapqlHandler(w http.ResponseWriter, r *http.Request) {
w.Header().Set(contentType, applicationJSON)
token := getToken(r)
query, err := getQuery(r)
query, err := getQuery(w, r)
if err != nil {
http.Error(w, err.Error(), http.StatusBadRequest)
return

19
satellite/console/consoleweb/utils.go
View File

@ -12,9 +12,13 @@ import (
"github.com/zeebo/errs"
"storj.io/storj/internal/memory"
"storj.io/storj/satellite/console/consoleweb/consoleql"
)
// ContentLengthLimit describes 4KB limit
const ContentLengthLimit = 4 * memory.KB
func init() {
err := mime.AddExtensionType(".ttf", "font/ttf")
if err != nil {
@ -49,28 +53,29 @@ func getToken(req *http.Request) string {
}
// getQuery retrieves graphql query from request
func getQuery(req *http.Request) (query graphqlJSON, err error) {
func getQuery(w http.ResponseWriter, req *http.Request) (query graphqlJSON, err error) {
switch req.Method {
case http.MethodGet:
query.Query = req.URL.Query().Get(consoleql.Query)
return query, nil
case http.MethodPost:
return queryPOST(req)
return queryPOST(w, req)
default:
return query, errs.New("wrong http request type")
}
}
// queryPOST retrieves graphql query from POST request
func queryPOST(req *http.Request) (query graphqlJSON, err error) {
func queryPOST(w http.ResponseWriter, req *http.Request) (query graphqlJSON, err error) {
limitedReader := http.MaxBytesReader(w, req.Body, ContentLengthLimit.Int64())
switch typ := req.Header.Get(contentType); typ {
case applicationGraphql:
body, err := ioutil.ReadAll(req.Body)
body, err := ioutil.ReadAll(limitedReader)
query.Query = string(body)
return query, errs.Combine(err, req.Body.Close())
return query, errs.Combine(err, limitedReader.Close())
case applicationJSON:
err := json.NewDecoder(req.Body).Decode(&query)
return query, errs.Combine(err, req.Body.Close())
err := json.NewDecoder(limitedReader).Decode(&query)
return query, errs.Combine(err, limitedReader.Close())
default:
return query, errs.New("can't parse request body of type %s", typ)
}