diff --git a/app/proxy/proxy.go b/app/proxy/proxy.go index c38e2a8..999c7f7 100644 --- a/app/proxy/proxy.go +++ b/app/proxy/proxy.go @@ -228,7 +228,7 @@ func (h *Http) proxyHandler() http.HandlerFunc { h.Reporter.Report(w, http.StatusInternalServerError) return } - fs, err := R.FileServer(ae[0], ae[1], nil) + fs, err := R.FileServer(ae[0], ae[1]) if err != nil { h.Reporter.Report(w, http.StatusInternalServerError) return @@ -242,7 +242,7 @@ func (h *Http) assetsHandler() http.HandlerFunc { if h.AssetsLocation == "" || h.AssetsWebRoot == "" { return func(writer http.ResponseWriter, request *http.Request) {} } - fs, err := R.FileServer(h.AssetsWebRoot, h.AssetsLocation, nil) + fs, err := R.FileServer(h.AssetsWebRoot, h.AssetsLocation) if err != nil { log.Printf("[WARN] can't initialize assets server, %v", err) return func(writer http.ResponseWriter, request *http.Request) {} @@ -343,7 +343,27 @@ func (h *Http) maxReqSizeHandler(maxSize int64) func(next http.Handler) http.Han }) } } - return R.SizeLimit(maxSize) + + return func(next http.Handler) http.Handler { + + fn := func(w http.ResponseWriter, r *http.Request) { + + // check ContentLength + if r.ContentLength > maxSize { + w.WriteHeader(http.StatusRequestEntityTooLarge) + return + } + + r.Body = http.MaxBytesReader(w, r.Body, maxSize) + if err := r.ParseForm(); err != nil { + http.Error(w, "Request Entity Too Large", http.StatusRequestEntityTooLarge) + return + } + next.ServeHTTP(w, r) + } + return http.HandlerFunc(fn) + } + } func (h *Http) makeHTTPServer(addr string, router http.Handler) *http.Server { diff --git a/go.mod b/go.mod index 03b8cd0..abf02a9 100644 --- a/go.mod +++ b/go.mod @@ -4,7 +4,7 @@ go 1.16 require ( github.com/go-pkgz/lgr v0.10.4 - github.com/go-pkgz/rest v1.9.3-0.20210514184429-77a1bddb51db + github.com/go-pkgz/rest v1.9.2 github.com/gorilla/handlers v1.5.1 github.com/prometheus/client_golang v1.10.0 github.com/stretchr/testify v1.7.0 diff --git a/vendor/github.com/go-pkgz/rest/.golangci.yml b/vendor/github.com/go-pkgz/rest/.golangci.yml index 4cd6d42..831557a 100644 --- a/vendor/github.com/go-pkgz/rest/.golangci.yml +++ b/vendor/github.com/go-pkgz/rest/.golangci.yml @@ -44,7 +44,7 @@ linters: - varcheck - stylecheck - gochecknoinits - - exportloopref + - scopelint - gocritic - nakedret - gosimple diff --git a/vendor/github.com/go-pkgz/rest/file_server.go b/vendor/github.com/go-pkgz/rest/file_server.go index 3edf7e3..8c981a0 100644 --- a/vendor/github.com/go-pkgz/rest/file_server.go +++ b/vendor/github.com/go-pkgz/rest/file_server.go @@ -2,8 +2,6 @@ package rest import ( "fmt" - "io" - "io/ioutil" "net/http" "os" "path/filepath" @@ -14,8 +12,7 @@ import ( // prevents directory listing. // - public defines base path of the url, i.e. for http://example.com/static/* it should be /static // - local for the local path to the root of the served directory -// - notFound is the reader for the custom 404 html, can be nil for default -func FileServer(public, local string, notFound io.Reader) (http.Handler, error) { +func FileServer(public, local string) (http.Handler, error) { root, err := filepath.Abs(local) if err != nil { @@ -25,8 +22,7 @@ func FileServer(public, local string, notFound io.Reader) (http.Handler, error) return nil, fmt.Errorf("local path %s doesn't exist: %w", root, err) } - fs := http.StripPrefix(public, http.FileServer(noDirListingFS{http.Dir(root)})) - return custom404Handler(fs, notFound) + return http.StripPrefix(public, http.FileServer(noDirListingFS{http.Dir(root)})), nil } type noDirListingFS struct{ fs http.FileSystem } @@ -51,38 +47,3 @@ func (fs noDirListingFS) Open(name string) (http.File, error) { } return f, nil } - -// respWriter404 intercept Write to provide custom 404 response -type respWriter404 struct { - http.ResponseWriter - status int - msg []byte -} - -func (w *respWriter404) WriteHeader(status int) { - w.status = status - w.ResponseWriter.WriteHeader(status) -} - -func (w *respWriter404) Write(p []byte) (n int, err error) { - if w.status != http.StatusNotFound || w.msg == nil { - return w.ResponseWriter.Write(p) - } - _, err = w.ResponseWriter.Write(w.msg) - return len(p), err -} - -func custom404Handler(next http.Handler, notFound io.Reader) (http.Handler, error) { - if notFound == nil { - return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { next.ServeHTTP(w, r) }), nil - } - - body, err := ioutil.ReadAll(notFound) - if err != nil { - return nil, err - } - - return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - next.ServeHTTP(&respWriter404{ResponseWriter: w, msg: body}, r) - }), nil -} diff --git a/vendor/github.com/go-pkgz/rest/sizelimit.go b/vendor/github.com/go-pkgz/rest/sizelimit.go index 6770e88..1b6be67 100644 --- a/vendor/github.com/go-pkgz/rest/sizelimit.go +++ b/vendor/github.com/go-pkgz/rest/sizelimit.go @@ -26,8 +26,6 @@ func SizeLimit(size int64) func(http.Handler) http.Handler { w.WriteHeader(http.StatusServiceUnavailable) return } - _ = r.Body.Close() // the original body already consumed - if int64(len(content)) > size { w.WriteHeader(http.StatusRequestEntityTooLarge) return diff --git a/vendor/modules.txt b/vendor/modules.txt index 2b360e2..bbdd242 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -9,7 +9,7 @@ github.com/felixge/httpsnoop # github.com/go-pkgz/lgr v0.10.4 ## explicit github.com/go-pkgz/lgr -# github.com/go-pkgz/rest v1.9.3-0.20210514184429-77a1bddb51db +# github.com/go-pkgz/rest v1.9.2 ## explicit github.com/go-pkgz/rest github.com/go-pkgz/rest/logger