Mercurial > gemma

diff pkg/controllers/json.go @ 1685:8f5a5c86f2a9

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
JSONHandler: Limited input JSON size to 2048 bytes by default. Can be adjusted with new Limit field.
author Sascha L. Teichmann <sascha.teichmann@intevation.de>
date Sat, 29 Dec 2018 13:32:17 +0100
parents cabf4789e02b
children cdc8933949f2
line wrap: on
line diff
--- a/pkg/controllers/json.go	Thu Dec 27 23:23:36 2018 +0100
+++ b/pkg/controllers/json.go	Sat Dec 29 13:32:17 2018 +0100
@@ -31,10 +31,13 @@
 	Result interface{}
 }
 
+const JSONDefaultLimit = 2048
+
 type JSONHandler struct {
 	Input  func() interface{}
 	Handle func(interface{}, *http.Request, *sql.Conn) (JSONResult, error)
 	NoConn bool
+	Limit  int64
 }
 
 type JSONError struct {
@@ -52,7 +55,16 @@
 	if j.Input != nil {
 		input = j.Input()
 		defer req.Body.Close()
-		if err := json.NewDecoder(req.Body).Decode(input); err != nil {
+		var r io.Reader
+		switch {
+		case j.Limit == 0:
+			r = io.LimitReader(req.Body, JSONDefaultLimit)
+		case j.Limit > 0:
+			r = io.LimitReader(req.Body, j.Limit)
+		default:
+			r = req.Body
+		}
+		if err := json.NewDecoder(r).Decode(input); err != nil {
 			http.Error(rw, "error: "+err.Error(), http.StatusBadRequest)
 			return
 		}