-
Notifications
You must be signed in to change notification settings - Fork 15
/
Copy pathrequest.go
170 lines (142 loc) · 4.93 KB
/
request.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
/*
Copyright © 2024 Acronis International GmbH.
Released under MIT license.
*/
package restapi
import (
"encoding/json"
"errors"
"fmt"
"io"
"mime"
"net/http"
"strings"
"code.cloudfoundry.org/bytefmt"
)
// RequestBodyTooLargeError represents an error that occurs
// when read number of bytes (HTTP request body) exceeds the specified limit.
type RequestBodyTooLargeError struct {
MaxSizeBytes uint64
Err error
}
// Error returns a string representation of RequestBodyTooLargeError.
func (e *RequestBodyTooLargeError) Error() string {
return e.Err.Error()
}
type maxBytesReader struct {
io.ReadCloser
n uint64
}
func (r *maxBytesReader) Read(p []byte) (n int, err error) {
n, err = r.ReadCloser.Read(p)
// If request is too large now Read() method of http.maxBytesReader doesn't return specific error,
// so we have to check error message directly.
// There is an open issue regarding turning this: https://github.com/golang/go/issues/30715.
if err != nil && err.Error() == "http: request body too large" {
err = &RequestBodyTooLargeError{r.n, err}
}
return
}
// SetRequestMaxBodySize wraps request body with a reader which limit the number of bytes to read.
// RequestBodyTooLargeError will be returned when maxSizeBytes is exceeded.
func SetRequestMaxBodySize(w http.ResponseWriter, r *http.Request, maxSizeBytes uint64) {
r.Body = &maxBytesReader{ReadCloser: http.MaxBytesReader(w, r.Body, int64(maxSizeBytes)), n: maxSizeBytes}
}
// MalformedRequestError is an error that occurs in case of incorrect request.
type MalformedRequestError struct {
HTTPStatusCode int
Message string
}
// Error returns a string representation of MalformedRequestError.
func (e *MalformedRequestError) Error() string {
return e.Message
}
// NewTooLargeMalformedRequestError creates a new MalformedRequestError for case when request body is too large.
func NewTooLargeMalformedRequestError(maxSizeBytes uint64) *MalformedRequestError {
return &MalformedRequestError{
http.StatusRequestEntityTooLarge,
fmt.Sprintf("Request body must not be larger than %s.", bytefmt.ByteSize(maxSizeBytes)),
}
}
// DecodeRequestJSONStrict tries to read and validate request fields in body and decode it as JSON.
func DecodeRequestJSONStrict(r *http.Request, dst interface{}, disallowUnknownFields bool) error {
reqContentType := r.Header.Get("Content-Type")
if reqContentType != "" {
contentType, _, err := mime.ParseMediaType(reqContentType)
if err != nil {
return &MalformedRequestError{
http.StatusUnsupportedMediaType,
fmt.Sprintf("failed to parse Content-Type header for request: %s", err),
}
}
if contentType != ContentTypeAppJSON && contentType != ContentTypeAppSCIMJSON {
return &MalformedRequestError{
http.StatusUnsupportedMediaType,
fmt.Sprintf("Content-Type %q is not supported.", contentType),
}
}
}
decoder := json.NewDecoder(r.Body)
if disallowUnknownFields {
decoder.DisallowUnknownFields()
}
return decodeRequest(decoder, dst)
}
// DecodeRequestJSON tries to read request body and decode it as JSON.
func DecodeRequestJSON(r *http.Request, dst interface{}) error {
return DecodeRequestJSONStrict(r, dst, false)
}
func decodeRequest(decoder *json.Decoder, dst interface{}) error {
if err := decoder.Decode(&dst); err != nil {
var syntaxErr *json.SyntaxError
var unmarshalTypeErr *json.UnmarshalTypeError
var tooLargeErr *RequestBodyTooLargeError
switch {
case errors.Is(err, io.EOF):
return &MalformedRequestError{
http.StatusBadRequest,
"Request body must not be empty.",
}
case errors.Is(err, io.ErrUnexpectedEOF):
return &MalformedRequestError{
http.StatusBadRequest,
"Request body contains badly-formed JSON.",
}
case errors.As(err, &syntaxErr):
return &MalformedRequestError{
http.StatusBadRequest,
fmt.Sprintf("Request body contains badly-formed JSON (at position %d).", syntaxErr.Offset),
}
case errors.As(err, &unmarshalTypeErr):
if unmarshalTypeErr.Field != "" {
return &MalformedRequestError{
http.StatusBadRequest,
fmt.Sprintf("Request body contains an invalid value for the %q field (at position %d).",
unmarshalTypeErr.Field, unmarshalTypeErr.Offset),
}
}
return &MalformedRequestError{
http.StatusBadRequest,
fmt.Sprintf("Request body contains an invalid value of type %q for the field of type %s.",
unmarshalTypeErr.Value, unmarshalTypeErr.Type.String()),
}
case errors.As(err, &tooLargeErr):
return NewTooLargeMalformedRequestError(tooLargeErr.MaxSizeBytes)
case strings.HasPrefix(err.Error(), "json: unknown field"):
return &MalformedRequestError{
http.StatusBadRequest,
"Payload does not match the scheme",
}
default:
return err
}
}
// Decoder is designed to decode streams of JSON objects, but we need to prevent this behavior.
if decoder.More() {
return &MalformedRequestError{
http.StatusBadRequest,
"Request body must only contain a single JSON object.",
}
}
return nil
}