Merge pull request #4275 from flycash/fix-4224

add MaxUploadFile to provide more safety uploading controll
2024-06-02 12:03:27 +00:00 · 2020-10-21 10:04:32 +08:00 · 2020-10-21 10:04:32 +08:00 · 03ba495b7f
commit 03ba495b7f
parent f9075e8274 d26683799a
3 changed files with 23 additions and 10 deletions
--- a/server/web/config.go
+++ b/server/web/config.go
@ -43,7 +43,11 @@ type Config struct {
 	RecoverFunc         func(*context.Context, *Config)
 	CopyRequestBody     bool
 	EnableGzip          bool
 	// MaxMemory and MaxUploadSize are used to limit the request body
 	// if the request is not uploading file, MaxMemory is the max size of request body
 	// if the request is uploading file, MaxUploadSize is the max size of request body
 	MaxMemory          int64
 	MaxUploadSize      int64
 	EnableErrorsShow   bool
 	EnableErrorsRender bool
 	Listen             Listen
@ -215,6 +219,7 @@ func newBConfig() *Config {
 		CopyRequestBody:    false,
 		EnableGzip:         false,
 		MaxMemory:          1 << 26, // 64MB
 		MaxUploadSize:      1 << 30, // 1GB
 		EnableErrorsShow:   true,
 		EnableErrorsRender: true,
 		Listen: Listen{
@ -302,7 +307,7 @@ func assignConfig(ac config.Configer) error {
 	err := ac.Unmarshaler("", BConfig)
 	if err != nil {
-		_, _ = fmt.Fprintln(os.Stderr, fmt.Sprintf("Unmarshaler config file to BConfig failed. " +
+		_, _ = fmt.Fprintln(os.Stderr, fmt.Sprintf("Unmarshaler config file to BConfig failed. "+
 			"And if you are working on v1.x config file, please ignore this, err: %s", err))
 		return err
 	}
--- a/server/web/context/input.go
+++ b/server/web/context/input.go
@ -423,8 +423,7 @@ func (input *BeegoInput) SetData(key, val interface{}) {
 // ParseFormOrMultiForm parseForm or parseMultiForm based on Content-type
 func (input *BeegoInput) ParseFormOrMultiForm(maxMemory int64) error {
 	// Parse the body depending on the content type.
-	input.Context.Request.Body = http.MaxBytesReader(input.Context.ResponseWriter, input.Context.Request.Body, maxMemory)
+	if input.IsUpload() {
 	if strings.Contains(input.Header("Content-Type"), "multipart/form-data") {
 		if err := input.Context.Request.ParseMultipartForm(maxMemory); err != nil {
 			return errors.New("Error parsing request body:" + err.Error())
 		}
--- a/server/web/router.go
+++ b/server/web/router.go
@ -710,7 +710,12 @@ func (p *ControllerRegister) serveHttp(ctx *beecontext.Context) {
 	}
 	if r.Method != http.MethodGet && r.Method != http.MethodHead {
-		if p.cfg.CopyRequestBody && !ctx.Input.IsUpload() {
+
 		if ctx.Input.IsUpload() {
 			ctx.Input.Context.Request.Body = http.MaxBytesReader(ctx.Input.Context.ResponseWriter,
 				ctx.Input.Context.Request.Body,
 				p.cfg.MaxUploadSize)
 		} else if p.cfg.CopyRequestBody {
 			// connection will close if the incoming data are larger (RFC 7231, 6.5.11)
 			if r.ContentLength > p.cfg.MaxMemory {
 				logs.Error(errors.New("payload too large"))
@ -718,6 +723,10 @@ func (p *ControllerRegister) serveHttp(ctx *beecontext.Context) {
 				goto Admin
 			}
 			ctx.Input.CopyBody(p.cfg.MaxMemory)
 		} else {
 			ctx.Input.Context.Request.Body = http.MaxBytesReader(ctx.Input.Context.ResponseWriter,
 				ctx.Input.Context.Request.Body,
 				p.cfg.MaxMemory)
 		}
 		err = ctx.Input.ParseFormOrMultiForm(p.cfg.MaxMemory)