Add request body limit

author: Chocobozzz <me@florianbigard.com> 2019-02-21 17:19:16 +0100
committer: Chocobozzz <me@florianbigard.com> 2019-02-21 17:19:16 +0100
commit: bfe2ef6bfae03444a232883fc7c449206cf3bee4 (patch)
tree: d1ee39e1700f6918c2799c5537da771bda468890 /server/helpers
parent: 539d3f4faa1c1d2dbc68bb3ac0ba3549252e0f2a (diff)
download: PeerTube-bfe2ef6bfae03444a232883fc7c449206cf3bee4.tar.gz
PeerTube-bfe2ef6bfae03444a232883fc7c449206cf3bee4.tar.zst
PeerTube-bfe2ef6bfae03444a232883fc7c449206cf3bee4.zip
1 files changed, 37 insertions, 4 deletions
diff --git a/server/helpers/requests.ts b/server/helpers/requests.ts
index 5c6dc5e19..3762e4d3c 100644
--- a/server/helpers/requests.ts
+++ b/server/helpers/requests.ts
@@ -1,12 +1,14 @@
 import * as Bluebird from 'bluebird'
-import { createWriteStream } from 'fs-extra'
+import { createWriteStream, remove } from 'fs-extra'
 import * as request from 'request'
 import { ACTIVITY_PUB, CONFIG } from '../initializers'
 import { processImage } from './image-utils'
 import { join } from 'path'
+import { logger } from './logger'
 function doRequest <T> (
-  requestOptions: request.CoreOptions & request.UriOptions & { activityPub?: boolean }
+  requestOptions: request.CoreOptions & request.UriOptions & { activityPub?: boolean },
+  bodyKBLimit = 1000 // 1MB
 ): Bluebird<{ response: request.RequestResponse, body: T }> {
  if (requestOptions.activityPub === true) {
    if (!Array.isArray(requestOptions.headers)) requestOptions.headers = {}
@@ -15,16 +17,29 @@ function doRequest <T> (
  return new Bluebird<{ response: request.RequestResponse, body: T }>((res, rej) => {
    request(requestOptions, (err, response, body) => err ? rej(err) : res({ response, body }))
+      .on('data', onRequestDataLengthCheck(bodyKBLimit))
  })
 }
-function doRequestAndSaveToFile (requestOptions: request.CoreOptions & request.UriOptions, destPath: string) {
+function doRequestAndSaveToFile (
+  requestOptions: request.CoreOptions & request.UriOptions,
+  destPath: string,
+  bodyKBLimit = 10000 // 10MB
+) {
  return new Bluebird<void>((res, rej) => {
    const file = createWriteStream(destPath)
    file.on('finish', () => res())
    request(requestOptions)
-      .on('error', err => rej(err))
+      .on('data', onRequestDataLengthCheck(bodyKBLimit))
+      .on('error', err => {
+        file.close()
+        remove(destPath)
+          .catch(err => logger.error('Cannot remove %s after request failure.', destPath, { err }))
+        return rej(err)
+      })
      .pipe(file)
  })
 }
@@ -44,3 +59,21 @@ export {
  doRequestAndSaveToFile,
  downloadImage
 }
+// ---------------------------------------------------------------------------
+// Thanks to https://github.com/request/request/issues/2470#issuecomment-268929907 <3
+function onRequestDataLengthCheck (bodyKBLimit: number) {
+  let bufferLength = 0
+  const bytesLimit = bodyKBLimit * 1000
+  return function (chunk) {
+    bufferLength += chunk.length
+    if (bufferLength > bytesLimit) {
+      this.abort()
+      const error = new Error(`Response was too large - aborted after ${bytesLimit} bytes.`)
+      this.emit('error', error)
+    }
+  }
+}
author	Chocobozzz <me@florianbigard.com>	2019-02-21 17:19:16 +0100
committer	Chocobozzz <me@florianbigard.com>	2019-02-21 17:19:16 +0100
commit	bfe2ef6bfae03444a232883fc7c449206cf3bee4 (patch)
tree	d1ee39e1700f6918c2799c5537da771bda468890 /server/helpers
parent	539d3f4faa1c1d2dbc68bb3ac0ba3549252e0f2a (diff)
download	PeerTube-bfe2ef6bfae03444a232883fc7c449206cf3bee4.tar.gz PeerTube-bfe2ef6bfae03444a232883fc7c449206cf3bee4.tar.zst PeerTube-bfe2ef6bfae03444a232883fc7c449206cf3bee4.zip

diff --git a/server/helpers/requests.ts b/server/helpers/requests.ts index 5c6dc5e19..3762e4d3c 100644 --- a/server/helpers/requests.ts +++ b/server/helpers/requests.ts
@@ -1,12 +1,14 @@
1	import * as Bluebird from 'bluebird'	1	import * as Bluebird from 'bluebird'
2	import { createWriteStream } from 'fs-extra'	2	import { createWriteStream, remove } from 'fs-extra'
3	import * as request from 'request'	3	import * as request from 'request'
4	import { ACTIVITY_PUB, CONFIG } from '../initializers'	4	import { ACTIVITY_PUB, CONFIG } from '../initializers'
5	import { processImage } from './image-utils'	5	import { processImage } from './image-utils'
6	import { join } from 'path'	6	import { join } from 'path'
		7	import { logger } from './logger'
7		8
8	function doRequest <T> (	9	function doRequest <T> (
9	requestOptions: request.CoreOptions & request.UriOptions & { activityPub?: boolean }	10	requestOptions: request.CoreOptions & request.UriOptions & { activityPub?: boolean },
		11	bodyKBLimit = 1000 // 1MB
10	): Bluebird<{ response: request.RequestResponse, body: T }> {	12	): Bluebird<{ response: request.RequestResponse, body: T }> {
11	if (requestOptions.activityPub === true) {	13	if (requestOptions.activityPub === true) {
12	if (!Array.isArray(requestOptions.headers)) requestOptions.headers = {}	14	if (!Array.isArray(requestOptions.headers)) requestOptions.headers = {}
@@ -15,16 +17,29 @@ function doRequest <T> (
15		17
16	return new Bluebird<{ response: request.RequestResponse, body: T }>((res, rej) => {	18	return new Bluebird<{ response: request.RequestResponse, body: T }>((res, rej) => {
17	request(requestOptions, (err, response, body) => err ? rej(err) : res({ response, body }))	19	request(requestOptions, (err, response, body) => err ? rej(err) : res({ response, body }))
		20	.on('data', onRequestDataLengthCheck(bodyKBLimit))
18	})	21	})
19	}	22	}
20		23
21	function doRequestAndSaveToFile (requestOptions: request.CoreOptions & request.UriOptions, destPath: string) {	24	function doRequestAndSaveToFile (
		25	requestOptions: request.CoreOptions & request.UriOptions,
		26	destPath: string,
		27	bodyKBLimit = 10000 // 10MB
		28	) {
22	return new Bluebird<void>((res, rej) => {	29	return new Bluebird<void>((res, rej) => {
23	const file = createWriteStream(destPath)	30	const file = createWriteStream(destPath)
24	file.on('finish', () => res())	31	file.on('finish', () => res())
25		32
26	request(requestOptions)	33	request(requestOptions)
27	.on('error', err => rej(err))	34	.on('data', onRequestDataLengthCheck(bodyKBLimit))
		35	.on('error', err => {
		36	file.close()
		37
		38	remove(destPath)
		39	.catch(err => logger.error('Cannot remove %s after request failure.', destPath, { err }))
		40
		41	return rej(err)
		42	})
28	.pipe(file)	43	.pipe(file)
29	})	44	})
30	}	45	}
@@ -44,3 +59,21 @@ export {
44	doRequestAndSaveToFile,	59	doRequestAndSaveToFile,
45	downloadImage	60	downloadImage
46	}	61	}
		62
		63	// ---------------------------------------------------------------------------
		64
		65	// Thanks to https://github.com/request/request/issues/2470#issuecomment-268929907 <3
		66	function onRequestDataLengthCheck (bodyKBLimit: number) {
		67	let bufferLength = 0
		68	const bytesLimit = bodyKBLimit * 1000
		69
		70	return function (chunk) {
		71	bufferLength += chunk.length
		72	if (bufferLength > bytesLimit) {
		73	this.abort()
		74
		75	const error = new Error(`Response was too large - aborted after ${bytesLimit} bytes.`)
		76	this.emit('error', error)
		77	}
		78	}
		79	}