From 0c50d109cc97ce0621e351148f7414776731aecb Mon Sep 17 00:00:00 2001 From: Shashi Ranjan Date: Mon, 1 Jun 2015 14:19:26 -0700 Subject: [PATCH] Request size limiting plugin setting default payload size 128 updated default paylod to 128 mb fixed conflict updated http response code from 400 to 413 updated test updated test updated client_max_body_size to 0 in conf file fixed test Former-commit-id: f18718d2ecc79be33154e2ffa8ddd35cbb046bb3 --- kong-0.3.0-1.rockspec | 4 ++ kong.yml | 3 +- kong/plugins/requestsizelimiting/access.lua | 24 +++++++++ kong/plugins/requestsizelimiting/handler.lua | 19 +++++++ kong/plugins/requestsizelimiting/schema.lua | 3 ++ spec/plugins/request_size_limiting_spec.lua | 54 ++++++++++++++++++++ spec/unit/statics_spec.lua | 3 +- 7 files changed, 108 insertions(+), 2 deletions(-) create mode 100644 kong/plugins/requestsizelimiting/access.lua create mode 100644 kong/plugins/requestsizelimiting/handler.lua create mode 100644 kong/plugins/requestsizelimiting/schema.lua create mode 100644 spec/plugins/request_size_limiting_spec.lua diff --git a/kong-0.3.0-1.rockspec b/kong-0.3.0-1.rockspec index 471e2ded02b4..6b59494d2b91 100644 --- a/kong-0.3.0-1.rockspec +++ b/kong-0.3.0-1.rockspec @@ -118,6 +118,10 @@ build = { ["kong.plugins.ratelimiting.handler"] = "kong/plugins/ratelimiting/handler.lua", ["kong.plugins.ratelimiting.access"] = "kong/plugins/ratelimiting/access.lua", ["kong.plugins.ratelimiting.schema"] = "kong/plugins/ratelimiting/schema.lua", + + ["kong.plugins.requestsizelimiting.handler"] = "kong/plugins/requestsizelimiting/handler.lua", + ["kong.plugins.requestsizelimiting.access"] = "kong/plugins/requestsizelimiting/access.lua", + ["kong.plugins.requestsizelimiting.schema"] = "kong/plugins/requestsizelimiting/schema.lua", ["kong.plugins.request_transformer.handler"] = "kong/plugins/request_transformer/handler.lua", ["kong.plugins.request_transformer.access"] = "kong/plugins/request_transformer/access.lua", diff --git a/kong.yml b/kong.yml index 7c229db3ee9f..c36e03a02f07 100644 --- a/kong.yml +++ b/kong.yml @@ -10,6 +10,7 @@ plugins_available: - httplog - cors - request_transformer + - requestsizelimiting ## The Kong working directory ## (Make sure you have read and write permissions) @@ -90,7 +91,7 @@ nginx: | real_ip_recursive on; # Other Settings - client_max_body_size 128m; + client_max_body_size 0; underscores_in_headers on; reset_timedout_connection on; tcp_nopush on; diff --git a/kong/plugins/requestsizelimiting/access.lua b/kong/plugins/requestsizelimiting/access.lua new file mode 100644 index 000000000000..1bb8711e080b --- /dev/null +++ b/kong/plugins/requestsizelimiting/access.lua @@ -0,0 +1,24 @@ +local stringy = require "stringy" +local response = require "kong.tools.responses" + +local _M = {} + + +-- Request size limiting, rejects request if payload size is greater than allowed size +-- +-- All methods must respect: +-- @param `conf` Configuration table +-- @return `response` contains response code and error message +function _M.execute(conf) + local headers = ngx.req.get_headers() + local allowed_bytes_size = conf.allowed_payload_size * 100000 + if tonumber(headers["content-length"]) > allowed_bytes_size then + if headers.expect and stringy.strip(headers.expect:lower()) == "100-continue" then + return response.send(417, "Request size limit exceeded") + else + return response.send(413, "Request size limit exceeded") + end + end +end + +return _M diff --git a/kong/plugins/requestsizelimiting/handler.lua b/kong/plugins/requestsizelimiting/handler.lua new file mode 100644 index 000000000000..dffd066b70cb --- /dev/null +++ b/kong/plugins/requestsizelimiting/handler.lua @@ -0,0 +1,19 @@ +-- Copyright (C) Mashape, Inc. + +local BasePlugin = require "kong.plugins.base_plugin" +local access = require "kong.plugins.requestsizelimiting.access" + +local RequestSizeLimitingHandler = BasePlugin:extend() + +function RequestSizeLimitingHandler:new() + RequestSizeLimitingHandler.super.new(self, "requestsizelimiting") +end + +function RequestSizeLimitingHandler:access(conf) + RequestSizeLimitingHandler.super.access(self) + access.execute(conf) +end + +RequestSizeLimitingHandler.PRIORITY = 950 + +return RequestSizeLimitingHandler diff --git a/kong/plugins/requestsizelimiting/schema.lua b/kong/plugins/requestsizelimiting/schema.lua new file mode 100644 index 000000000000..e3370087de84 --- /dev/null +++ b/kong/plugins/requestsizelimiting/schema.lua @@ -0,0 +1,3 @@ +return { + allowed_payload_size = { default = 128, type = "number" } +} diff --git a/spec/plugins/request_size_limiting_spec.lua b/spec/plugins/request_size_limiting_spec.lua new file mode 100644 index 000000000000..5a71928bfee0 --- /dev/null +++ b/spec/plugins/request_size_limiting_spec.lua @@ -0,0 +1,54 @@ +local spec_helper = require "spec.spec_helpers" +local http_client = require "kong.tools.http_client" + +local STUB_POST_URL = spec_helper.STUB_POST_URL + +describe("RequestSizeLimiting Plugin", function() + + setup(function() + spec_helper.prepare_db() + spec_helper.insert_fixtures { + api = { + { name = "tests requestsizelimiting 1", public_dns = "test3.com", target_url = "http://mockbin.com/request" } + }, + plugin_configuration = { + { name = "requestsizelimiting", value = {allowed_payload_size = 10}, __api = 1 } + } + } + + spec_helper.start_kong() + end) + + teardown(function() + spec_helper.stop_kong() + end) + + describe("With request size less than allowed limit", function() + it("should be allowed", function() + local response, status = http_client.post(STUB_POST_URL, {key = "This is a test string"}, { host = "test3.com", ['Content-Length'] = "24", Expect = "100-continue", ['Content-Type'] = "application/x-www-form-urlencoded" } ) + assert.are.equal(200, status) + end) + end) + + describe("With request size greater than allowed limit", function() + it("should get blocked", function() + local response, status = http_client.post(STUB_POST_URL, {key = "This is a long test string"}, { host = "test3.com", ['Content-Length'] = "12000000", Expect = "100-continue", ['Content-Type'] = "application/x-www-form-urlencoded" } ) + assert.are.equal(417, status) + end) + end) + + describe("With request size greater than allowed limit but no expect header", function() + it("should get blocked", function() + local response, status = http_client.post(STUB_POST_URL, {key = "This is a long test string"}, { host = "test3.com", ['Content-Length'] = "12000000", ['Content-Type'] = "application/x-www-form-urlencoded" } ) + assert.are.equal(413, status) + end) + end) + + describe("With request size less than allowed limit but no expect header", function() + it("should be allowed", function() + local response, status = http_client.post(STUB_POST_URL, {key = "This is a test string"}, { host = "test3.com", ['Content-Length'] = "24", ['Content-Type'] = "application/x-www-form-urlencoded" } ) + assert.are.equal(200, status) + end) + end) + +end) diff --git a/spec/unit/statics_spec.lua b/spec/unit/statics_spec.lua index c26c61d14c0e..ca4bc21a9786 100644 --- a/spec/unit/statics_spec.lua +++ b/spec/unit/statics_spec.lua @@ -50,6 +50,7 @@ plugins_available: - httplog - cors - request_transformer + - requestsizelimiting ## The Kong working directory ## (Make sure you have read and write permissions) @@ -130,7 +131,7 @@ nginx: | real_ip_recursive on; # Other Settings - client_max_body_size 128m; + client_max_body_size 0; underscores_in_headers on; reset_timedout_connection on; tcp_nopush on;