Request size limiting plugin

setting default payload size 128

updated default paylod to 128 mb

fixed conflict

updated http response code from 400 to 413

updated test

updated test

updated client_max_body_size to 0 in conf file

kong-0.3.0-1.rockspec

@@ -118,6 +118,10 @@ build = {
     ["kong.plugins.ratelimiting.handler"] = "kong/plugins/ratelimiting/handler.lua",
     ["kong.plugins.ratelimiting.access"] = "kong/plugins/ratelimiting/access.lua",
     ["kong.plugins.ratelimiting.schema"] = "kong/plugins/ratelimiting/schema.lua",
+
+    ["kong.plugins.requestsizelimiting.handler"] = "kong/plugins/requestsizelimiting/handler.lua",
+    ["kong.plugins.requestsizelimiting.access"] = "kong/plugins/requestsizelimiting/access.lua",
+    ["kong.plugins.requestsizelimiting.schema"] = "kong/plugins/requestsizelimiting/schema.lua",
 
     ["kong.plugins.request_transformer.handler"] = "kong/plugins/request_transformer/handler.lua",
     ["kong.plugins.request_transformer.access"] = "kong/plugins/request_transformer/access.lua",

kong.yml

@@ -10,6 +10,7 @@ plugins_available:
   - httplog
   - cors
   - request_transformer
+  - requestsizelimiting
 
 ## The Kong working directory
 ## (Make sure you have read and write permissions)
@@ -90,7 +91,7 @@ nginx: |
     real_ip_recursive on;
 
     # Other Settings
-    client_max_body_size 128m;
+    client_max_body_size 0;
     underscores_in_headers on;
     reset_timedout_connection on;
     tcp_nopush on;

kong/plugins/requestsizelimiting/access.lua

@@ -0,0 +1,24 @@
+local stringy = require "stringy"
+local response = require "kong.tools.responses"
+
+local _M = {}
+
+
+-- Request size limiting, rejects request if payload size is greater than allowed size
+--
+-- All methods must respect:
+-- @param `conf` Configuration table
+-- @return `response` contains response code and error message
+function _M.execute(conf)
+  local headers = ngx.req.get_headers()
+  local allowed_bytes_size = conf.allowed_payload_size * 100000
+  if tonumber(headers["content-length"]) > allowed_bytes_size then
+    if headers.expect and stringy.strip(headers.expect:lower()) == "100-continue" then
+      return response.send(417, "Request size limit exceeded")
+    else
+      return response.send(413, "Request size limit exceeded")
+    end
+  end
+end
+
+return _M

kong/plugins/requestsizelimiting/handler.lua

@@ -0,0 +1,19 @@
+-- Copyright (C) Mashape, Inc.
+
+local BasePlugin = require "kong.plugins.base_plugin"
+local access = require "kong.plugins.requestsizelimiting.access"
+
+local RequestSizeLimitingHandler = BasePlugin:extend()
+
+function RequestSizeLimitingHandler:new()
+  RequestSizeLimitingHandler.super.new(self, "requestsizelimiting")
+end
+
+function RequestSizeLimitingHandler:access(conf)
+  RequestSizeLimitingHandler.super.access(self)
+  access.execute(conf)
+end
+
+RequestSizeLimitingHandler.PRIORITY = 950
+
+return RequestSizeLimitingHandler

kong/plugins/requestsizelimiting/schema.lua

@@ -0,0 +1,3 @@
+return {
+  allowed_payload_size = { default = 128, type = "number" }
+}

spec/plugins/request_size_limiting_spec.lua

@@ -0,0 +1,54 @@
+local spec_helper = require "spec.spec_helpers"
+local http_client = require "kong.tools.http_client"
+
+local STUB_POST_URL = spec_helper.STUB_POST_URL
+
+describe("RequestSizeLimiting Plugin", function()
+
+  setup(function()
+    spec_helper.prepare_db()
+    spec_helper.insert_fixtures {
+      api = {
+        { name = "tests requestsizelimiting 1", public_dns = "test3.com", target_url = "http://mockbin.com/request" }
+      },
+      plugin_configuration = {
+        { name = "requestsizelimiting", value = {allowed_payload_size = 10}, __api = 1 }
+      }
+    }
+
+    spec_helper.start_kong()
+  end)
+
+  teardown(function()
+    spec_helper.stop_kong()
+  end)
+
+  describe("With request size less than allowed limit", function()
+    it("should be allowed", function()
+      local response, status = http_client.post(STUB_POST_URL, {key = "This is a test string"}, { host = "test3.com", ['Content-Length'] = "24", Expect = "100-continue", ['Content-Type'] = "application/x-www-form-urlencoded" } )
+      assert.are.equal(200, status)
+    end)
+  end)
+
+  describe("With request size greater than allowed limit", function()
+    it("should get blocked", function()
+      local response, status = http_client.post(STUB_POST_URL, {key = "This is a long test string"}, { host = "test3.com", ['Content-Length'] = "12000000", Expect = "100-continue", ['Content-Type'] = "application/x-www-form-urlencoded" } )
+      assert.are.equal(417, status)
+    end)
+  end)
+
+  describe("With request size greater than allowed limit but no expect header", function()
+    it("should get blocked", function()
+      local response, status = http_client.post(STUB_POST_URL, {key = "This is a long test string"}, { host = "test3.com", ['Content-Length'] = "12000000", ['Content-Type'] = "application/x-www-form-urlencoded" } )
+      assert.are.equal(413, status)
+    end)
+  end)
+
+  describe("With request size less than allowed limit but no expect header", function()
+    it("should be allowed", function()
+      local response, status = http_client.post(STUB_POST_URL, {key = "This is a test string"}, { host = "test3.com", ['Content-Length'] = "24", ['Content-Type'] = "application/x-www-form-urlencoded" } )
+      assert.are.equal(200, status)
+    end)
+  end)
+
+end)

spec/unit/statics_spec.lua

@@ -50,6 +50,7 @@ plugins_available:
   - httplog
   - cors
   - request_transformer
+  - requestsizelimiting
 
 ## The Kong working directory
 ## (Make sure you have read and write permissions)
@@ -130,7 +131,7 @@ nginx: |
     real_ip_recursive on;
 
     # Other Settings
-    client_max_body_size 128m;
+    client_max_body_size 0m;
     underscores_in_headers on;
     reset_timedout_connection on;
     tcp_nopush on;