api: Limit request body size to 10MB

daemon/algod/api/server/router.go

@@ -51,6 +51,8 @@ const (
 	apiV1Tag = "/v1"
 	// TokenHeader is the header where we put the token.
 	TokenHeader = "X-Algo-API-Token"
+	// maxRequestBodyBytes is the maximum request body size that we allow in our APIs.
+	maxRequestBodyBytes = "10MB"
 )
 
 // wrapCtx passes a common context to each request without a global variable.
@@ -90,7 +92,9 @@ func NewRouter(logger logging.Logger, node APINodeInterface, shutdown <-chan str
 		middleware.RemoveTrailingSlash())
 	e.Use(
 		middlewares.MakeLogger(logger),
-		middlewares.MakeCORS(TokenHeader))
+		middlewares.MakeCORS(TokenHeader),
+		middleware.BodyLimit(maxRequestBodyBytes),
+	)
 
 	// Request Context
 	ctx := lib.ReqContext{Node: node, Log: logger, Shutdown: shutdown}

daemon/algod/api/server/v2/handlers.go

@@ -54,14 +54,16 @@ import (
 	"github.com/algorand/go-algorand/stateproof"
 )
 
-// max compiled teal program is currently 8k
+// MaxTealSourceBytes sets a size limit for TEAL source programs for requests
+// Max TEAL program size is currently 8k
 // but we allow for comments, spacing, and repeated consts
-// in the source teal, allow up to 200kb
-const maxTealSourceBytes = 200_000
+// in the source TEAL, so we allow up to 200KB
+const MaxTealSourceBytes = 200_000
 
+// MaxTealDryrunBytes sets a size limit for dryrun requests
 // With the ability to hold unlimited assets DryrunRequests can
-// become quite large, allow up to 1mb
-const maxTealDryrunBytes = 1_000_000
+// become quite large, so we allow up to 1MB
+const MaxTealDryrunBytes = 1_000_000
 
 // Handlers is an implementation to the V2 route handler interface defined by the generated code.
 type Handlers struct {
@@ -995,7 +997,7 @@ func (v2 *Handlers) TealDryrun(ctx echo.Context) error {
 	}
 	req := ctx.Request()
 	buf := new(bytes.Buffer)
-	req.Body = http.MaxBytesReader(nil, req.Body, maxTealDryrunBytes)
+	req.Body = http.MaxBytesReader(nil, req.Body, MaxTealDryrunBytes)
 	_, err := buf.ReadFrom(ctx.Request().Body)
 	if err != nil {
 		return badRequest(ctx, err, err.Error(), v2.Log)
@@ -1528,7 +1530,7 @@ func (v2 *Handlers) TealCompile(ctx echo.Context, params model.TealCompileParams
 	}
 
 	buf := new(bytes.Buffer)
-	ctx.Request().Body = http.MaxBytesReader(nil, ctx.Request().Body, maxTealSourceBytes)
+	ctx.Request().Body = http.MaxBytesReader(nil, ctx.Request().Body, MaxTealSourceBytes)
 	_, err = buf.ReadFrom(ctx.Request().Body)
 	if err != nil {
 		return badRequest(ctx, err, err.Error(), v2.Log)
@@ -1645,7 +1647,7 @@ func (v2 *Handlers) TealDisassemble(ctx echo.Context) error {
 		return ctx.String(http.StatusNotFound, "/teal/disassemble was not enabled in the configuration file by setting the EnableDeveloperAPI to true")
 	}
 	buf := new(bytes.Buffer)
-	ctx.Request().Body = http.MaxBytesReader(nil, ctx.Request().Body, maxTealSourceBytes)
+	ctx.Request().Body = http.MaxBytesReader(nil, ctx.Request().Body, MaxTealSourceBytes)
 	_, err := buf.ReadFrom(ctx.Request().Body)
 	if err != nil {
 		return badRequest(ctx, err, err.Error(), v2.Log)

daemon/algod/api/server/v2/test/handlers_test.go

@@ -25,6 +25,7 @@ import (
 	"io"
 	"net/http"
 	"net/http/httptest"
+	"strings"
 	"testing"
 	"time"
 
@@ -1263,6 +1264,11 @@ func TestTealDisassemble(t *testing.T) {
 	// Test bad program.
 	badProgram := []byte{1, 99}
 	tealDisassembleTest(t, badProgram, 400, "invalid opcode", true)
+
+	// Create a program with MaxTealSourceBytes+1 bytes
+	// This should fail inside the handler when reading the bytes from the request body.
+	largeProgram := []byte(strings.Repeat("a", v2.MaxTealSourceBytes+1))
+	tealDisassembleTest(t, largeProgram, 400, "http: request body too large", true)
 }
 
 func tealDryrunTest(
@@ -1309,6 +1315,12 @@ func tealDryrunTest(
 		messages := *response.Txns[0].AppCallMessages
 		require.GreaterOrEqual(t, len(messages), 1)
 		require.Equal(t, expResult, messages[len(messages)-1])
+	} else if rec.Code == 400 {
+		var response model.ErrorResponse
+		data := rec.Body.Bytes()
+		err = protocol.DecodeJSON(data, &response)
+		require.NoError(t, err, string(data))
+		require.Contains(t, response.Message, expResult)
 	}
 	return
 }
@@ -1374,7 +1386,7 @@ func TestTealDryrun(t *testing.T) {
 	tealDryrunTest(t, &gdr, "msgp", 404, "", false)
 
 	gdr.ProtocolVersion = "unk"
-	tealDryrunTest(t, &gdr, "json", 400, "", true)
+	tealDryrunTest(t, &gdr, "json", 400, "unsupported protocol version", true)
 	gdr.ProtocolVersion = ""
 
 	ddr := tealDryrunTest(t, &gdr, "json", 200, "PASS", true)
@@ -1387,6 +1399,10 @@ func TestTealDryrun(t *testing.T) {
 	tealDryrunTest(t, &gdr, "json", 200, "REJECT", true)
 	tealDryrunTest(t, &gdr, "msgp", 200, "REJECT", true)
 	tealDryrunTest(t, &gdr, "json", 404, "", false)
+
+	// This should fail inside the handler when reading the bytes from the request body.
+	gdr.ProtocolVersion = strings.Repeat("a", v2.MaxTealDryrunBytes+1)
+	tealDryrunTest(t, &gdr, "json", 400, "http: request body too large", true)
 }
 
 func TestAppendParticipationKeys(t *testing.T) {

test/scripts/e2e_subs/e2e-app-simulate.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 
-date '+app-simple-test start %Y%m%d_%H%M%S'
+date '+app-simulate-test start %Y%m%d_%H%M%S'
 
 set -e
 set -x
@@ -20,6 +20,16 @@ ACCOUNT=$(${gcmd} account list|awk '{ print $3 }')
 CONST_TRUE="true"
 CONST_FALSE="false"
 
+# First, try to send an extremely large "transaction" in the request body.
+# This should fail with a 413 error.
+truncate -s 11MB toolarge.tx
+RES=$(${gcmd} clerk simulate -t toolarge.tx 2>&1 || true)
+EXPERROR="simulation error: HTTP 413 Request Entity Too Large:"
+if [[ $RES != *"${EXPERROR}"* ]]; then
+    date '+app-simulate-test FAIL the simulate API should fail for request bodies exceeding 10MB %Y%m%d_%H%M%S'
+    false
+fi
+
 ##############################################
 # WE FIRST TEST TRANSACTION GROUP SIMULATION #
 ##############################################
@@ -29,7 +39,7 @@ ${gcmd} clerk send -a 10000 -f ${ACCOUNT} -t ${ACCOUNT} -o pay2.tx
 
 cat pay1.tx pay2.tx | ${gcmd} clerk group -i - -o grouped.tx
 
-# We first test transaction group simulation WITHOUT signatures
+# We test transaction group simulation WITHOUT signatures
 RES=$(${gcmd} clerk simulate -t grouped.tx)
 
 if [[ $(echo "$RES" | jq '."would-succeed"') != $CONST_FALSE ]]; then