forked from quarkusio/quarkus
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add the ability to configure the maximum form attribute size
Vert.x defaults to 2K and prior to this PR we didn't have a way to configure it. When the a form attribute is too large in multipart request, return HTTP 413. Fixes: quarkusio#16422
- Loading branch information
Showing
8 changed files
with
414 additions
and
7 deletions.
There are no files selected for viewing
43 changes: 43 additions & 0 deletions
43
...c/test/java/io/quarkus/resteasy/reactive/server/test/multipart/AbstractMultipartTest.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
package io.quarkus.resteasy.reactive.server.test.multipart; | ||
|
||
import static org.awaitility.Awaitility.await; | ||
|
||
import java.io.File; | ||
import java.nio.file.Path; | ||
import java.time.Duration; | ||
import java.util.concurrent.Callable; | ||
import java.util.concurrent.TimeUnit; | ||
|
||
abstract class AbstractMultipartTest { | ||
|
||
protected boolean isDirectoryEmpty(Path uploadDir) { | ||
File[] files = uploadDir.toFile().listFiles(); | ||
if (files == null) { | ||
return true; | ||
} | ||
return files.length == 0; | ||
} | ||
|
||
protected void clearDirectory(Path uploadDir) { | ||
File[] files = uploadDir.toFile().listFiles(); | ||
if (files == null) { | ||
return; | ||
} | ||
for (File file : files) { | ||
if (!file.isDirectory()) { | ||
file.delete(); | ||
} | ||
} | ||
} | ||
|
||
protected void awaitUploadDirectoryToEmpty(Path uploadDir) { | ||
await().atMost(10, TimeUnit.SECONDS) | ||
.pollInterval(Duration.ofSeconds(1)) | ||
.until(new Callable<Boolean>() { | ||
@Override | ||
public Boolean call() { | ||
return isDirectoryEmpty(uploadDir); | ||
} | ||
}); | ||
} | ||
} |
89 changes: 89 additions & 0 deletions
89
.../reactive/server/test/multipart/LargerThanDefaultFormAttributeMultipartFormInputTest.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,89 @@ | ||
package io.quarkus.resteasy.reactive.server.test.multipart; | ||
|
||
import static io.restassured.RestAssured.given; | ||
import static org.hamcrest.Matchers.equalTo; | ||
|
||
import java.io.File; | ||
import java.io.IOException; | ||
import java.nio.charset.StandardCharsets; | ||
import java.nio.file.Files; | ||
import java.util.function.Supplier; | ||
|
||
import javax.ws.rs.Consumes; | ||
import javax.ws.rs.FormParam; | ||
import javax.ws.rs.POST; | ||
import javax.ws.rs.Path; | ||
import javax.ws.rs.Produces; | ||
import javax.ws.rs.core.MediaType; | ||
|
||
import org.jboss.resteasy.reactive.MultipartForm; | ||
import org.jboss.resteasy.reactive.PartType; | ||
import org.jboss.shrinkwrap.api.ShrinkWrap; | ||
import org.jboss.shrinkwrap.api.asset.StringAsset; | ||
import org.jboss.shrinkwrap.api.spec.JavaArchive; | ||
import org.junit.jupiter.api.Assertions; | ||
import org.junit.jupiter.api.Test; | ||
import org.junit.jupiter.api.extension.RegisterExtension; | ||
|
||
import io.quarkus.test.QuarkusUnitTest; | ||
import io.restassured.http.ContentType; | ||
import io.vertx.core.http.HttpServerOptions; | ||
|
||
public class LargerThanDefaultFormAttributeMultipartFormInputTest { | ||
|
||
@RegisterExtension | ||
static QuarkusUnitTest test = new QuarkusUnitTest() | ||
.setArchiveProducer(new Supplier<JavaArchive>() { | ||
@Override | ||
public JavaArchive get() { | ||
return ShrinkWrap.create(JavaArchive.class) | ||
.addClasses(Resource.class, Data.class) | ||
.addAsResource(new StringAsset( | ||
"quarkus.http.limits.max-form-attribute-size=4K"), | ||
"application.properties"); | ||
} | ||
}); | ||
|
||
private final File FILE = new File("./src/test/resources/larger-than-default-form-attribute.txt"); | ||
|
||
@Test | ||
public void test() throws IOException { | ||
String fileContents = new String(Files.readAllBytes(FILE.toPath()), StandardCharsets.UTF_8); | ||
Assertions.assertTrue(fileContents.length() > HttpServerOptions.DEFAULT_MAX_FORM_ATTRIBUTE_SIZE); | ||
given() | ||
.multiPart("text", fileContents) | ||
.accept("text/plain") | ||
.when() | ||
.post("/test") | ||
.then() | ||
.statusCode(200) | ||
.contentType(ContentType.TEXT) | ||
.body(equalTo(fileContents)); | ||
} | ||
|
||
@Path("/test") | ||
public static class Resource { | ||
|
||
@POST | ||
@Consumes(MediaType.MULTIPART_FORM_DATA) | ||
@Produces(MediaType.TEXT_PLAIN) | ||
public String hello(@MultipartForm Data data) { | ||
return data.getText(); | ||
} | ||
} | ||
|
||
public static class Data { | ||
@FormParam("text") | ||
@PartType("text/plain") | ||
private String text; | ||
|
||
public String getText() { | ||
return text; | ||
} | ||
|
||
public void setText(String text) { | ||
this.text = text; | ||
} | ||
} | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
103 changes: 103 additions & 0 deletions
103
.../resteasy/reactive/server/test/multipart/TooLargeFormAttributeMultipartFormInputTest.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,103 @@ | ||
package io.quarkus.resteasy.reactive.server.test.multipart; | ||
|
||
import static io.restassured.RestAssured.given; | ||
|
||
import java.io.File; | ||
import java.io.IOException; | ||
import java.nio.charset.StandardCharsets; | ||
import java.nio.file.Files; | ||
import java.nio.file.Paths; | ||
import java.util.function.Supplier; | ||
|
||
import javax.ws.rs.Consumes; | ||
import javax.ws.rs.POST; | ||
import javax.ws.rs.Path; | ||
import javax.ws.rs.Produces; | ||
import javax.ws.rs.core.MediaType; | ||
|
||
import org.jboss.resteasy.reactive.MultipartForm; | ||
import org.jboss.shrinkwrap.api.ShrinkWrap; | ||
import org.jboss.shrinkwrap.api.asset.StringAsset; | ||
import org.jboss.shrinkwrap.api.spec.JavaArchive; | ||
import org.junit.jupiter.api.AfterEach; | ||
import org.junit.jupiter.api.Assertions; | ||
import org.junit.jupiter.api.BeforeEach; | ||
import org.junit.jupiter.api.Test; | ||
import org.junit.jupiter.api.extension.RegisterExtension; | ||
|
||
import io.quarkus.resteasy.reactive.server.test.multipart.other.OtherPackageFormDataBase; | ||
import io.quarkus.test.QuarkusUnitTest; | ||
import io.vertx.core.http.HttpServerOptions; | ||
|
||
public class TooLargeFormAttributeMultipartFormInputTest extends AbstractMultipartTest { | ||
|
||
private static final java.nio.file.Path uploadDir = Paths.get("file-uploads"); | ||
|
||
@RegisterExtension | ||
static QuarkusUnitTest test = new QuarkusUnitTest() | ||
.setArchiveProducer(new Supplier<JavaArchive>() { | ||
@Override | ||
public JavaArchive get() { | ||
return ShrinkWrap.create(JavaArchive.class) | ||
.addClasses(Resource.class, Status.class, FormDataBase.class, OtherPackageFormDataBase.class, | ||
FormData.class) | ||
.addAsResource(new StringAsset( | ||
// keep the files around so we can assert the outcome | ||
"quarkus.http.body.delete-uploaded-files-on-end=false\nquarkus.http.body.uploads-directory=" | ||
+ uploadDir.toString() + "\n"), | ||
"application.properties"); | ||
} | ||
}); | ||
|
||
private final File FORM_ATTR_SOURCE_FILE = new File("./src/test/resources/larger-than-default-form-attribute.txt"); | ||
private final File HTML_FILE = new File("./src/test/resources/test.html"); | ||
private final File XML_FILE = new File("./src/test/resources/test.html"); | ||
private final File TXT_FILE = new File("./src/test/resources/lorem.txt"); | ||
|
||
@BeforeEach | ||
public void assertEmptyUploads() { | ||
Assertions.assertTrue(isDirectoryEmpty(uploadDir)); | ||
} | ||
|
||
@AfterEach | ||
public void clearDirectory() { | ||
clearDirectory(uploadDir); | ||
} | ||
|
||
@Test | ||
public void test() throws IOException { | ||
String formAttrSourceFileContents = new String(Files.readAllBytes(FORM_ATTR_SOURCE_FILE.toPath()), | ||
StandardCharsets.UTF_8); | ||
Assertions.assertTrue(formAttrSourceFileContents.length() > HttpServerOptions.DEFAULT_MAX_FORM_ATTRIBUTE_SIZE); | ||
given() | ||
.multiPart("active", "true") | ||
.multiPart("num", "25") | ||
.multiPart("status", "WORKING") | ||
.multiPart("htmlFile", HTML_FILE, "text/html") | ||
.multiPart("xmlFile", XML_FILE, "text/xml") | ||
.multiPart("txtFile", TXT_FILE, "text/plain") | ||
.multiPart("name", formAttrSourceFileContents) | ||
.accept("text/plain") | ||
.when() | ||
.post("/test") | ||
.then() | ||
.statusCode(413); | ||
|
||
// ensure that no files where created on disk | ||
// as RESTEasy Reactive doesn't wait for the files to be deleted before returning the HTTP response, | ||
// we need to wait in the test | ||
awaitUploadDirectoryToEmpty(uploadDir); | ||
} | ||
|
||
@Path("/test") | ||
public static class Resource { | ||
|
||
@POST | ||
@Consumes(MediaType.MULTIPART_FORM_DATA) | ||
@Produces(MediaType.TEXT_PLAIN) | ||
public String hello(@MultipartForm FormData data) { | ||
return data.getName(); | ||
} | ||
} | ||
|
||
} |
Oops, something went wrong.