Permalink
Browse files

Merge "Adds middleware to limit request body sizes."

  • Loading branch information...
2 parents 484f0a4 + 0fa7d12 commit e7068fd481f6cb887da3a8488435d7c911539bb2 Jenkins committed with openstack-gerrit Mar 29, 2012
Showing with 116 additions and 8 deletions.
  1. +11 −8 etc/nova/api-paste.ini
  2. +54 −0 nova/api/sizelimit.py
  3. +51 −0 nova/tests/api/test_sizelimit.py
View
@@ -92,17 +92,17 @@ use = call:nova.api.openstack.urlmap:urlmap_factory
[composite:openstack_compute_api_v2]
use = call:nova.api.auth:pipeline_factory
-noauth = faultwrap noauth ratelimit osapi_compute_app_v2
-deprecated = faultwrap auth ratelimit osapi_compute_app_v2
-keystone = faultwrap authtoken keystonecontext ratelimit osapi_compute_app_v2
-keystone_nolimit = faultwrap authtoken keystonecontext osapi_compute_app_v2
+noauth = faultwrap sizelimit noauth ratelimit osapi_compute_app_v2
+deprecated = faultwrap sizelimit auth ratelimit osapi_compute_app_v2
+keystone = faultwrap sizelimit authtoken keystonecontext ratelimit osapi_compute_app_v2
+keystone_nolimit = faultwrap sizelimit authtoken keystonecontext osapi_compute_app_v2
[composite:openstack_volume_api_v1]
use = call:nova.api.auth:pipeline_factory
-noauth = faultwrap noauth ratelimit osapi_volume_app_v1
-deprecated = faultwrap auth ratelimit osapi_volume_app_v1
-keystone = faultwrap authtoken keystonecontext ratelimit osapi_volume_app_v1
-keystone_nolimit = faultwrap authtoken keystonecontext osapi_volume_app_v1
+noauth = faultwrap sizelimit noauth ratelimit osapi_volume_app_v1
+deprecated = faultwrap sizelimit auth ratelimit osapi_volume_app_v1
+keystone = faultwrap sizelimit authtoken keystonecontext ratelimit osapi_volume_app_v1
+keystone_nolimit = faultwrap sizelimit authtoken keystonecontext osapi_volume_app_v1
[filter:faultwrap]
paste.filter_factory = nova.api.openstack:FaultWrapper.factory
@@ -116,6 +116,9 @@ paste.filter_factory = nova.api.openstack.auth:NoAuthMiddleware.factory
[filter:ratelimit]
paste.filter_factory = nova.api.openstack.compute.limits:RateLimitingMiddleware.factory
+[filter:sizelimit]
+paste.filter_factory = nova.api.sizelimit:RequestBodySizeLimiter.factory
+
[app:osapi_compute_app_v2]
paste.app_factory = nova.api.openstack.compute:APIRouter.factory
View
@@ -0,0 +1,54 @@
+# vim: tabstop=4 shiftwidth=4 softtabstop=4
+
+# Copyright (c) 2012 OpenStack, LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+"""
+Request Body limiting middleware.
+
+"""
+
+import webob.dec
+import webob.exc
+
+from nova import context
+from nova import flags
+from nova import log as logging
+from nova.openstack.common import cfg
+from nova import wsgi
+
+
+#default request size is 112k
+max_request_body_size_opt = cfg.BoolOpt('osapi_max_request_body_size',
+ default=114688,
+ help='')
+
+FLAGS = flags.FLAGS
+FLAGS.register_opt(max_request_body_size_opt)
+LOG = logging.getLogger(__name__)
+
+
+class RequestBodySizeLimiter(wsgi.Middleware):
+ """Add a 'nova.context' to WSGI environ."""
+
+ def __init__(self, *args, **kwargs):
+ super(RequestBodySizeLimiter, self).__init__(*args, **kwargs)
+
+ @webob.dec.wsgify(RequestClass=wsgi.Request)
+ def __call__(self, req):
+ if (req.content_length > FLAGS.osapi_max_request_body_size
+ or len(req.body) > FLAGS.osapi_max_request_body_size):
+ msg = _("Request is too large.")
+ raise webob.exc.HTTPBadRequest(explanation=msg)
+ else:
+ return self.application
@@ -0,0 +1,51 @@
+# Copyright (c) 2012 OpenStack, LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+import webob
+
+import nova.api.sizelimit
+from nova import flags
+from nova import test
+
+FLAGS = flags.FLAGS
+MAX_REQUEST_BODY_SIZE = FLAGS.osapi_max_request_body_size
+
+
+class TestRequestBodySizeLimiter(test.TestCase):
+
+ def setUp(self):
+ super(TestRequestBodySizeLimiter, self).setUp()
+
+ @webob.dec.wsgify()
+ def fake_app(req):
+ return webob.Response()
+
+ self.middleware = nova.api.sizelimit.RequestBodySizeLimiter(fake_app)
+ self.request = webob.Request.blank('/', method='POST')
+
+ def test_content_length_acceptable(self):
+ self.request.headers['Content-Length'] = MAX_REQUEST_BODY_SIZE
+ self.request.body = "0" * MAX_REQUEST_BODY_SIZE
+ response = self.request.get_response(self.middleware)
+ self.assertEqual(response.status_int, 200)
+
+ def test_content_length_to_large(self):
+ self.request.headers['Content-Length'] = MAX_REQUEST_BODY_SIZE + 1
+ response = self.request.get_response(self.middleware)
+ self.assertEqual(response.status_int, 400)
+
+ def test_request_to_large(self):
+ self.request.body = "0" * (MAX_REQUEST_BODY_SIZE + 1)
+ response = self.request.get_response(self.middleware)
+ self.assertEqual(response.status_int, 400)

0 comments on commit e7068fd

Please sign in to comment.