Merge ca299ad into fe0a6e3

tableau · May 22, 2023 · afa04ed · afa04ed
2 parents fe0a6e3 + ca299ad
commit afa04ed
Show file tree

Hide file tree

Showing 5 changed files with 56 additions and 5 deletions.
diff --git a/tabpy/VERSION b/tabpy/VERSION
@@ -1 +1 @@
-2.7.1
+2.8.0
diff --git a/tabpy/tabpy_server/app/app.py b/tabpy/tabpy_server/app/app.py
@@ -27,6 +27,7 @@
     UploadDestinationHandler,
 )
 import tornado
+from tornado.http1connection import HTTP1Connection
 import tabpy.tabpy_server.app.arrow_server as pa
 import _thread
 
@@ -62,6 +63,7 @@ class TabPyApp:
     python_service = None
     credentials = {}
     arrow_server = None
+    max_request_size = None
 
     def __init__(self, config_file):
         if config_file is None:
@@ -116,10 +118,10 @@ def _get_arrow_server(self, config):
 
     def run(self):
         application = self._create_tornado_web_app()
-        max_request_size = (
+        self.max_request_size = (
             int(self.settings[SettingsParameters.MaxRequestSizeInMb]) * 1024 * 1024
         )
-        logger.info(f"Setting max request size to {max_request_size} bytes")
+        logger.info(f"Setting max request size to {self.max_request_size} bytes")
 
         init_model_evaluator(self.settings, self.tabpy_state, self.python_service)
 
@@ -142,8 +144,8 @@ def run(self):
         application.listen(
             self.settings[SettingsParameters.Port],
             ssl_options=ssl_options,
-            max_buffer_size=max_request_size,
-            max_body_size=max_request_size,
+            max_buffer_size=self.max_request_size,
+            max_body_size=self.max_request_size,
             **settings,
         ) 
 
@@ -497,3 +499,16 @@ def _build_tabpy_state(self):
         logger.info(f"Loading state from state file {state_file_path}")
         tabpy_state = _get_state_from_file(state_file_dir)
         return tabpy_state, TabPyState(config=tabpy_state, settings=self.settings)
+
+
+# Override _read_body to allow content with size exceeding max_body_size
+# This enables proper handling of 413 errors in base_handler
+def _read_body_allow_max_size(self, code, headers, delegate):
+    if "Content-Length" in headers:
+        content_length = int(headers["Content-Length"])
+        if content_length > self._max_body_size:
+            return
+    return self.original_read_body(code, headers, delegate)
+
+HTTP1Connection.original_read_body = HTTP1Connection._read_body
+HTTP1Connection._read_body = _read_body_allow_max_size
diff --git a/tabpy/tabpy_server/handlers/base_handler.py b/tabpy/tabpy_server/handlers/base_handler.py
@@ -127,6 +127,7 @@ def initialize(self, app):
         self.username = None
         self.password = None
         self.eval_timeout = self.settings[SettingsParameters.EvaluateTimeout]
+        self.max_request_size = app.max_request_size
 
         self.logger = ContextLoggerWrapper(self.request)
         self.logger.enable_context_logging(
@@ -442,3 +443,25 @@ def fail_with_auth_error(self):
                 info="Not Acceptable",
                 log_message="Username or password provided when authentication not available.",
             )
+
+    def request_body_size_within_limit(self):
+        """
+        Determines if the request body size is within the specified limit.
+        
+        Returns
+        -------
+        bool
+            True if the request body size is within the limit, False otherwise.
+        """
+        if self.max_request_size is not None:
+            if "Content-Length" in self.request.headers:
+                content_length = int(self.request.headers["Content-Length"])
+                if content_length > self.max_request_size:
+                    self.error_out(
+                        413,
+                        info="Request Entity Too Large",
+                        log_message=f"Request with size {content_length} exceeded limit of {self.max_request_size} (bytes).",
+                    )
+                    return False
+
+        return True
diff --git a/tabpy/tabpy_server/handlers/evaluation_plane_handler.py b/tabpy/tabpy_server/handlers/evaluation_plane_handler.py
@@ -46,6 +46,10 @@ def post(self):
         if self.should_fail_with_auth_error() != AuthErrorStates.NONE:
             self.fail_with_auth_error()
             return
+
+        if not self.request_body_size_within_limit():
+            return
+
         self.error_out(404, "Ad-hoc scripts have been disabled on this analytics extension, please contact your "
                             "administrator.")
 
@@ -165,6 +169,9 @@ def post(self):
         if self.should_fail_with_auth_error() != AuthErrorStates.NONE:
             self.fail_with_auth_error()
             return
+
+        if not self.request_body_size_within_limit():
+            return
 
         self._add_CORS_header()
         try:

diff --git a/tabpy/tabpy_server/handlers/query_plane_handler.py b/tabpy/tabpy_server/handlers/query_plane_handler.py
@@ -217,6 +217,9 @@ def get(self, endpoint_name):
             self.fail_with_auth_error()
             return
 
+        if not self.request_body_size_within_limit():
+            return
+
         start = time.time()
         endpoint_name = urllib.parse.unquote(endpoint_name)
         self._process_query(endpoint_name, start)
@@ -229,6 +232,9 @@ def post(self, endpoint_name):
             self.fail_with_auth_error()
             return
 
+        if not self.request_body_size_within_limit():
+            return
+
         start = time.time()
         endpoint_name = urllib.parse.unquote(endpoint_name)
         self._process_query(endpoint_name, start)