Browse files

Limit the maximum content length.

  • Loading branch information...
1 parent 67d78c9 commit 0979d489c7b5a8cf76b635ae50031291e286e874 @thatismatt committed Jul 8, 2010
Showing with 18 additions and 3 deletions.
  1. +2 −2 lib/josi/actionresults.js
  2. +16 −1 lib/josi/server.js
View
4 lib/josi/actionresults.js
@@ -126,9 +126,9 @@ this.notModified = notModified = function() {
return new ActionResult(null, [ ['Content-Type', 'text/html'] ], 304);
};
-this.error = error = function(err) {
+this.error = error = function(err, httpStatusCode) {
var msg = err instanceof Error ? err.message + '\r\n' + err.stack : err;
- return new ActionResult(msg, [ ['Content-Type', 'text/plain'] ], 500);
+ return new ActionResult(msg, [ ['Content-Type', 'text/plain'] ], httpStatusCode || 500);
};
this.raw = function(data) {
View
17 lib/josi/server.js
@@ -10,6 +10,12 @@ var multipart = require('multipart-js/multipart');
this.Server = function(dir) {
var app = require(dir + '/app');
+ app.settings = utilities.merge(
+ {
+ maxContentLength: 100 * 1024 // 100KB
+ },
+ app.settings
+ );
if (!app.router) {
var controllerFactory = new routing.ModuleControllerFactory(dir);
app.router = new routing.ControllerRouter(controllerFactory);
@@ -84,7 +90,11 @@ this.Server = function(dir) {
files: {},
cookie: cookie
};
- var callback = function() {
+ var callback = function(err) {
+ if (err) {
+ actionresults.error(err, 413).execute(req, res);
+ return;
+ }
actionContext.params = utilities.merge(actionContext.query, actionContext.form);
if (actionContext.route.controller) {
actionContext.params.controller = actionContext.route.controller;
@@ -118,6 +128,11 @@ this.Server = function(dir) {
}
};
var contentType = req.headers['content-type'] || req.headers['Content-Type'];
+ var contentLength = parseInt(req.headers['content-length'] || req.headers['Content-Length'], 10);
+ if (contentLength > app.settings.maxContentLength) {
+ callback(new Error('Max content length exceeded'));
+ return;
+ }
if (contentType && /multipart\/form-data/.test(contentType)) {
var currentPart;
var parser = multipart.parser();

0 comments on commit 0979d48

Please sign in to comment.