config: add MaxRequestBodySize RPC configuration option

A part of #3131, follow the https://github.com/neo-project/neo-modules/pull/827. Signed-off-by: Anna Shaleva <shaleva.ann@nspcc.ru>
2024-10-16 05:43:24 +00:00 · 2023-11-23 13:23:22 +03:00 · 2023-11-23 13:23:22 +03:00 · 802d8d24b9
commit 802d8d24b9
parent 22c654b200
4 changed files with 13 additions and 0 deletions
--- a/docs/node-configuration.md
+++ b/docs/node-configuration.md
@ -187,6 +187,7 @@ RPC:
  MaxFindResultItems: 100
  MaxFindStoragePageSize: 50
  MaxNEP11Tokens: 100
+  MaxRequestBodyBytes: 5242880
  MaxWebSocketClients: 64
  SessionEnabled: false
  SessionExpirationTime: 15
@ -225,6 +226,8 @@ where:
 - `MaxFindStoragePageSize` - the maximum number of elements for `findstorage` response per single page.
 - `MaxNEP11Tokens` - limit for the number of tokens returned from
  `getnep11balances` call.
+- `MaxRequestBodyBytes` - the maximum allowed HTTP request body size in bytes
+  (5MB by default).
 - `MaxWebSocketClients` - the maximum simultaneous websocket client connection
  number (64 by default). Attempts to establish additional connections will
  lead to websocket handshake failures. Use "-1" to disable websocket
--- a/pkg/config/config.go
+++ b/pkg/config/config.go
@ -30,6 +30,9 @@ const (
 	// DefaultMaxNEP11Tokens is the default maximum number of resulting NEP11 tokens
 	// that can be traversed by `getnep11balances` JSON-RPC handler.
 	DefaultMaxNEP11Tokens = 100
+	// DefaultMaxRequestBodyBytes is the default maximum allowed size of HTTP
+	// request body in bytes.
+	DefaultMaxRequestBodyBytes = 5 * 1024 * 1024
 )

 // Version is the version of the node, set at the build time.
--- a/pkg/config/rpc_config.go
+++ b/pkg/config/rpc_config.go
@ -16,6 +16,7 @@ type (
 		MaxFindResultItems        int           `yaml:"MaxFindResultItems"`
 		MaxFindStorageResultItems int           `yaml:"MaxFindStoragePageSize"`
 		MaxNEP11Tokens            int           `yaml:"MaxNEP11Tokens"`
+		MaxRequestBodyBytes       int           `yaml:"MaxRequestBodyBytes"`
 		MaxWebSocketClients       int           `yaml:"MaxWebSocketClients"`
 		SessionEnabled            bool          `yaml:"SessionEnabled"`
 		SessionExpirationTime     int           `yaml:"SessionExpirationTime"`
--- a/pkg/services/rpcsrv/server.go
+++ b/pkg/services/rpcsrv/server.go
@ -313,6 +313,10 @@ func New(chain Ledger, conf config.RPC, coreServer *network.Server,
 		conf.MaxNEP11Tokens = config.DefaultMaxNEP11Tokens
 		log.Info("MaxNEP11Tokens is not set or wrong, setting default value", zap.Int("MaxNEP11Tokens", config.DefaultMaxNEP11Tokens))
 	}
+	if conf.MaxRequestBodyBytes <= 0 {
+		conf.MaxRequestBodyBytes = config.DefaultMaxRequestBodyBytes
+		log.Info("MaxRequestBodyBytes is not set or wong, setting default value", zap.Int("MaxRequestBodyBytes", config.DefaultMaxRequestBodyBytes))
+	}
 	if conf.MaxWebSocketClients == 0 {
 		conf.MaxWebSocketClients = defaultMaxWebSocketClients
 		log.Info("MaxWebSocketClients is not set or wrong, setting default value", zap.Int("MaxWebSocketClients", defaultMaxWebSocketClients))
@ -474,6 +478,8 @@ func (s *Server) SetOracleHandler(orc OracleHandler) {
 }

 func (s *Server) handleHTTPRequest(w http.ResponseWriter, httpRequest *http.Request) {
+	// Restrict request body before further processing.
+	httpRequest.Body = http.MaxBytesReader(w, httpRequest.Body, int64(s.config.MaxRequestBodyBytes))
 	req := params.NewRequest()

 	if httpRequest.URL.Path == "/ws" && httpRequest.Method == "GET" {