From 802d8d24b9f523818d12037dbc485c47d578702d Mon Sep 17 00:00:00 2001 From: Anna Shaleva Date: Thu, 23 Nov 2023 13:23:22 +0300 Subject: [PATCH] config: add MaxRequestBodySize RPC configuration option A part of #3131, follow the https://github.com/neo-project/neo-modules/pull/827. Signed-off-by: Anna Shaleva --- docs/node-configuration.md | 3 +++ pkg/config/config.go | 3 +++ pkg/config/rpc_config.go | 1 + pkg/services/rpcsrv/server.go | 6 ++++++ 4 files changed, 13 insertions(+) diff --git a/docs/node-configuration.md b/docs/node-configuration.md index d80ed5267..3648108fd 100644 --- a/docs/node-configuration.md +++ b/docs/node-configuration.md @@ -187,6 +187,7 @@ RPC: MaxFindResultItems: 100 MaxFindStoragePageSize: 50 MaxNEP11Tokens: 100 + MaxRequestBodyBytes: 5242880 MaxWebSocketClients: 64 SessionEnabled: false SessionExpirationTime: 15 @@ -225,6 +226,8 @@ where: - `MaxFindStoragePageSize` - the maximum number of elements for `findstorage` response per single page. - `MaxNEP11Tokens` - limit for the number of tokens returned from `getnep11balances` call. +- `MaxRequestBodyBytes` - the maximum allowed HTTP request body size in bytes + (5MB by default). - `MaxWebSocketClients` - the maximum simultaneous websocket client connection number (64 by default). Attempts to establish additional connections will lead to websocket handshake failures. Use "-1" to disable websocket diff --git a/pkg/config/config.go b/pkg/config/config.go index d30a30e61..4faf31a98 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -30,6 +30,9 @@ const ( // DefaultMaxNEP11Tokens is the default maximum number of resulting NEP11 tokens // that can be traversed by `getnep11balances` JSON-RPC handler. DefaultMaxNEP11Tokens = 100 + // DefaultMaxRequestBodyBytes is the default maximum allowed size of HTTP + // request body in bytes. + DefaultMaxRequestBodyBytes = 5 * 1024 * 1024 ) // Version is the version of the node, set at the build time. diff --git a/pkg/config/rpc_config.go b/pkg/config/rpc_config.go index bd9d0acdd..b0c62bf3a 100644 --- a/pkg/config/rpc_config.go +++ b/pkg/config/rpc_config.go @@ -16,6 +16,7 @@ type ( MaxFindResultItems int `yaml:"MaxFindResultItems"` MaxFindStorageResultItems int `yaml:"MaxFindStoragePageSize"` MaxNEP11Tokens int `yaml:"MaxNEP11Tokens"` + MaxRequestBodyBytes int `yaml:"MaxRequestBodyBytes"` MaxWebSocketClients int `yaml:"MaxWebSocketClients"` SessionEnabled bool `yaml:"SessionEnabled"` SessionExpirationTime int `yaml:"SessionExpirationTime"` diff --git a/pkg/services/rpcsrv/server.go b/pkg/services/rpcsrv/server.go index bb54fc4a3..2ec692cb6 100644 --- a/pkg/services/rpcsrv/server.go +++ b/pkg/services/rpcsrv/server.go @@ -313,6 +313,10 @@ func New(chain Ledger, conf config.RPC, coreServer *network.Server, conf.MaxNEP11Tokens = config.DefaultMaxNEP11Tokens log.Info("MaxNEP11Tokens is not set or wrong, setting default value", zap.Int("MaxNEP11Tokens", config.DefaultMaxNEP11Tokens)) } + if conf.MaxRequestBodyBytes <= 0 { + conf.MaxRequestBodyBytes = config.DefaultMaxRequestBodyBytes + log.Info("MaxRequestBodyBytes is not set or wong, setting default value", zap.Int("MaxRequestBodyBytes", config.DefaultMaxRequestBodyBytes)) + } if conf.MaxWebSocketClients == 0 { conf.MaxWebSocketClients = defaultMaxWebSocketClients log.Info("MaxWebSocketClients is not set or wrong, setting default value", zap.Int("MaxWebSocketClients", defaultMaxWebSocketClients)) @@ -474,6 +478,8 @@ func (s *Server) SetOracleHandler(orc OracleHandler) { } func (s *Server) handleHTTPRequest(w http.ResponseWriter, httpRequest *http.Request) { + // Restrict request body before further processing. + httpRequest.Body = http.MaxBytesReader(w, httpRequest.Body, int64(s.config.MaxRequestBodyBytes)) req := params.NewRequest() if httpRequest.URL.Path == "/ws" && httpRequest.Method == "GET" {