confi: add MaxRequestHeaderBytes RPC configuration option

A part of #3131, follow the notion of https://github.com/neo-project/neo-modules/pull/827, but don't restrict request line size due to https://github.com/golang/go/issues/15494. Signed-off-by: Anna Shaleva <shaleva.ann@nspcc.ru>
2023-11-23 13:39:24 +03:00 · 2023-11-23 13:39:24 +03:00 · d511f6e5a9
commit d511f6e5a9
parent 802d8d24b9
4 changed files with 34 additions and 19 deletions
--- a/docs/node-configuration.md
+++ b/docs/node-configuration.md
@ -188,6 +188,7 @@ RPC:
  MaxFindStoragePageSize: 50
  MaxNEP11Tokens: 100
  MaxRequestBodyBytes: 5242880
+  MaxRequestHeaderBytes: 1048576
  MaxWebSocketClients: 64
  SessionEnabled: false
  SessionExpirationTime: 15
@ -228,6 +229,8 @@ where:
  `getnep11balances` call.
 - `MaxRequestBodyBytes` - the maximum allowed HTTP request body size in bytes
  (5MB by default).
+- `MaxRequestHeaderBytes` - the maximum allowed HTTP request header size in bytes
+  (1MB by default).
 - `MaxWebSocketClients` - the maximum simultaneous websocket client connection
  number (64 by default). Attempts to establish additional connections will
  lead to websocket handshake failures. Use "-1" to disable websocket
--- a/pkg/config/config.go
+++ b/pkg/config/config.go
@ -3,6 +3,7 @@ package config
 import (
 	"bytes"
 	"fmt"
+	"net/http"
 	"os"
 	"time"

@ -33,6 +34,9 @@ const (
 	// DefaultMaxRequestBodyBytes is the default maximum allowed size of HTTP
 	// request body in bytes.
 	DefaultMaxRequestBodyBytes = 5 * 1024 * 1024
+	// DefaultMaxRequestHeaderBytes is the maximum permitted size of the headers
+	// in an HTTP request.
+	DefaultMaxRequestHeaderBytes = http.DefaultMaxHeaderBytes
 )

 // Version is the version of the node, set at the build time.
--- a/pkg/config/rpc_config.go
+++ b/pkg/config/rpc_config.go
@ -17,6 +17,7 @@ type (
 		MaxFindStorageResultItems int           `yaml:"MaxFindStoragePageSize"`
 		MaxNEP11Tokens            int           `yaml:"MaxNEP11Tokens"`
 		MaxRequestBodyBytes       int           `yaml:"MaxRequestBodyBytes"`
+		MaxRequestHeaderBytes     int           `yaml:"MaxRequestHeaderBytes"`
 		MaxWebSocketClients       int           `yaml:"MaxWebSocketClients"`
 		SessionEnabled            bool          `yaml:"SessionEnabled"`
 		SessionExpirationTime     int           `yaml:"SessionExpirationTime"`
--- a/pkg/services/rpcsrv/server.go
+++ b/pkg/services/rpcsrv/server.go
@ -267,25 +267,6 @@ var rpcWsHandlers = map[string]func(*Server, params.Params, *subscriber) (any, *
 // untyped nil or non-nil structure implementing OracleHandler interface.
 func New(chain Ledger, conf config.RPC, coreServer *network.Server,
 	orc OracleHandler, log *zap.Logger, errChan chan<- error) Server {
-	addrs := conf.Addresses
-	httpServers := make([]*http.Server, len(addrs))
-	for i, addr := range addrs {
-		httpServers[i] = &http.Server{
-			Addr: addr,
-		}
-	}
-
-	var tlsServers []*http.Server
-	if cfg := conf.TLSConfig; cfg.Enabled {
-		addrs := cfg.Addresses
-		tlsServers = make([]*http.Server, len(addrs))
-		for i, addr := range addrs {
-			tlsServers[i] = &http.Server{
-				Addr: addr,
-			}
-		}
-	}
-
 	protoCfg := chain.GetConfig().ProtocolConfiguration
 	if conf.SessionEnabled {
 		if conf.SessionExpirationTime <= 0 {
@ -317,6 +298,10 @@ func New(chain Ledger, conf config.RPC, coreServer *network.Server,
 		conf.MaxRequestBodyBytes = config.DefaultMaxRequestBodyBytes
 		log.Info("MaxRequestBodyBytes is not set or wong, setting default value", zap.Int("MaxRequestBodyBytes", config.DefaultMaxRequestBodyBytes))
 	}
+	if conf.MaxRequestHeaderBytes <= 0 {
+		conf.MaxRequestHeaderBytes = config.DefaultMaxRequestHeaderBytes
+		log.Info("MaxRequestHeaderBytes is not set or wong, setting default value", zap.Int("MaxRequestHeaderBytes", config.DefaultMaxRequestHeaderBytes))
+	}
 	if conf.MaxWebSocketClients == 0 {
 		conf.MaxWebSocketClients = defaultMaxWebSocketClients
 		log.Info("MaxWebSocketClients is not set or wrong, setting default value", zap.Int("MaxWebSocketClients", defaultMaxWebSocketClients))
@ -329,6 +314,28 @@ func New(chain Ledger, conf config.RPC, coreServer *network.Server,
 	if conf.EnableCORSWorkaround {
 		wsOriginChecker = func(_ *http.Request) bool { return true }
 	}
+
+	addrs := conf.Addresses
+	httpServers := make([]*http.Server, len(addrs))
+	for i, addr := range addrs {
+		httpServers[i] = &http.Server{
+			Addr:           addr,
+			MaxHeaderBytes: conf.MaxRequestHeaderBytes,
+		}
+	}
+
+	var tlsServers []*http.Server
+	if cfg := conf.TLSConfig; cfg.Enabled {
+		addrs := cfg.Addresses
+		tlsServers = make([]*http.Server, len(addrs))
+		for i, addr := range addrs {
+			tlsServers[i] = &http.Server{
+				Addr:           addr,
+				MaxHeaderBytes: conf.MaxRequestHeaderBytes,
+			}
+		}
+	}
+
 	return Server{
 		http:  httpServers,
 		https: tlsServers,