mirror of
https://github.com/MHSanaei/3x-ui.git
synced 2026-07-05 04:14:21 +00:00
43 lines
1.4 KiB
Go
43 lines
1.4 KiB
Go
package middleware
|
|
|
|
import (
|
|
"net/http"
|
|
"strings"
|
|
|
|
"github.com/gin-gonic/gin"
|
|
)
|
|
|
|
// MaxBodyBytes caps the request body size for state-changing requests. It wraps
|
|
// the body in an http.MaxBytesReader so that any handler reading it (gin's
|
|
// ShouldBind, manual io.ReadAll, etc.) receives an error once the limit is
|
|
// exceeded, which the existing bind-failure path reports as a 400 rather than
|
|
// allocating an unbounded buffer or starting a long DB transaction.
|
|
//
|
|
// Methods without a body (GET/HEAD/OPTIONS/TRACE) and a non-positive limit are
|
|
// passed through untouched. Paths ending in one of skipSuffixes are also passed
|
|
// through uncapped — these are routes that legitimately accept a large upload
|
|
// (e.g. database restore, which streams a multi-MiB SQLite file).
|
|
func MaxBodyBytes(limit int64, skipSuffixes ...string) gin.HandlerFunc {
|
|
return func(c *gin.Context) {
|
|
if limit > 0 {
|
|
switch c.Request.Method {
|
|
case http.MethodGet, http.MethodHead, http.MethodOptions, http.MethodTrace:
|
|
default:
|
|
if c.Request.Body != nil && !hasAnySuffix(c.Request.URL.Path, skipSuffixes) {
|
|
c.Request.Body = http.MaxBytesReader(c.Writer, c.Request.Body, limit)
|
|
}
|
|
}
|
|
}
|
|
c.Next()
|
|
}
|
|
}
|
|
|
|
func hasAnySuffix(path string, suffixes []string) bool {
|
|
for _, suffix := range suffixes {
|
|
if suffix != "" && strings.HasSuffix(path, suffix) {
|
|
return true
|
|
}
|
|
}
|
|
return false
|
|
}
|