pkg/httpx
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add server MaxBodySize middleware to prevent memory exhaustion

Browse Source 
Wraps request body with http.MaxBytesReader to limit incoming payload
size. Without this, any endpoint accepting a body is vulnerable to
large uploads consuming all available memory.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Alexey Shakhmatov
2026-03-22 21:47:26 +03:00
parent b40a373675
commit 1b322c8c81
2 changed files with 76 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
server/middleware_bodylimit.go Normal file
View File

@@ -0,0 +1,15 @@
package server
import "net/http"
// MaxBodySize returns a middleware that limits the size of incoming request
// bodies. If the body exceeds n bytes, the server returns 413 Request Entity
// Too Large. It wraps the body with http.MaxBytesReader.
func MaxBodySize(n int64) Middleware {
return func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, n)
next.ServeHTTP(w, r)
})
}
}