pkg/httpx
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Return ErrResponseTooLarge instead of truncating response body

Browse Source 
WithMaxResponseBody wrapped the body in io.LimitedReader, which returns EOF
at the cap, so Bytes/JSON/XML silently returned a truncated body with a nil
error despite the documented contract. Read one byte past the limit and
return the new ErrResponseTooLarge sentinel when exceeded; bodies exactly at
the limit still succeed.
This commit is contained in:
Alexey Shakhmatov
2026-05-23 13:47:13 +03:00
parent 2d4a06e715
commit e8c4577c6f
5 changed files with 48 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
client.go
View File

@@ -102,9 +102,12 @@ func (c *Client) Do(ctx context.Context, req *http.Request) (*Response, error) {
} }
if c.maxResponseBody > 0 { if c.maxResponseBody > 0 {
// Read one byte past the limit so we can distinguish "exactly at the
// limit" (allowed) from "exceeds the limit" (ErrResponseTooLarge).
resp.Body = &limitedReadCloser{ resp.Body = &limitedReadCloser{
R: io.LimitedReader{R: resp.Body, N: c.maxResponseBody}, r: io.LimitReader(resp.Body, c.maxResponseBody+1),
C: resp.Body, c: resp.Body,
limit: c.maxResponseBody,
} }
} }

4
client_options.go
View File

@@ -89,8 +89,8 @@ func WithBalancer(opts ...balancer.Option) Option {
// WithMaxResponseBody limits the number of bytes read from response bodies // WithMaxResponseBody limits the number of bytes read from response bodies
// by Response.Bytes (and by extension String, JSON, XML). If the response // by Response.Bytes (and by extension String, JSON, XML). If the response
// body exceeds n bytes, reading stops and returns an error. // body exceeds n bytes, reading returns ErrResponseTooLarge instead of
// A value of 0 means no limit (the default). // silently truncating. A value of 0 means no limit (the default).
func WithMaxResponseBody(n int64) Option { func WithMaxResponseBody(n int64) Option {
return func(o *clientOptions) { o.maxResponseBody = n } return func(o *clientOptions) { o.maxResponseBody = n }
} }

6
error.go
View File

@@ -1,6 +1,7 @@
package httpx package httpx
import ( import (
"errors"
"fmt" "fmt"
"net/http" "net/http"
@@ -18,6 +19,11 @@ var (
ErrNoHealthy = balancer.ErrNoHealthy ErrNoHealthy = balancer.ErrNoHealthy
) )
// ErrResponseTooLarge is returned when reading a response body that exceeds
// the limit configured via WithMaxResponseBody. Any bytes read up to the
// limit are returned alongside the error.
var ErrResponseTooLarge = errors.New("httpx: response body exceeds configured limit")
// Error provides structured error information for failed HTTP operations. // Error provides structured error information for failed HTTP operations.
type Error struct { type Error struct {
// Op is the operation that failed (e.g. "Get", "Do"). // Op is the operation that failed (e.g. "Get", "Do").

21
response.go
View File

@@ -98,17 +98,26 @@ func (r *Response) BodyReader() io.Reader {
return r.Body return r.Body
} }
// limitedReadCloser wraps an io.LimitedReader with a separate Closer // limitedReadCloser enforces a maximum number of bytes that may be read from
// so the original body can be closed. // a response body. Reading more than limit bytes returns ErrResponseTooLarge
// rather than silently truncating the body. The original body is closed via
// the separate Closer.
type limitedReadCloser struct { type limitedReadCloser struct {
R io.LimitedReader r io.Reader // an io.LimitReader over the original body (limit+1 bytes)
C io.Closer c io.Closer // the original body, for Close
limit int64
read int64
} }
func (l *limitedReadCloser) Read(p []byte) (int, error) { func (l *limitedReadCloser) Read(p []byte) (int, error) {
return l.R.Read(p) n, err := l.r.Read(p)
l.read += int64(n)
if l.read > l.limit {
return n, ErrResponseTooLarge
}
return n, err
} }
func (l *limitedReadCloser) Close() error { func (l *limitedReadCloser) Close() error {
return l.C.Close() return l.c.Close()
} }

22
response_limit_test.go
View File

@@ -2,6 +2,7 @@ package httpx_test
import ( import (
"context" "context"
"errors"
"fmt" "fmt"
"net/http" "net/http"
"net/http/httptest" "net/http/httptest"
@@ -32,13 +33,30 @@ func TestClient_MaxResponseBody(t *testing.T) {
} }
}) })
t.Run("truncates response exceeding limit", func(t *testing.T) { t.Run("returns ErrResponseTooLarge when exceeding limit", func(t *testing.T) {
largeBody := strings.Repeat("x", 1000) largeBody := strings.Repeat("x", 1000)
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) { srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
fmt.Fprint(w, largeBody) fmt.Fprint(w, largeBody)
})) }))
defer srv.Close() defer srv.Close()
client := httpx.New(httpx.WithMaxResponseBody(100))
resp, err := client.Get(context.Background(), srv.URL+"/")
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
if _, err := resp.Bytes(); !errors.Is(err, httpx.ErrResponseTooLarge) {
t.Fatalf("err = %v, want ErrResponseTooLarge", err)
}
})
t.Run("allows body exactly at limit", func(t *testing.T) {
exact := strings.Repeat("x", 100)
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
fmt.Fprint(w, exact)
}))
defer srv.Close()
client := httpx.New(httpx.WithMaxResponseBody(100)) client := httpx.New(httpx.WithMaxResponseBody(100))
resp, err := client.Get(context.Background(), srv.URL+"/") resp, err := client.Get(context.Background(), srv.URL+"/")
if err != nil { if err != nil {
@@ -46,7 +64,7 @@ func TestClient_MaxResponseBody(t *testing.T) {
} }
b, err := resp.Bytes() b, err := resp.Bytes()
if err != nil { if err != nil {
t.Fatalf("reading body: %v", err) t.Fatalf("reading body at exact limit: %v", err)
} }
if len(b) != 100 { if len(b) != 100 {
t.Fatalf("body length = %d, want %d", len(b), 100) t.Fatalf("body length = %d, want %d", len(b), 100)