diff options
| author | Austin Adams <git@austinjadams.com> | 2016-03-25 22:06:10 -0400 |
|---|---|---|
| committer | Austin Adams <git@austinjadams.com> | 2016-03-25 22:06:10 -0400 |
| commit | f8ccf18b95d02ad71304c00da75858250d013517 (patch) | |
| tree | deb71df847aba6273ae14168686e7fb8728945d5 | |
| parent | 7cb0d2160888ea5b46e494409c924b169127d2c5 (diff) | |
| download | toolbag-f8ccf18b95d02ad71304c00da75858250d013517.tar.gz toolbag-f8ccf18b95d02ad71304c00da75858250d013517.tar.xz | |
figlet: limit request body to 4K, clean up Init()
Previously, users could POST 1MiB (nginx) to 10MiB (go net/http module)
of text, consuming tons of resources. Indeed, after I successfully
POSTed most of Moby Dick, execd blew up and maxed out several cores.
4KiB feels tiny, but I can't see how anyone using this frontend
reasonably would want to convert any more than 7-8 paragraphs of text to
gigantic ASCII block letters.
| -rw-r--r-- | tools/figlet.go | 52 |
1 files changed, 44 insertions, 8 deletions
diff --git a/tools/figlet.go b/tools/figlet.go index 2e69856..52d8fd8 100644 --- a/tools/figlet.go +++ b/tools/figlet.go @@ -26,13 +26,16 @@ import ( tb "code.austinjadams.com/toolbag" ) +// by default, limit request bodies to 4KiB (2^12 bytes) +const defaultMaxReqBody int64 = 1 << 12 + type Figlet struct { defaultFont string fonts map[string][]string templ *template.Template net, addr string - - args struct { + args struct { + maxReqBody int64 template, unix, tcp string } } @@ -48,6 +51,7 @@ func (f *Figlet) AddArgs(toolbag *tb.ToolBag) { toolbag.StringVar(&f.args.template, tb.Arg(f, "template"), "", "path to template") toolbag.StringVar(&f.args.unix, tb.Arg(f, "unix"), "", "path to unix socket to execd") toolbag.StringVar(&f.args.tcp, tb.Arg(f, "tcp"), "", "tcp address to execd") + toolbag.Int64Var(&f.args.maxReqBody, tb.Arg(f, "maxReqBody"), defaultMaxReqBody, "maximum size of a request body in bytes") } func (f *Figlet) makeClient() (*execd.Client, error) { @@ -66,7 +70,7 @@ func (f *Figlet) fontCategory(needle string) string { return "" } -func (f *Figlet) Init() error { +func (f *Figlet) parseArgs() error { if f.args.template == "" { return errors.New("missing template arg") } @@ -88,10 +92,10 @@ func (f *Figlet) Init() error { f.addr = f.args.tcp } - client, err := f.makeClient() - if err != nil { - return err - } + return nil +} + +func (f *Figlet) findDefaultFont(client *execd.Client) error { // find default font defaultFont, err := client.ExecString("", "fig", "default") if err != nil { @@ -99,6 +103,10 @@ func (f *Figlet) Init() error { } f.defaultFont = strings.TrimSpace(defaultFont) + return nil +} + +func (f *Figlet) findFonts(client *execd.Client) error { // find categories of fonts output, err := client.ExecString("", "fig", "ls") if err != nil { @@ -121,8 +129,36 @@ func (f *Figlet) Init() error { return nil } +func (f *Figlet) Init() error { + err := f.parseArgs() + + client, err := f.makeClient() + if err != nil { + return err + } + + err = f.findDefaultFont(client) + if err != nil { + return err + } + + err = f.findFonts(client) + if err != nil { + return err + } + + return nil +} + // serve func (f *Figlet) ServeHTTP(w http.ResponseWriter, r *http.Request) { + r.Body = http.MaxBytesReader(w, r.Body, f.args.maxReqBody) + err := r.ParseForm() + if err != nil { + tb.Whine(f, w, err) + return + } + font := r.PostFormValue("font") text := r.PostFormValue("text") result := "" @@ -153,7 +189,7 @@ func (f *Figlet) ServeHTTP(w http.ResponseWriter, r *http.Request) { } } - err := f.templ.Execute(w, &struct { + err = f.templ.Execute(w, &struct { Font string Fonts map[string][]string Text, Result string |