zeromicro/go-zero
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: fixed #2945 (#2953)

Browse Source 
Co-authored-by: Kevin Wan <wanjunfeng@gmail.com>
This commit is contained in:
chen quan
2023-04-23 22:22:03 +08:00
committed by GitHub
parent 9970ff55cd
commit ce4eb6ed61
5 changed files with 67 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
rest/handler/contentsecurityhandler.go
View File

@@ -18,6 +18,12 @@ type UnsignedCallback func(w http.ResponseWriter, r *http.Request, next http.Han
// ContentSecurityHandler returns a middleware to verify content security.
func ContentSecurityHandler(decrypters map[string]codec.RsaDecrypter, tolerance time.Duration,
strict bool, callbacks ...UnsignedCallback) func(http.Handler) http.Handler {
return LimitContentSecurityHandler(maxBytes, decrypters, tolerance, strict, callbacks)
}
// LimitContentSecurityHandler returns a middleware to verify content security.
func LimitContentSecurityHandler(maxBytesSize int64, decrypters map[string]codec.RsaDecrypter, tolerance time.Duration,
strict bool, callbacks []UnsignedCallback) func(http.Handler) http.Handler {
if len(callbacks) == 0 {
callbacks = append(callbacks, handleVerificationFailure)
}
@@ -36,7 +42,7 @@ func ContentSecurityHandler(decrypters map[string]codec.RsaDecrypter, tolerance
r.Header.Get(contentSecurity))
executeCallbacks(w, r, next, strict, code, callbacks)
} else if r.ContentLength > 0 && header.Encrypted() {
CryptionHandler(header.Key)(next).ServeHTTP(w, r)
LimitCryptionHandler(maxBytesSize, header.Key)(next).ServeHTTP(w, r)
} else {
next.ServeHTTP(w, r)
}

11
rest/handler/cryptionhandler.go
View File

@@ -19,6 +19,11 @@ var errContentLengthExceeded = errors.New("content length exceeded")
// CryptionHandler returns a middleware to handle cryption.
func CryptionHandler(key []byte) func(http.Handler) http.Handler {
return LimitCryptionHandler(maxBytes, key)
}
// LimitCryptionHandler returns a middleware to handle cryption.
func LimitCryptionHandler(maxBytesSize int64, key []byte) func(http.Handler) http.Handler {
return func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
cw := newCryptionResponseWriter(w)
@@ -29,7 +34,7 @@ func CryptionHandler(key []byte) func(http.Handler) http.Handler {
return
}
if err := decryptBody(key, r); err != nil {
if err := decryptBody(maxBytesSize, key, r); err != nil {
w.WriteHeader(http.StatusBadRequest)
return
}
@@ -39,8 +44,8 @@ func CryptionHandler(key []byte) func(http.Handler) http.Handler {
}
}
func decryptBody(key []byte, r *http.Request) error {
if r.ContentLength > maxBytes {
func decryptBody(maxBytesSize int64, key []byte, r *http.Request) error {
if maxBytesSize > 0 && r.ContentLength > maxBytesSize {
return errContentLengthExceeded
}