strictAccept: true,
selfBaseUrl: '',
staticMetadata: true,
+ staticPath: undefined, // no reasonable default
trustProxy: true,
querystring,
};
/**
* Return all body data from a request.
* @param {http.ClientRequest} req
+ * @param {Number=} maximumBodySize
*/
- async bodyData(req) {
+ async bodyData(req, maximumBodySize) {
const _scope = _fileScope('bodyData');
return new Promise((resolve, reject) => {
const body = [];
- req.on('data', (chunk) => body.push(chunk));
+ let length = 0;
+ req.on('data', (chunk) => {
+ body.push(chunk);
+ length += Buffer.byteLength(chunk);
+ if (maximumBodySize && length > maximumBodySize) {
+ this.logger.debug(_scope, 'body data exceeded limit', { length, maximumBodySize });
+ reject(new ResponseError(Enum.ErrorResponse.RequestEntityTooLarge));
+ }
+ });
req.on('end', () => resolve(Buffer.concat(body).toString()));
req.on('error', (e) => {
this.logger.error(_scope, 'failed', { error: e });
const _scope = _fileScope('serveFile');
this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx });
+ // Require a directory field.
+ if (!directory) {
+ this.logger.debug(_scope, 'rejected unset directory', { fileName });
+ return this.handlerNotFound(req, res, ctx);
+ }
+
// Normalize the supplied path, as encoded path-navigation may have been (maliciously) present.
fileName = path.normalize(fileName);