Skip to content

Commit

Permalink
Pass max file size to formidable (#1626)
Browse files Browse the repository at this point in the history 
* - Updated multipartBodyParser() to accept a 'maxFileSize' option, and pass it along to the 'formidable'-provided form.parse() function.
- Since 2017-03-01, formidable has imposed a default 2MB maxFileSize limit (and rejects larger files); this change allows callers of bodyParser() to override that limit by providing a maxFileSize value in the incoming options.
* - Added test to ensure that a maxFileSize option passed to plugins.bodyParser() is enforced.
  • Loading branch information
@timdemarest @DonutEspresso
timdemarest authored and DonutEspresso committed Mar 17, 2018
1 parent e2b96e0 commit 7132fda
Show file tree
Hide file tree
Showing 2 changed files with 102 additions and 0 deletions.
5 changes: 5 additions & 0 deletions lib/plugins/multipartBodyParser.js
View file
Expand Up @@ -38,6 +38,7 @@ function multipartBodyParser(options) {
assert.optionalFunc(opts.multipartHandler, 'opts.multipartHandler');
assert.optionalBool(opts.mapParams, 'opts.mapParams');
assert.optionalBool(opts.mapFiles, 'opts.mapFiles');
assert.optionalNumber(opts.maxFileSize, 'opts.maxFileSize');

var override = opts.overrideParams;

Expand Down Expand Up @@ -69,6 +70,10 @@ function multipartBodyParser(options) {
form.maxFieldsSize = opts.maxFieldsSize;
}

if (opts.maxFileSize) {
form.maxFileSize = opts.maxFileSize;
}

if (opts.hash) {
form.hash = opts.hash;
}
Expand Down
97 changes: 97 additions & 0 deletions test/plugins/multipart.test.js
View file
Expand Up @@ -327,4 +327,101 @@ describe('multipart parser', function() {

client.end();
});

it('Ensure maxFileSize change is enforced', function(done) {
var shine =
'Well you wore out your welcome with random precision, ' +
'rode on the steel breeze. Come on you raver, you seer of ' +
'visions, come on you painter, you piper, you prisoner, and shine!';
var echoes =
'Overhead the albatross hangs motionless upon the air ' +
'And deep beneath the rolling waves in labyrinths of coral ' +
'caves The echo of a distant tide Comes willowing across the ' +
'sand And everything is green and submarine';

var shortest = Math.min(shine.length, echoes.length);

SERVER.use(
restify.plugins.queryParser({
mapParams: true
})
);
SERVER.use(
restify.plugins.bodyParser({
mapFiles: true,
mapParams: true,
keepExtensions: true,
uploadDir: '/tmp/',
override: true,
// Set limit to shortest of the 'files',
// longer will trigger an error.
maxFileSize: shortest
})
);
SERVER.post('/multipart/:id', function(req, res, next) {
assert.equal(req.params.id, 'foo');
assert.equal(req.params.mood, 'happy');
assert.equal(req.params.endorphins, '12');
assert.ok(req.params.shine);
assert.ok(req.params.echoes);
assert.equal(req.params.shine.toString('utf8'), shine);
assert.equal(req.params.echoes.toString('utf8'), echoes);
res.send();
next();
});

var opts = {
hostname: '127.0.0.1',
port: PORT,
path: '/multipart/foo?mood=happy',
agent: false,
method: 'POST',
headers: {
'Content-Type': 'multipart/form-data; boundary=huff'
}
};

var client = http.request(opts, function(res) {
assert.equal(res.statusCode, 400);
var body = '';
res.on('data', function(d) {
body += d;
});
res.on('end', function() {
var rsp = JSON.parse(body);
assert.equal(rsp.code, 'BadRequest');
assert.equal(
rsp.message.substring(0, 30),
'maxFileSize exceeded, received'
);
done();
});
});

client.write('--huff\r\n');
client.write(
'Content-Disposition: form-data; name="endorphins"\r\n\r\n'
);
client.write('12\r\n');

client.write('--huff\r\n');

client.write(
'Content-Disposition: form-data; name="shine"; ' +
'filename="shine.txt"\r\n'
);
client.write('Content-Type: text/plain\r\n\r\n');
client.write(shine + '\r\n');
client.write('--huff\r\n');

client.write(
'Content-Disposition: form-data; name="echoes"; ' +
'filename="echoes.txt"\r\n'
);
client.write('Content-Type: text/plain\r\n\r\n');
client.write(echoes + '\r\n');
client.write('--huff--');

client.end();
});
});

0 comments on commit 7132fda

Please sign in to comment.