Move RequestSizeLimit processing to EndpointRoutingMiddleware

Author: captainsafia

src/Http/Routing/src/EndpointRoutingMiddleware.cs

@@ -3,11 +3,13 @@
 
 using System.Diagnostics;
 using System.Diagnostics.CodeAnalysis;
+using System.Globalization;
 using System.Runtime.CompilerServices;
 using Microsoft.AspNetCore.Antiforgery;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Cors.Infrastructure;
 using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Http.Features;
 using Microsoft.AspNetCore.Http.Metadata;
 using Microsoft.AspNetCore.Routing.Matching;
 using Microsoft.AspNetCore.Routing.ShortCircuit;
@@ -130,6 +132,15 @@ private Task SetRoutingAndContinue(HttpContext httpContext)
                 _metrics.MatchSuccess(route, isFallback);
             }
 
+            // Map RequestSizeLimitMetadata to IHttpMaxRequestBodySizeFeature if present on the endpoint.
+            // We do this during endpoint routing to ensure that successive middlewares in the pipeline
+            // can access the feature with the correct value.
+            SetMaxRequestBodySize(httpContext);
+            if (httpContext.Features.Get<IHttpMaxRequestBodySizeFeature>() is { } httpMaxRequestBodySizeFeature)
+            {
+                httpContext.Request.Body = new SizeLimitedStream(httpContext.Request.Body, httpMaxRequestBodySizeFeature.MaxRequestBodySize);
+            }
+
             var shortCircuitMetadata = endpoint.Metadata.GetMetadata<ShortCircuitMetadata>();
             if (shortCircuitMetadata is not null)
             {
@@ -292,6 +303,41 @@ private static void ThrowCannotShortCircuitAnAntiforgeryRouteException(Endpoint
             "but this endpoint is marked with short circuit and it will execute on Routing Middleware.");
     }
 
+    private void SetMaxRequestBodySize(HttpContext context)
+    {
+        var sizeLimitMetadata = context.GetEndpoint()?.Metadata?.GetMetadata<IRequestSizeLimitMetadata>();
+        if (sizeLimitMetadata == null)
+        {
+            Log.MetadataNotFound(_logger);
+            return;
+        }
+
+        var maxRequestBodySizeFeature = context.Features.Get<IHttpMaxRequestBodySizeFeature>();
+        if (maxRequestBodySizeFeature == null)
+        {
+            Log.FeatureNotFound(_logger);
+        }
+        else if (maxRequestBodySizeFeature.IsReadOnly)
+        {
+            Log.FeatureIsReadOnly(_logger);
+        }
+        else
+        {
+            var maxRequestBodySize = sizeLimitMetadata.MaxRequestBodySize;
+            maxRequestBodySizeFeature.MaxRequestBodySize = maxRequestBodySize;
+
+            if (maxRequestBodySize.HasValue)
+            {
+                Log.MaxRequestBodySizeSet(_logger,
+                    maxRequestBodySize.Value.ToString(CultureInfo.InvariantCulture));
+            }
+            else
+            {
+                Log.MaxRequestBodySizeDisabled(_logger);
+            }
+        }
+    }
+
     private static partial class Log
     {
         public static void MatchSuccess(ILogger logger, Endpoint endpoint)
@@ -320,5 +366,20 @@ public static void MatchSkipped(ILogger logger, Endpoint endpoint)
 
         [LoggerMessage(7, LogLevel.Debug, "Matched endpoint '{EndpointName}' is a fallback endpoint.", EventName = "FallbackMatch")]
         public static partial void FallbackMatch(ILogger logger, Endpoint endpointName);
+
+        [LoggerMessage(8, LogLevel.Debug, $"The endpoint does not specify the {nameof(IRequestSizeLimitMetadata)}.", EventName = "MetadataNotFound")]
+        public static partial void MetadataNotFound(ILogger logger);
+
+        [LoggerMessage(9, LogLevel.Warning, $"A request body size limit could not be applied. This server does not support the {nameof(IHttpMaxRequestBodySizeFeature)}.", EventName = "FeatureNotFound")]
+        public static partial void FeatureNotFound(ILogger logger);
+
+        [LoggerMessage(10, LogLevel.Warning, $"A request body size limit could not be applied. The {nameof(IHttpMaxRequestBodySizeFeature)} for the server is read-only.", EventName = "FeatureIsReadOnly")]
+        public static partial void FeatureIsReadOnly(ILogger logger);
+
+        [LoggerMessage(11, LogLevel.Debug, "The maximum request body size has been set to {RequestSize}.", EventName = "MaxRequestBodySizeSet")]
+        public static partial void MaxRequestBodySizeSet(ILogger logger, string requestSize);
+
+        [LoggerMessage(12, LogLevel.Debug, "The maximum request body size has been disabled.", EventName = "MaxRequestBodySizeDisabled")]
+        public static partial void MaxRequestBodySizeDisabled(ILogger logger);
     }
 }

src/Http/Routing/src/Microsoft.AspNetCore.Routing.csproj

@@ -29,14 +29,15 @@
     <Compile Include="$(SharedSourceRoot)RoslynUtils\TypeHelper.cs" />
     <Compile Include="$(SharedSourceRoot)MediaType\ReadOnlyMediaTypeHeaderValue.cs" LinkBase="Shared" />
     <Compile Include="$(SharedSourceRoot)ApiExplorerTypes\*.cs" LinkBase="Shared" />
-    <Compile Include="$(SharedSourceRoot)Json\JsonSerializerExtensions.cs" LinkBase="Shared"/>
-    <Compile Include="$(SharedSourceRoot)RouteHandlers\ExecuteHandlerHelper.cs" LinkBase="Shared"/>
+    <Compile Include="$(SharedSourceRoot)Json\JsonSerializerExtensions.cs" LinkBase="Shared" />
+    <Compile Include="$(SharedSourceRoot)RouteHandlers\ExecuteHandlerHelper.cs" LinkBase="Shared" />
     <Compile Include="$(SharedSourceRoot)RouteValueDictionaryTrimmerWarning.cs" LinkBase="Shared" />
     <Compile Include="$(SharedSourceRoot)HttpRuleParser.cs" LinkBase="Shared" />
     <Compile Include="$(SharedSourceRoot)HttpParseResult.cs" LinkBase="Shared" />
     <Compile Include="$(SharedSourceRoot)Debugger\DebuggerHelpers.cs" LinkBase="Shared" />
     <Compile Include="$(SharedSourceRoot)AntiforgeryMetadata.cs" LinkBase="Shared" />
     <Compile Include="$(SharedSourceRoot)HttpMethodExtensions.cs" LinkBase="Shared" />
+    <Compile Include="$(SharedSourceRoot)SizeLimitedStream.cs" LinkBase="Shared" />
   </ItemGroup>
 
   <ItemGroup>

src/Http/Routing/test/FunctionalTests/AntiforgeryTests.cs

@@ -381,6 +381,71 @@ public async Task MapRequestDelegate_WithForm_RequiresValidation_InvalidToken_Fa
         Assert.Equal("This form is being accessed with an invalid anti-forgery token. Validate the `IAntiforgeryValidationFeature` on the request before reading from the form.", exception.Message);
     }
 
+    [Theory]
+    [InlineData(true)]
+    [InlineData(false)]
+    public async Task MapPost_WithForm_ValidToken_RequestSizeLimit_Works(bool hasLimit)
+    {
+        using var host = new HostBuilder()
+            .ConfigureWebHost(webHostBuilder =>
+            {
+                webHostBuilder
+                    .Configure(app =>
+                    {
+                        app.Use((context, next) =>
+                        {
+                            context.Features.Set<IHttpMaxRequestBodySizeFeature>(new FakeHttpMaxRequestBodySizeFeature(5_000_000));
+                            return next(context);
+                        });
+                        app.UseRouting();
+                        app.UseAntiforgery();
+                        app.UseEndpoints(b =>
+                            b.MapPost("/todo", ([FromForm] Todo todo) => todo).WithMetadata(new RequestSizeLimitMetadata(hasLimit ? 2 : null)));
+                    })
+                    .UseTestServer();
+            })
+            .ConfigureServices(services =>
+            {
+                services.AddRouting();
+                services.AddAntiforgery();
+            })
+            .Build();
+
+        using var server = host.GetTestServer();
+        await host.StartAsync();
+        var client = server.CreateClient();
+
+        var antiforgery = host.Services.GetRequiredService<IAntiforgery>();
+        var antiforgeryOptions = host.Services.GetRequiredService<IOptions<AntiforgeryOptions>>();
+        var tokens = antiforgery.GetAndStoreTokens(new DefaultHttpContext());
+        var request = new HttpRequestMessage(HttpMethod.Post, "todo");
+        request.Headers.Add("Cookie", antiforgeryOptions.Value.Cookie.Name + "=" + tokens.CookieToken);
+        var nameValueCollection = new List<KeyValuePair<string, string>>
+        {
+            new KeyValuePair<string,string>("__RequestVerificationToken", tokens.RequestToken),
+            new KeyValuePair<string,string>("name", "Test task"),
+            new KeyValuePair<string,string>("isComplete", "false"),
+            new KeyValuePair<string,string>("dueDate", DateTime.Today.AddDays(1).ToString()),
+        };
+        request.Content = new FormUrlEncodedContent(nameValueCollection);
+
+        if (hasLimit)
+        {
+            var exception = await Assert.ThrowsAsync<InvalidOperationException>(async () => await client.SendAsync(request));
+            Assert.Equal("The maximum number of bytes have been read.", exception.Message);
+        }
+        else
+        {
+            var response = await client.SendAsync(request);
+            response.EnsureSuccessStatusCode();
+            var body = await response.Content.ReadAsStringAsync();
+            var result = JsonSerializer.Deserialize<Todo>(body, SerializerOptions);
+            Assert.Equal("Test task", result.Name);
+            Assert.False(result.IsCompleted);
+            Assert.Equal(DateTime.Today.AddDays(1), result.DueDate);
+        }
+    }
+
     class Todo
     {
         public string Name { get; set; }
@@ -393,4 +458,25 @@ class FromFormAttribute(string name = "") : Attribute, IFromFormMetadata
     {
         public string Name => name;
     }
+
+    class RequestSizeLimitMetadata(long? maxRequestBodySize) : IRequestSizeLimitMetadata
+    {
+
+        public long? MaxRequestBodySize => maxRequestBodySize;
+    }
+
+    private class FakeHttpMaxRequestBodySizeFeature : IHttpMaxRequestBodySizeFeature
+    {
+        public FakeHttpMaxRequestBodySizeFeature(
+            long? maxRequestBodySize = null,
+            bool isReadOnly = false)
+        {
+            MaxRequestBodySize = maxRequestBodySize;
+            IsReadOnly = isReadOnly;
+        }
+
+        public bool IsReadOnly { get; }
+
+        public long? MaxRequestBodySize { get; set; }
+    }
 }

src/Http/Routing/test/UnitTests/EndpointRoutingMiddlewareTest.cs

@@ -2,9 +2,11 @@
 // The .NET Foundation licenses this file to you under the MIT license.
 
 using System.Diagnostics;
+using System.Globalization;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Http.Features;
+using Microsoft.AspNetCore.Http.Metadata;
 using Microsoft.AspNetCore.Routing.Matching;
 using Microsoft.AspNetCore.Routing.TestObjects;
 using Microsoft.AspNetCore.Testing;
@@ -81,7 +83,7 @@ public async Task Invoke_OnCall_WritesToConfiguredLogger()
 
         // Assert
         Assert.Empty(sink.Scopes);
-        var write = Assert.Single(sink.Writes);
+        var write = Assert.Single(sink.Writes.Where(w => w.EventId.Name == "MatchSuccess"));
         Assert.Equal(expectedMessage, write.State?.ToString());
         Assert.True(eventFired);
     }
@@ -262,6 +264,162 @@ public async Task Invoke_CheckForFallbackMetadata_LogIfPresent(bool hasFallbackM
         }
     }
 
+    [Fact]
+    public async Task Endpoint_BodySizeFeatureIsReadOnly()
+    {
+        // Arrange
+        var sink = new TestSink(TestSink.EnableWithTypeName<EndpointRoutingMiddleware>);
+        var loggerFactory = new TestLoggerFactory(sink, enabled: true);
+        var logger = new Logger<EndpointRoutingMiddleware>(loggerFactory);
+
+        var httpContext = CreateHttpContext();
+        var expectedRequestSizeLimit = 50;
+        var maxRequestBodySizeFeature = new FakeHttpMaxRequestBodySizeFeature(expectedRequestSizeLimit, true);
+        httpContext.Features.Set<IHttpMaxRequestBodySizeFeature>(maxRequestBodySizeFeature);
+
+        var metadata = new List<object> { new RequestSizeLimitMetadata(100) };
+        var middleware = CreateMiddleware(
+            logger: logger,
+            matcherFactory: new TestMatcherFactory(isHandled: true, setEndpointCallback: c =>
+            {
+                c.SetEndpoint(new Endpoint(c => Task.CompletedTask, new EndpointMetadataCollection(metadata), "myapp"));
+            }));
+
+        // Act
+        await middleware.Invoke(httpContext);
+
+        // Assert
+        var write = Assert.Single(sink.Writes.Where(w => w.EventId.Name == "FeatureIsReadOnly"));
+        Assert.Equal($"A request body size limit could not be applied. The {nameof(IHttpMaxRequestBodySizeFeature)} for the server is read-only.", write.Message);
+
+        var actualRequestSizeLimit = maxRequestBodySizeFeature.MaxRequestBodySize;
+        Assert.Equal(expectedRequestSizeLimit, actualRequestSizeLimit);
+    }
+
+    [Fact]
+    public async Task Endpoint_DoesNotHaveBodySizeFeature()
+    {
+        // Arrange
+        var sink = new TestSink(TestSink.EnableWithTypeName<EndpointRoutingMiddleware>);
+        var loggerFactory = new TestLoggerFactory(sink, enabled: true);
+        var logger = new Logger<EndpointRoutingMiddleware>(loggerFactory);
+
+        var httpContext = CreateHttpContext();
+
+        var metadata = new List<object> { new RequestSizeLimitMetadata(100) };
+        var middleware = CreateMiddleware(
+            logger: logger,
+            matcherFactory: new TestMatcherFactory(isHandled: true, setEndpointCallback: c =>
+            {
+                c.SetEndpoint(new Endpoint(c => Task.CompletedTask, new EndpointMetadataCollection(metadata), "myapp"));
+            }));
+
+        // Act
+        await middleware.Invoke(httpContext);
+
+        // Assert
+        var write = Assert.Single(sink.Writes.Where(w => w.EventId.Name == "FeatureNotFound"));
+        Assert.Equal($"A request body size limit could not be applied. This server does not support the {nameof(IHttpMaxRequestBodySizeFeature)}.", write.Message);
+    }
+
+    [Fact]
+    public async Task Endpoint_DoesNotHaveSizeLimitMetadata()
+    {
+        // Arrange
+        var sink = new TestSink(TestSink.EnableWithTypeName<EndpointRoutingMiddleware>);
+        var loggerFactory = new TestLoggerFactory(sink, enabled: true);
+        var logger = new Logger<EndpointRoutingMiddleware>(loggerFactory);
+
+        var httpContext = CreateHttpContext();
+        var expectedRequestSizeLimit = 50;
+        var maxRequestBodySizeFeature = new FakeHttpMaxRequestBodySizeFeature(expectedRequestSizeLimit, true);
+        httpContext.Features.Set<IHttpMaxRequestBodySizeFeature>(maxRequestBodySizeFeature);
+
+        var middleware = CreateMiddleware(
+            logger: logger,
+            matcherFactory: new TestMatcherFactory(isHandled: true, setEndpointCallback: c =>
+            {
+                c.SetEndpoint(new Endpoint(c => Task.CompletedTask, new EndpointMetadataCollection(), "myapp"));
+            }));
+
+        // Act
+        await middleware.Invoke(httpContext);
+
+        // Assert
+        var write = Assert.Single(sink.Writes.Where(w => w.EventId.Name == "MetadataNotFound"));
+        Assert.Equal($"The endpoint does not specify the {nameof(IRequestSizeLimitMetadata)}.", write.Message);
+    }
+
+    [Theory]
+    [InlineData(true)]
+    [InlineData(false)]
+    public async Task Endpoint_HasBodySizeFeature_SetUsingSizeLimitMetadata(bool isRequestSizeLimitDisabled)
+    {
+        // Arrange
+        var sink = new TestSink(TestSink.EnableWithTypeName<EndpointRoutingMiddleware>);
+        var loggerFactory = new TestLoggerFactory(sink, enabled: true);
+        var logger = new Logger<EndpointRoutingMiddleware>(loggerFactory);
+
+        var httpContext = CreateHttpContext();
+        long? expectedRequestSizeLimit = isRequestSizeLimitDisabled ? null : 500L;
+        var maxRequestBodySizeFeature = new FakeHttpMaxRequestBodySizeFeature(expectedRequestSizeLimit, false);
+        httpContext.Features.Set<IHttpMaxRequestBodySizeFeature>(maxRequestBodySizeFeature);
+        var metadata = new RequestSizeLimitMetadata(expectedRequestSizeLimit);
+
+        var middleware = CreateMiddleware(
+            logger: logger,
+            matcherFactory: new TestMatcherFactory(isHandled: true, setEndpointCallback: c =>
+            {
+                c.SetEndpoint(new Endpoint(c => Task.CompletedTask, new EndpointMetadataCollection(metadata), "myapp"));
+            }));
+
+        // Act
+        await middleware.Invoke(httpContext);
+
+        // Assert
+
+        if (isRequestSizeLimitDisabled)
+        {
+            var write = Assert.Single(sink.Writes.Where(w => w.EventId.Name == "MaxRequestBodySizeDisabled"));
+            Assert.Equal("The maximum request body size has been disabled.", write.Message);
+        }
+        else
+        {
+            var write = Assert.Single(sink.Writes.Where(w => w.EventId.Name == "MaxRequestBodySizeSet"));
+            Assert.Equal($"The maximum request body size has been set to {expectedRequestSizeLimit}.", write.Message);
+        }
+
+        var actualRequestSizeLimit = maxRequestBodySizeFeature.MaxRequestBodySize;
+        Assert.Equal(expectedRequestSizeLimit, actualRequestSizeLimit);
+    }
+
+    private class RequestSizeLimitMetadata(long? maxRequestBodySize) : IRequestSizeLimitMetadata
+    {
+
+        public long? MaxRequestBodySize => maxRequestBodySize;
+    }
+
+    private class FakeHttpMaxRequestBodySizeFeature : IHttpMaxRequestBodySizeFeature
+    {
+        public FakeHttpMaxRequestBodySizeFeature(
+            long? maxRequestBodySize = null,
+            bool isReadOnly = false)
+        {
+            MaxRequestBodySize = maxRequestBodySize;
+            IsReadOnly = isReadOnly;
+        }
+
+        public bool IsReadOnly { get; }
+
+        public long? MaxRequestBodySize { get; set; }
+    }
+
+    private static void AssertLog(WriteContext log, LogLevel level, string message)
+    {
+        Assert.Equal(level, log.LogLevel);
+        Assert.Equal(message, log.State.ToString());
+    }
+
     private HttpContext CreateHttpContext()
     {
         var httpContext = new DefaultHttpContext