Skip to content

Commit a1be047

Browse files
author
Devdutt Shenoi
committed
fix: limit JSON payload size to 10MB
1 parent 2477b20 commit a1be047

File tree

3 files changed

+11
-7
lines changed

3 files changed

+11
-7
lines changed

src/handlers/http/modal/ingest_server.rs

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -30,6 +30,7 @@ use crate::handlers::http::logstream;
3030
use crate::handlers::http::middleware::DisAllowRootUser;
3131
use crate::handlers::http::middleware::RouteExt;
3232
use crate::handlers::http::role;
33+
use crate::handlers::http::MAX_EVENT_PAYLOAD_SIZE;
3334
use crate::metrics;
3435
use crate::migration;
3536
use crate::migration::metadata_migration::migrate_ingester_metadata;
@@ -249,7 +250,8 @@ impl IngestServer {
249250
web::put()
250251
.to(ingestor_logstream::put_stream)
251252
.authorize_for_stream(Action::CreateStream),
252-
),
253+
)
254+
.app_data(web::PayloadConfig::default().limit(MAX_EVENT_PAYLOAD_SIZE)), // Required to restrict `PUT /logstream/{logstream}`
253255
)
254256
.service(
255257
// GET "/logstream/{logstream}/info" ==> Get info for given log stream

src/handlers/http/modal/query_server.rs

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -275,7 +275,8 @@ impl QueryServer {
275275
.to(querier_logstream::delete)
276276
.authorize_for_stream(Action::DeleteStream),
277277
)
278-
.app_data(web::PayloadConfig::default().limit(MAX_EVENT_PAYLOAD_SIZE)),
278+
.app_data(web::PayloadConfig::default().limit(MAX_EVENT_PAYLOAD_SIZE)) // Required to restrict `PUT /logstream/{logstream}`
279+
.app_data(web::JsonConfig::default().limit(MAX_EVENT_PAYLOAD_SIZE)),
279280
)
280281
.service(
281282
// GET "/logstream/{logstream}/info" ==> Get info for given log stream

src/handlers/http/modal/server.rs

Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -318,7 +318,8 @@ impl Server {
318318
.to(logstream::delete)
319319
.authorize_for_stream(Action::DeleteStream),
320320
)
321-
.app_data(web::PayloadConfig::default().limit(MAX_EVENT_PAYLOAD_SIZE)),
321+
.app_data(web::PayloadConfig::default().limit(MAX_EVENT_PAYLOAD_SIZE)) // Required to restrict `PUT /logstream/{logstream}`
322+
.app_data(web::JsonConfig::default().limit(MAX_EVENT_PAYLOAD_SIZE)),
322323
)
323324
.service(
324325
// GET "/logstream/{logstream}/info" ==> Get info for given log stream
@@ -404,7 +405,7 @@ impl Server {
404405
.to(ingest::ingest)
405406
.authorize_for_stream(Action::Ingest),
406407
)
407-
.app_data(web::PayloadConfig::default().limit(MAX_EVENT_PAYLOAD_SIZE))
408+
.app_data(web::JsonConfig::default().limit(MAX_EVENT_PAYLOAD_SIZE))
408409
}
409410

410411
// /v1/logs endpoint to be used for OTEL log ingestion only
@@ -417,7 +418,7 @@ impl Server {
417418
.to(ingest::handle_otel_logs_ingestion)
418419
.authorize_for_stream(Action::Ingest),
419420
)
420-
.app_data(web::PayloadConfig::default().limit(MAX_EVENT_PAYLOAD_SIZE)),
421+
.app_data(web::JsonConfig::default().limit(MAX_EVENT_PAYLOAD_SIZE)),
421422
)
422423
.service(
423424
web::resource("/metrics")
@@ -426,7 +427,7 @@ impl Server {
426427
.to(ingest::handle_otel_metrics_ingestion)
427428
.authorize_for_stream(Action::Ingest),
428429
)
429-
.app_data(web::PayloadConfig::default().limit(MAX_EVENT_PAYLOAD_SIZE)),
430+
.app_data(web::JsonConfig::default().limit(MAX_EVENT_PAYLOAD_SIZE)),
430431
)
431432
.service(
432433
web::resource("/traces")
@@ -435,7 +436,7 @@ impl Server {
435436
.to(ingest::handle_otel_traces_ingestion)
436437
.authorize_for_stream(Action::Ingest),
437438
)
438-
.app_data(web::PayloadConfig::default().limit(MAX_EVENT_PAYLOAD_SIZE)),
439+
.app_data(web::JsonConfig::default().limit(MAX_EVENT_PAYLOAD_SIZE)),
439440
)
440441
}
441442

0 commit comments

Comments
 (0)