Merge pull request #46 from Coreoz/fix-request-body

Fix request body
Coreoz · Jan 15, 2025 · bddc5b5 · bddc5b5
2 parents e96a54f + d2adc81
commit bddc5b5
Show file tree

Hide file tree

Showing 5 changed files with 13 additions and 54 deletions.
diff --git a/plume-web-jersey/README.md b/plume-web-jersey/README.md
@@ -29,30 +29,20 @@ Any custom annotation can be added (as long as the corresponding Jersey access c
 
 Content size limit
 ------------------
-In order to protect the backend against attack that would send huge content, it is possible to limit the size of the content that can be sent to the backend.
+To protect the backend against attack that would send huge content, it is possible to limit the size of the content that can be sent to the backend.
 
 To do so, register the `ContentSizeLimitFeature` in Jersey: `resourceConfig.register(ContentSizeLimitFeature.class);`
-By default the content size of body is limited to 500 KB. This limit can be overridden for the whole api by using the `ContentSizeLimitFeatureFactory` to specify your own limit.
-
-Usage example:
-```java
-resourceConfig.register(new AbstractBinder() {
-    @Override
-    protected void configure() {
-        bindFactory(new ContentSizeLimitFeatureFactory(1000 * 1024 /* 1MB */)).to(ContentSizeLimitFeature.class);
-    }
-});
-```
+By default the content size of body is limited to `500 KB`. This limit can be overridden for the whole api by specifying your own limit, for example: `resourceConfig.register(new ContentSizeLimitFeature(1000 * 1024 /* 1MB */));`
 
 You can also override only a specific endpoint by using the `@ContentSizeLimit` annotation:
 ```java
 @POST
-	@Path("/test")
-	@Operation(description = "Example web-service")
-    @ContentSizeLimit(1024 * 1000 * 5) // 5MB
-	public void test(Test test) {
-        logger.info("Test: {}", test.getName());
-	}
+@Path("/test")
+@Operation(description = "Example web-service")
+@ContentSizeLimit(1024 * 1000 * 5) // 5MB
+public void test(Test test) {
+    logger.info("Test: {}", test.getName());
+}
 ```
 
 Data validation

diff --git a/...b-jersey/src/main/java/com/coreoz/plume/jersey/security/size/ContentSizeLimitFeature.java b/...b-jersey/src/main/java/com/coreoz/plume/jersey/security/size/ContentSizeLimitFeature.java
@@ -78,7 +78,7 @@ public void filter(ContainerRequestContext context) {
 
         public static final class SizeLimitingInputStream extends InputStream {
             private long length = 0;
-            private int mark = 0;
+            private long mark = 0;
 
             private final int maxSize;
 
@@ -129,14 +129,13 @@ public void close() throws IOException {
 
             @Override
             public synchronized void mark(final int readlimit) {
-                mark += readlimit;
+                mark = length; // Save the current position as the mark
                 delegateInputStream.mark(readlimit);
             }
 
             @Override
             public synchronized void reset() throws IOException {
-                this.length = 0;
-                readAndCheck(mark);
+                this.length = mark;
                 delegateInputStream.reset();
             }
 

diff --git a/...y/src/main/java/com/coreoz/plume/jersey/security/size/ContentSizeLimitFeatureFactory.java b/...y/src/main/java/com/coreoz/plume/jersey/security/size/ContentSizeLimitFeatureFactory.java
diff --git a/...-web-jersey/src/test/java/com/coreoz/plume/jersey/security/size/ContentSizeLimitTest.java b/...-web-jersey/src/test/java/com/coreoz/plume/jersey/security/size/ContentSizeLimitTest.java
@@ -83,13 +83,4 @@ public void checkContentSize_withoutBody_whenCustomLimit_shouldReturn200() {
         Builder request = target("/test/upload-custom").request();
         Assertions.assertThat(Response.Status.OK.getStatusCode()).isEqualTo(request.get().getStatus());
     }
-
-    @Test
-    public void checkMaxSize_whenCustomControlFeature_shouldSuccess() {
-        // Custom max size
-        Integer customMaxSize = 300;
-        ContentSizeLimitFeatureFactory contentControlFeatureFactory = new ContentSizeLimitFeatureFactory(customMaxSize);
-        ContentSizeLimitFeature contentSizeLimitFeature = contentControlFeatureFactory.provide();
-        Assertions.assertThat(customMaxSize).isEqualTo(contentSizeLimitFeature.getContentSizeLimit());
-    }
 }
diff --git a/...b-jersey/src/test/java/com/coreoz/plume/jersey/security/size/TestContentSizeResource.java b/...b-jersey/src/test/java/com/coreoz/plume/jersey/security/size/TestContentSizeResource.java
@@ -18,7 +18,7 @@ public Response uploadDefaultLimit(byte[] data) {
 
     @GET
     @Path("/upload-default")
-    public Response getDefaultLimit(byte[] data) {
+    public Response getDefaultLimit() {
         return Response.ok("get successful").build();
     }
 
@@ -32,7 +32,7 @@ public Response uploadCustomLimit(byte[] data) {
     @GET
     @Path("/upload-custom")
     @ContentSizeLimit(CUSTOM_MAX_SIZE)
-    public Response getCustomLimit(byte[] data) {
+    public Response getCustomLimit() {
         return Response.ok("get successful").build();
     }