From 5f587411591e77c0fde449905f4f4636dd19596f Mon Sep 17 00:00:00 2001
From: "Stanislav N. aka pztrn" <pztrn@pztrn.name>
Date: Sat, 29 Feb 2020 22:49:44 +0500
Subject: [PATCH] Added maximum request body size limiting.

Fixes #19.
---
 examples/fastpastebin.yaml.dist | 4 +++-
 internal/config/http.go         | 7 ++++---
 internal/context/http_server.go | 1 +
 3 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/examples/fastpastebin.yaml.dist b/examples/fastpastebin.yaml.dist
index c9f1df7..415dde4 100644
--- a/examples/fastpastebin.yaml.dist
+++ b/examples/fastpastebin.yaml.dist
@@ -4,7 +4,7 @@ database:
   # Database type. The only supported ATM is "mysql" and "flatfiles".
   type: "flatfiles"
   # Path for data stored with "flatfiles" database adapter.
-  # Will be comletely ignored for MySQL/MariaDB.
+  # Will be completely ignored for MySQL/MariaDB.
   path: "./data"
   # Next parameters are strictly for MySQL/MariaDB connections and
   # will be ignored by "flatfiles" adapter.
@@ -31,6 +31,8 @@ http:
   # will allow HTTP requests. Useful for developing or if you're
   # running Fast Pastebin behind reverse proxy that does SSL termination.
   allow_insecure: true
+  # Maximum body size in megabytes. 1 should be enough for most use cases.
+  max_body_size_megabytes: 1
 
 # Pastes configuration.
 pastes:
diff --git a/internal/config/http.go b/internal/config/http.go
index 2120818..8601f77 100644
--- a/internal/config/http.go
+++ b/internal/config/http.go
@@ -26,7 +26,8 @@ package config
 
 // HTTP describes HTTP server configuration.
 type HTTP struct {
-	Address       string `yaml:"address"`
-	Port          string `yaml:"port"`
-	AllowInsecure bool   `yaml:"allow_insecure"`
+	Address              string `yaml:"address"`
+	Port                 string `yaml:"port"`
+	AllowInsecure        bool   `yaml:"allow_insecure"`
+	MaxBodySizeMegabytes string `yaml:"max_body_size_megabytes"`
 }
diff --git a/internal/context/http_server.go b/internal/context/http_server.go
index a7096d9..feb92fa 100644
--- a/internal/context/http_server.go
+++ b/internal/context/http_server.go
@@ -13,6 +13,7 @@ func (c *Context) initializeHTTPServer() {
 	c.Echo = echo.New()
 	c.Echo.Use(c.echoReqLogger())
 	c.Echo.Use(middleware.Recover())
+	c.Echo.Use(middleware.BodyLimit(c.Config.HTTP.MaxBodySizeMegabytes + "M"))
 	c.Echo.DisableHTTP2 = true
 	c.Echo.HideBanner = true
 	c.Echo.HidePort = true