Added maximum request body size limiting.

Fixes #19.

examples/fastpastebin.yaml.dist

@@ -4,7 +4,7 @@ database:
   # Database type. The only supported ATM is "mysql" and "flatfiles".
   type: "flatfiles"
   # Path for data stored with "flatfiles" database adapter.
-  # Will be comletely ignored for MySQL/MariaDB.
+  # Will be completely ignored for MySQL/MariaDB.
   path: "./data"
   # Next parameters are strictly for MySQL/MariaDB connections and
   # will be ignored by "flatfiles" adapter.
@@ -31,6 +31,8 @@ http:
   # will allow HTTP requests. Useful for developing or if you're
   # running Fast Pastebin behind reverse proxy that does SSL termination.
   allow_insecure: true
+  # Maximum body size in megabytes. 1 should be enough for most use cases.
+  max_body_size_megabytes: 1
 
 # Pastes configuration.
 pastes:

internal/config/http.go

@@ -26,7 +26,8 @@ package config
 
 // HTTP describes HTTP server configuration.
 type HTTP struct {
-	Address       string `yaml:"address"`
+	Address              string `yaml:"address"`
-	Port          string `yaml:"port"`
+	Port                 string `yaml:"port"`
-	AllowInsecure bool   `yaml:"allow_insecure"`
+	AllowInsecure        bool   `yaml:"allow_insecure"`
+	MaxBodySizeMegabytes string `yaml:"max_body_size_megabytes"`
 }

internal/context/http_server.go

@@ -13,6 +13,7 @@ func (c *Context) initializeHTTPServer() {
 	c.Echo = echo.New()
 	c.Echo.Use(c.echoReqLogger())
 	c.Echo.Use(middleware.Recover())
+	c.Echo.Use(middleware.BodyLimit(c.Config.HTTP.MaxBodySizeMegabytes + "M"))
 	c.Echo.DisableHTTP2 = true
 	c.Echo.HideBanner = true
 	c.Echo.HidePort = true