mirror of
https://github.com/juanfont/headscale.git
synced 2026-04-11 03:27:20 +02:00
42b8c779a0
Wrap req.Body with io.LimitReader bounded to 4 KiB before io.ReadAll. The DERP verify payload is a few hundred bytes.
58 lines
1.3 KiB
Go
58 lines
1.3 KiB
Go
package hscontrol
|
|
|
|
import (
|
|
"bytes"
|
|
"context"
|
|
"errors"
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"strings"
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
)
|
|
|
|
// TestHandleVerifyRequest_OversizedBodyRejected verifies that the
|
|
// /verify handler refuses POST bodies larger than verifyBodyLimit.
|
|
// The MaxBytesReader is applied in VerifyHandler, so we simulate
|
|
// the same wrapping here.
|
|
func TestHandleVerifyRequest_OversizedBodyRejected(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
body := strings.Repeat("x", int(verifyBodyLimit)+128)
|
|
rec := httptest.NewRecorder()
|
|
req := httptest.NewRequestWithContext(
|
|
context.Background(),
|
|
http.MethodPost,
|
|
"/verify",
|
|
bytes.NewReader([]byte(body)),
|
|
)
|
|
req.Body = http.MaxBytesReader(rec, req.Body, verifyBodyLimit)
|
|
|
|
h := &Headscale{}
|
|
|
|
err := h.handleVerifyRequest(req, &bytes.Buffer{})
|
|
if err == nil {
|
|
t.Fatal("oversized verify body must be rejected")
|
|
}
|
|
|
|
httpErr, ok := errorAsHTTPError(err)
|
|
if !ok {
|
|
t.Fatalf("error must be an HTTPError, got: %T (%v)", err, err)
|
|
}
|
|
|
|
assert.Equal(t, http.StatusRequestEntityTooLarge, httpErr.Code,
|
|
"oversized body must surface 413")
|
|
}
|
|
|
|
// errorAsHTTPError is a small local helper that unwraps an HTTPError
|
|
// from an error chain.
|
|
func errorAsHTTPError(err error) (HTTPError, bool) {
|
|
var h HTTPError
|
|
if errors.As(err, &h) {
|
|
return h, true
|
|
}
|
|
|
|
return HTTPError{}, false
|
|
}
|