feat: set client_max_body_size via Lua (#10)

Author: spacewander

README.md

@@ -0,0 +1,9 @@
+# APISIX Nginx Module
+
+## Directive
+
+### apisix_delay_client_max_body_check [on|off]
+
+default: off
+
+Delay client_max_body_size check until the body is read.

lib/resty/apisix/client.lua

@@ -0,0 +1,31 @@
+local ffi = require("ffi")
+local base = require("resty.core.base")
+local get_request = base.get_request
+local C = ffi.C
+local NGX_ERROR = ngx.ERROR
+
+
+base.allows_subsystem("http")
+
+
+ffi.cdef([[
+typedef intptr_t        ngx_int_t;
+typedef uintptr_t       off_t;
+ngx_int_t
+ngx_http_apisix_client_set_max_body_size(ngx_http_request_t *r, off_t bytes);
+]])
+local _M = {}
+
+
+function _M.set_client_max_body_size(bytes)
+    local r = get_request()
+    local ret = C.ngx_http_apisix_client_set_max_body_size(r, tonumber(bytes))
+    if ret == NGX_ERROR then
+        return nil, "error while setting client max body size"
+    end
+
+    return true
+end
+
+
+return _M

patch/1.19.3/nginx-client_max_body_size.patch

@@ -0,0 +1,105 @@
+diff --git src/http/ngx_http_core_module.c src/http/ngx_http_core_module.c
+index 6388140..a500aab 100644
+--- src/http/ngx_http_core_module.c
++++ src/http/ngx_http_core_module.c
+@@ -985,7 +985,12 @@ ngx_http_core_find_config_phase(ngx_http_request_t *r,
+                    "http cl:%O max:%O",
+                    r->headers_in.content_length_n, clcf->client_max_body_size);
+ 
++#if (NGX_HTTP_APISIX)
++    if (!ngx_http_apisix_delay_client_max_body_check(r)
++        && r->headers_in.content_length_n != -1
++#else
+     if (r->headers_in.content_length_n != -1
++#endif
+         && !r->discard_body
+         && clcf->client_max_body_size
+         && clcf->client_max_body_size < r->headers_in.content_length_n)
+diff --git src/http/ngx_http_request_body.c src/http/ngx_http_request_body.c
+index 71d7e9a..2844be9 100644
+--- src/http/ngx_http_request_body.c
++++ src/http/ngx_http_request_body.c
+@@ -8,6 +8,9 @@
+ #include <ngx_config.h>
+ #include <ngx_core.h>
+ #include <ngx_http.h>
++#if (NGX_HTTP_APISIX)
++#include <ngx_http_apisix_module.h>
++#endif
+ 
+ 
+ static void ngx_http_read_client_request_body_handler(ngx_http_request_t *r);
+@@ -48,6 +51,25 @@ ngx_http_read_client_request_body(ngx_http_request_t *r,
+         return NGX_OK;
+     }
+ 
++#if (NGX_HTTP_APISIX)
++    if (ngx_http_apisix_delay_client_max_body_check(r)) {
++        off_t max_body_size = ngx_http_apisix_client_max_body_size(r);
++
++        if (r->headers_in.content_length_n != -1
++            && max_body_size
++            && max_body_size < r->headers_in.content_length_n)
++        {
++            ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
++                          "client intended to send too large body: %O bytes",
++                          r->headers_in.content_length_n);
++
++            r->expect_tested = 1;
++            rc = NGX_HTTP_REQUEST_ENTITY_TOO_LARGE;
++            goto done;
++        }
++    }
++#endif
++
+     if (ngx_http_test_expect(r) != NGX_OK) {
+         rc = NGX_HTTP_INTERNAL_SERVER_ERROR;
+         goto done;
+@@ -1025,6 +1047,10 @@ ngx_http_request_body_chunked_filter(ngx_http_request_t *r, ngx_chain_t *in)
+     out = NULL;
+     ll = &out;
+ 
++#if (NGX_HTTP_APISIX)
++    off_t max_body_size = ngx_http_apisix_client_max_body_size(r);
++#endif
++
+     for (cl = in; cl; cl = cl->next) {
+ 
+         b = NULL;
+@@ -1048,8 +1074,13 @@ ngx_http_request_body_chunked_filter(ngx_http_request_t *r, ngx_chain_t *in)
+ 
+                 clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module);
+ 
++#if (NGX_HTTP_APISIX)
++                if (max_body_size
++                    && max_body_size
++#else
+                 if (clcf->client_max_body_size
+                     && clcf->client_max_body_size
++#endif
+                        - r->headers_in.content_length_n < rb->chunked->size)
+                 {
+                     ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
+diff --git src/http/v2/ngx_http_v2.c src/http/v2/ngx_http_v2.c
+index 43a4fde..d22eb4d 100644
+--- src/http/v2/ngx_http_v2.c
++++ src/http/v2/ngx_http_v2.c
+@@ -4211,10 +4211,18 @@ ngx_http_v2_filter_request_body(ngx_http_request_t *r)
+             }
+ 
+         } else {
++#if (NGX_HTTP_APISIX)
++            off_t max_body_size = ngx_http_apisix_client_max_body_size(r);
++
++            (void) clcf; /* unused */
++
++            if (max_body_size && rb->received > max_body_size)
++#else
+             clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module);
+ 
+             if (clcf->client_max_body_size
+                 && rb->received > clcf->client_max_body_size)
++#endif
+             {
+                 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
+                               "client intended to send too large chunked body: "

src/ngx_http_apisix_module.c

@@ -4,6 +4,23 @@
 #include "ngx_http_apisix_module.h"
 
 
+static void *ngx_http_apisix_create_loc_conf(ngx_conf_t *cf);
+static char *ngx_http_apisix_merge_loc_conf(ngx_conf_t *cf, void *parent,
+    void *child);
+
+
+static ngx_command_t ngx_http_apisix_cmds[] = {
+    { ngx_string("apisix_delay_client_max_body_check"),
+      NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG,
+      ngx_conf_set_flag_slot,
+      NGX_HTTP_LOC_CONF_OFFSET,
+      offsetof(ngx_http_apisix_loc_conf_t, delay_client_max_body_check),
+      NULL },
+
+    ngx_null_command
+};
+
+
 static ngx_http_module_t ngx_http_apisix_module_ctx = {
     NULL,                                    /* preconfiguration */
     NULL,                                    /* postconfiguration */
@@ -14,15 +31,15 @@ static ngx_http_module_t ngx_http_apisix_module_ctx = {
     NULL,                                    /* create server configuration */
     NULL,                                    /* merge server configuration */
 
-    NULL,                                    /* create location configuration */
-    NULL                                     /* merge location configuration */
+    ngx_http_apisix_create_loc_conf,         /* create location configuration */
+    ngx_http_apisix_merge_loc_conf           /* merge location configuration */
 };
 
 
 ngx_module_t ngx_http_apisix_module = {
     NGX_MODULE_V1,
     &ngx_http_apisix_module_ctx,         /* module context */
-    NULL,                                /* module directives */
+    ngx_http_apisix_cmds,                /* module directives */
     NGX_HTTP_MODULE,                     /* module type */
     NULL,                                /* init master */
     NULL,                                /* init module */
@@ -35,6 +52,34 @@ ngx_module_t ngx_http_apisix_module = {
 };
 
 
+static void *
+ngx_http_apisix_create_loc_conf(ngx_conf_t *cf)
+{
+    ngx_http_apisix_loc_conf_t *conf;
+
+    conf = ngx_pcalloc(cf->pool, sizeof(ngx_http_apisix_loc_conf_t));
+    if (conf == NULL) {
+        return NULL;
+    }
+
+    conf->delay_client_max_body_check = NGX_CONF_UNSET;
+
+    return conf;
+}
+
+
+static char *
+ngx_http_apisix_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
+{
+    ngx_http_apisix_loc_conf_t *prev = parent;
+    ngx_http_apisix_loc_conf_t *conf = child;
+
+    ngx_conf_merge_value(conf->delay_client_max_body_check,
+                         prev->delay_client_max_body_check, 0);
+
+    return NGX_CONF_OK;
+}
+
 
 #if (NGX_HTTP_SSL)
 static X509 *
@@ -230,3 +275,56 @@ ngx_http_apisix_set_upstream_ssl(ngx_http_request_t *r, ngx_connection_t *c)
     ngx_http_apisix_flush_ssl_error();
 }
 #endif
+
+
+ngx_flag_t
+ngx_http_apisix_delay_client_max_body_check(ngx_http_request_t *r)
+{
+    ngx_http_apisix_loc_conf_t  *alcf;
+
+    alcf = ngx_http_get_module_loc_conf(r, ngx_http_apisix_module);
+    return alcf->delay_client_max_body_check;
+}
+
+
+ngx_int_t
+ngx_http_apisix_client_set_max_body_size(ngx_http_request_t *r,
+                                         off_t bytes)
+{
+    ngx_http_apisix_ctx_t       *ctx;
+
+    ctx = ngx_http_apisix_get_module_ctx(r);
+
+    if (ctx == NULL) {
+        return NGX_ERROR;
+    }
+
+    ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
+                   "set client max body size %O",
+                   ctx->client_max_body_size);
+
+    ctx->client_max_body_size = bytes;
+
+    return NGX_OK;
+}
+
+
+off_t
+ngx_http_apisix_client_max_body_size(ngx_http_request_t *r)
+{
+    ngx_http_apisix_ctx_t     *ctx;
+    ngx_http_core_loc_conf_t  *clcf;
+
+    ctx = ngx_http_get_module_ctx(r, ngx_http_apisix_module);
+
+    if (ctx != NULL && ctx->client_max_body_size) {
+        ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
+                       "get client max body size %O",
+                       ctx->client_max_body_size);
+        return ctx->client_max_body_size;
+    }
+
+    clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module);
+
+    return clcf->client_max_body_size;
+}

src/ngx_http_apisix_module.h

@@ -5,13 +5,23 @@
 #include <ngx_http.h>
 
 
+typedef struct {
+    ngx_flag_t      delay_client_max_body_check;
+} ngx_http_apisix_loc_conf_t;
+
+
 typedef struct {
     STACK_OF(X509)      *upstream_cert;
     EVP_PKEY            *upstream_pkey;
+
+    off_t                client_max_body_size;
 } ngx_http_apisix_ctx_t;
 
 
 void ngx_http_apisix_set_upstream_ssl(ngx_http_request_t *r, ngx_connection_t *c);
 
+ngx_flag_t ngx_http_apisix_delay_client_max_body_check(ngx_http_request_t *r);
+off_t ngx_http_apisix_client_max_body_size(ngx_http_request_t *r);
+
 
 #endif /* _NGX_HTTP_APISIX_H_INCLUDED_ */