Add configurable request body size limiting middleware #2607
Description
Is your feature request related to a problem? Please describe.
Currently, GoFr does not provide a built-in way to limit the size of incoming HTTP request bodies. This can lead to:
- Potential DoS attacks by sending very large payloads
- Excessive memory and CPU usage under heavy or malicious traffic
- Unexpected performance degradation if clients accidentally send large bodies
I’d like a framework-level solution so that every service does not have to implement this logic manually.
Describe the solution you'd like
I would like GoFr to provide a configurable request body size limiting middleware, for example BodySizeLimit, with the following behavior:
- Enforce a maximum allowed request body size (default: 10 MB)
- Allow configuration via an environment variable, e.g.
HTTP_MAX_BODY_SIZE - For requests exceeding the configured limit:
- Return HTTP 413 Payload Too Large
- Do not invoke the next handler in the chain
- Use existing GoFr middleware patterns (same function signatures / registration style)
- Optionally skip enforcing limits for methods that typically don’t have bodies (e.g.
GET,HEAD,DELETE)
This middleware can be registered globally in the app, for example:
maxBodySize := config.GetInt64("HTTP_MAX_BODY_SIZE")
app.Use(middleware.BodySizeLimit(maxBodySize))