Skip to content

feature: added request body size limiting middleware #2598

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Jeet-Srivastava wants to merge 4 commits into
base: development
Choose a base branch
from
Open

feature: added request body size limiting middleware #2598

Jeet-Srivastava wants to merge 4 commits into from

Conversation

@Jeet-Srivastava
Copy link

@Jeet-Srivastava Jeet-Srivastava commented Nov 25, 2025
edited
Loading

  • Add BodySizeLimit middleware to prevent DoS attacks from large request bodies
  • Configurable via HTTP_MAX_BODY_SIZE environment variable (default: 10 MB)
  • Returns HTTP 413 when request body exceeds limit
  • Comprehensive test coverage including unit and integration tests
  • Follows GoFr middleware patterns and coding standards

Description:

  • Provide a concise explanation of the changes made.
  • Mention the issue number(s) this PR addresses (if applicable).
  • Highlight the motivation behind the changes and the expected benefits.

Breaking Changes (if applicable):

  • List any breaking changes introduced by this PR.
  • Explain the rationale behind these changes and how they will impact users.

Additional Information:

  • Mention any relevant dependencies or external libraries used.
  • Include screenshots or code snippets (if necessary) to clarify the changes.

Checklist:

  • I have formatted my code using goimport and golangci-lint.
  • All new code is covered by unit tests.
  • This PR does not decrease the overall code coverage.
  • I have reviewed the code comments and documentation for clarity.

@Jeet-Srivastava
feat: add request body size limiting middleware
18a3fab 
   - Add BodySizeLimit middleware to prevent DoS attacks from large request bodies
   - Configurable via HTTP_MAX_BODY_SIZE environment variable (default: 10 MB)
   - Returns HTTP 413 when request body exceeds limit
   - Comprehensive test coverage including unit and integration tests
   - Follows GoFr middleware patterns and coding standards
@aryanmehrotra
Copy link
Member

aryanmehrotra commented Nov 26, 2025

@Jeet-Srivastava which issue ticket is this related to?

@Jeet-Srivastava
Copy link
Author

Jeet-Srivastava commented Nov 26, 2025

Hi @aryanmehrotra
This feature was self-initiated and isn’t linked to a specific issue.
If you think it adds value, I’d be grateful if you could consider merging it.

@Jeet-Srivastava which issue ticket is this related to?

@Umang01-hash
Copy link
Member

Umang01-hash commented Nov 28, 2025

Screenshot 2025-11-28 at 3 26 02 PM

@Jeet-Srivastava Thankyou for your contribution to GoFr and taking an effort to make this PR. I would request you to please also create an issue describing how GoFr is prone to DoS from large request bodies, and then i think you can link this PR in that issue that will make perfect sense.

Secondly i would also request you to kindly resolve the code quality issues and the failing tests for the PR so that it is review ready. Please let us know if you need any assistance.

Thankyou.

@Jeet-Srivastava
fix: enforce body size limit on all HTTP methods
a050b9d 
- Remove exemption for GET, HEAD, DELETE methods to prevent DoS

- Update tests to verify limits on all methods
@Jeet-Srivastava Jeet-Srivastava mentioned this pull request Nov 29, 2025
Open
@Jeet-Srivastava
Copy link
Author

Jeet-Srivastava commented Nov 29, 2025

This PR is raised agains the issue #2607

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Jeet-Srivastava @aryanmehrotra @Umang01-hash